Jump to content

Recommended Posts

Good afternoon Malwarebytes World!!

Unfortunately I have been infected. I am going to buy your protection for both of my computers as sson as I can get up and running again!

I can run neither DDS, GME nor Malwarebytes on the infected Computer. They wont run in Safe Mode, and killing the mar.exe program only allows for DDS to be opened, but it never produces the logs and the system freezes.

It is an XP-SP2 machine.

Please help!

Thanks,

Patrick

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

  • Staff

Hi,

Try this please:

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

When it completes, try DDS and MBAM again.

Link to post
Share on other sites

I tried again and somehow when I right click TDSSKiller and "run as" i got it to run.

it produced one error, said it was fixing it and then it told me to reboot. I didnt see where the log was made.

So i ran it again and got the following. Of course it didnt find anything.

Rerunning DDS and MBAM right away.

2011/04/09 16:31:50.0234 2960 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/09 16:31:50.0343 2960 ================================================================================

2011/04/09 16:31:50.0343 2960 SystemInfo:

2011/04/09 16:31:50.0343 2960

2011/04/09 16:31:50.0343 2960 OS Version: 5.1.2600 ServicePack: 2.0

2011/04/09 16:31:50.0343 2960 Product type: Workstation

2011/04/09 16:31:50.0343 2960 ComputerName: KEN-LAPTOP

2011/04/09 16:31:50.0343 2960 UserName: Patrick

2011/04/09 16:31:50.0343 2960 Windows directory: C:\WINDOWS

2011/04/09 16:31:50.0343 2960 System windows directory: C:\WINDOWS

2011/04/09 16:31:50.0343 2960 Processor architecture: Intel x86

2011/04/09 16:31:50.0343 2960 Number of processors: 1

2011/04/09 16:31:50.0343 2960 Page size: 0x1000

2011/04/09 16:31:50.0343 2960 Boot type: Normal boot

2011/04/09 16:31:50.0343 2960 ================================================================================

2011/04/09 16:31:51.0125 2960 Initialize success

2011/04/09 16:31:59.0437 3004 ================================================================================

2011/04/09 16:31:59.0437 3004 Scan started

2011/04/09 16:31:59.0437 3004 Mode: Manual;

2011/04/09 16:31:59.0437 3004 ================================================================================

2011/04/09 16:32:02.0796 3004 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/09 16:32:03.0312 3004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/04/09 16:32:03.0718 3004 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/04/09 16:32:04.0046 3004 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/04/09 16:32:04.0187 3004 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/04/09 16:32:04.0531 3004 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/04/09 16:32:05.0125 3004 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/04/09 16:32:05.0468 3004 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/04/09 16:32:05.0828 3004 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/09 16:32:05.0953 3004 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/09 16:32:06.0359 3004 ati2mtag (1a12941c75be2003286c7787f21a7f81) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/04/09 16:32:06.0484 3004 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/09 16:32:06.0640 3004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/09 16:32:06.0781 3004 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/04/09 16:32:06.0843 3004 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/04/09 16:32:06.0937 3004 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/04/09 16:32:07.0078 3004 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/04/09 16:32:07.0250 3004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/09 16:32:07.0718 3004 BTWUSB (843e656db562ffff197afaf98042faca) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/04/09 16:32:07.0843 3004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/09 16:32:07.0921 3004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/09 16:32:08.0015 3004 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/09 16:32:08.0093 3004 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/09 16:32:08.0218 3004 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

2011/04/09 16:32:08.0531 3004 ClntMgmt.sys (573da08641afc8d940e0431945867906) C:\WINDOWS\System32\Drivers\ClntMgmt.sys

2011/04/09 16:32:08.0609 3004 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/04/09 16:32:09.0093 3004 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/04/09 16:32:09.0421 3004 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/09 16:32:09.0671 3004 DLKRCB (8e627b28a6dd388b9bbef9af13f073f1) C:\WINDOWS\system32\DRIVERS\DLKRCB.SYS

2011/04/09 16:32:09.0921 3004 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/09 16:32:10.0171 3004 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/04/09 16:32:10.0312 3004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/09 16:32:10.0390 3004 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/09 16:32:10.0500 3004 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/09 16:32:10.0765 3004 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/09 16:32:10.0875 3004 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/04/09 16:32:11.0000 3004 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/09 16:32:11.0125 3004 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/04/09 16:32:11.0203 3004 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/04/09 16:32:11.0312 3004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/09 16:32:11.0468 3004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/09 16:32:11.0593 3004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/04/09 16:32:11.0703 3004 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/09 16:32:11.0781 3004 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys

2011/04/09 16:32:11.0859 3004 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/09 16:32:12.0109 3004 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/09 16:32:12.0359 3004 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/09 16:32:12.0765 3004 IFXTPM (95ede689b1cb7045327eb671b8807833) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

2011/04/09 16:32:12.0906 3004 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/09 16:32:13.0250 3004 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/04/09 16:32:13.0343 3004 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/09 16:32:13.0421 3004 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/04/09 16:32:13.0562 3004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/09 16:32:13.0687 3004 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/09 16:32:13.0750 3004 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/09 16:32:13.0859 3004 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/09 16:32:13.0968 3004 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys

2011/04/09 16:32:14.0031 3004 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/09 16:32:14.0234 3004 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/09 16:32:14.0328 3004 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/09 16:32:14.0359 3004 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/04/09 16:32:14.0484 3004 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/09 16:32:14.0562 3004 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/09 16:32:14.0718 3004 L8042Kbd (df8770a17227e1adac3ca44818fbe622) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

2011/04/09 16:32:14.0843 3004 LBeepKE (839608e418a68bedc04faa656c7cab5a) C:\WINDOWS\system32\Drivers\LBeepKE.sys

2011/04/09 16:32:14.0921 3004 LHidKe (b66a77ed976f41ea6154fa0c1fb67f67) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

2011/04/09 16:32:14.0984 3004 LMouKE (190e7cb6bcf5fbe0dbb64e8d57087636) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

2011/04/09 16:32:15.0093 3004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/09 16:32:15.0171 3004 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/09 16:32:15.0265 3004 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/09 16:32:15.0421 3004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/09 16:32:15.0562 3004 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/09 16:32:15.0656 3004 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/09 16:32:15.0796 3004 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/09 16:32:15.0875 3004 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/09 16:32:15.0968 3004 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/09 16:32:16.0062 3004 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/09 16:32:16.0125 3004 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/09 16:32:16.0281 3004 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/09 16:32:16.0343 3004 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/09 16:32:16.0421 3004 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/09 16:32:16.0640 3004 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/09 16:32:16.0734 3004 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/09 16:32:16.0859 3004 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/09 16:32:17.0046 3004 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/09 16:32:17.0156 3004 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/09 16:32:17.0250 3004 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/09 16:32:17.0343 3004 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/04/09 16:32:17.0500 3004 npf (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys

2011/04/09 16:32:17.0640 3004 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/09 16:32:17.0781 3004 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/09 16:32:17.0984 3004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/09 16:32:18.0109 3004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/09 16:32:18.0265 3004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/09 16:32:18.0515 3004 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/04/09 16:32:18.0640 3004 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/04/09 16:32:18.0703 3004 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/09 16:32:18.0812 3004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/09 16:32:18.0906 3004 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/09 16:32:19.0187 3004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/09 16:32:19.0312 3004 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/04/09 16:32:19.0390 3004 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2011/04/09 16:32:19.0906 3004 Point32 (f754b09a839719575328f707693a919d) C:\WINDOWS\system32\DRIVERS\point32.sys

2011/04/09 16:32:19.0984 3004 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/09 16:32:20.0031 3004 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/09 16:32:20.0078 3004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/09 16:32:20.0187 3004 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/04/09 16:32:20.0796 3004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/09 16:32:21.0140 3004 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2011/04/09 16:32:21.0203 3004 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/09 16:32:21.0281 3004 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/09 16:32:21.0406 3004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/09 16:32:21.0843 3004 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/09 16:32:21.0906 3004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/09 16:32:22.0250 3004 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/09 16:32:22.0421 3004 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/09 16:32:22.0531 3004 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/09 16:32:22.0812 3004 RmAx (38f9077529578b4446d4a9465656106a) C:\WINDOWS\system32\Drivers\RmAx.sys

2011/04/09 16:32:23.0046 3004 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/04/09 16:32:23.0109 3004 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/04/09 16:32:23.0203 3004 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/04/09 16:32:23.0406 3004 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/09 16:32:23.0484 3004 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/04/09 16:32:23.0687 3004 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/04/09 16:32:23.0765 3004 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/04/09 16:32:24.0171 3004 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys

2011/04/09 16:32:24.0265 3004 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys

2011/04/09 16:32:24.0375 3004 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/04/09 16:32:24.0593 3004 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/09 16:32:24.0859 3004 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/09 16:32:25.0046 3004 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/09 16:32:25.0234 3004 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/04/09 16:32:25.0281 3004 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/04/09 16:32:25.0375 3004 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/09 16:32:25.0593 3004 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/09 16:32:26.0031 3004 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/04/09 16:32:26.0109 3004 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/09 16:32:26.0218 3004 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/09 16:32:26.0421 3004 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/09 16:32:26.0687 3004 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/09 16:32:26.0765 3004 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/09 16:32:26.0828 3004 tifm21 (a900f20ac0ed38223fbb87d2884cafb9) C:\WINDOWS\system32\drivers\tifm21.sys

2011/04/09 16:32:27.0265 3004 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/09 16:32:27.0531 3004 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/09 16:32:27.0718 3004 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/04/09 16:32:27.0843 3004 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/04/09 16:32:27.0968 3004 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/09 16:32:28.0078 3004 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/09 16:32:28.0156 3004 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/09 16:32:28.0296 3004 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/04/09 16:32:28.0343 3004 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/09 16:32:28.0484 3004 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/09 16:32:28.0906 3004 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/09 16:32:29.0015 3004 usb_rndisx (ee37e5c79d6c788711296075b2bc95f4) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2011/04/09 16:32:29.0109 3004 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/04/09 16:32:29.0187 3004 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/04/09 16:32:29.0265 3004 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/09 16:32:29.0578 3004 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys

2011/04/09 16:32:30.0218 3004 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/09 16:32:30.0531 3004 wceusbsh (b85b448fd2c398970382a28e47cf4bc6) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2011/04/09 16:32:30.0921 3004 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/09 16:32:31.0125 3004 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/04/09 16:32:31.0953 3004 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/04/09 16:32:32.0296 3004 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/09 16:32:32.0609 3004 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/09 16:32:32.0937 3004 xxwgsoil (9bd37adda7d008d74badb5a0f213f9ea) C:\WINDOWS\system32\drivers\xxwgsoil.sys

2011/04/09 16:32:33.0890 3004 ================================================================================

2011/04/09 16:32:33.0890 3004 Scan finished

2011/04/09 16:32:33.0890 3004 ================================================================================

Link to post
Share on other sites

Chris,

Here is the first Log from OTL (otl.txt)

OTL logfile created on: 4/9/2011 4:48:53 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Patrick\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 679.00 Mb Available Physical Memory | 66.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.89 Gb Total Space | 17.31 Gb Free Space | 30.97% Space Free | Partition Type: NTFS

Computer Name: KEN-LAPTOP | User Name: Patrick | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/07 17:56:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe

PRC - [2011/04/06 20:30:03 | 000,227,870 | -HS- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\mar.exe

PRC - [2011/03/04 15:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/03/04 15:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/04/07 17:56:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe

MOD - [2008/04/14 05:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (WMPNetworkSvc)

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)

SRV - File not found [Auto | Stopped] -- -- (Brother XP spl Service)

SRV - [2011/03/04 15:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/03/04 15:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2007/08/23 15:32:00 | 000,261,120 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)

SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/03/04 17:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/03/04 15:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/09/06 16:54:04 | 000,784,896 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\xxwgsoil.sys -- (xxwgsoil)

DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/03/06 08:24:50 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\qrtag.sys -- (qrtag)

DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2007/11/15 13:30:48 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)

DRV - [2006/10/25 20:10:54 | 000,003,712 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2006/09/05 13:43:32 | 000,027,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2006/09/05 13:43:20 | 000,071,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2006/09/05 13:41:50 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2006/01/25 04:04:00 | 000,040,502 | R--- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RmAx.sys -- (RmAx)

DRV - [2005/06/02 02:27:44 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2005/05/02 09:13:46 | 003,222,784 | ---- | M] (Intel

Link to post
Share on other sites

Here is the OTL Log "extras.txt"

OTL Extras logfile created on: 4/9/2011 4:48:53 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Patrick\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 679.00 Mb Available Physical Memory | 66.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.89 Gb Total Space | 17.31 Gb Free Space | 30.97% Space Free | Partition Type: NTFS

Computer Name: KEN-LAPTOP | User Name: Patrick | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\mar.exe ()

.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [foobar2000.enqueue] -- "C:\Program Files\foobar2000\foobar2000.exe" /add "%1" ()

Directory [foobar2000.play] -- "C:\Program Files\foobar2000\foobar2000.exe" "%1" ()

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)

"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)

"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)

"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)

"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)

"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)

"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)

"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)

"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)

"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)

"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)

"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)

"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)

"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)

"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)

"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp

"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)

"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)

"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)

"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)

"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)

"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)

"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)

"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)

"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)

"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)

"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)

"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)

"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)

"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)

"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)

"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp

"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

I was also finally able to run MBAM via right click after I Killed Mar.exe

FYI, DDS still wont produce logs. It seems to finish its scan then freezes Windows.

Here you are:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6328

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

4/10/2011 8:34:16 PM

mbam-log-2011-04-10 (20-34-04).txt

Scan type: Full scan (C:\|)

Objects scanned: 243488

Time elapsed: 59 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 7

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Patrick\Local Settings\Application Data\mar.exe" -a "C:\Program Files\Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Patrick\Local Settings\Application Data\mar.exe" -a "C:\Program Files\Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Patrick\Local Settings\Application Data\kdw.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Patrick\Local Settings\Application Data\mar.exe" -a "%1" %*) Good: ("%1" %*) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Patrick\local settings\application data\mar.exe (Trojan.Agent) -> No action taken.

c:\documents and settings\Patrick\local settings\temporary internet files\Content.IE5\2DKNWP3A\calc[1].exe (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

Chris,

It seems MalwareBytes did something positive when it took care of the above. I was able to run GMER.

"ark.txt" Log is attached.

Thanks.

I am still not connected to any external drives or the internet. I haven't done anything on the computer other than this and the above.

I look forward to your thoughts.

Thanks,

Patrick

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the extended delay; I was not notified of your reply.

Please update MBAM, run a Quick Scan, and post its log.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Chris,

No problem. Thanks again for helping.

Here is the MBAM log.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6366

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

4/14/2011 8:12:51 PM

mbam-log-2011-04-14 (20-12-51).txt

Scan type: Quick scan

Objects scanned: 168013

Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I will take care of the combofix right away. Then try DDS again.

Thanks!

Patrick

Link to post
Share on other sites

Chris,

I followed the instructions on combofix to the letter.

The first time I ran it, it did install the Recovery Feature successfully. Then went it started the scan it hung up on:

"Scan starting.... Should only take 10 minutes..."etc.

Then it just hung... computer non-responsive.

So i rebooted and ran it again with the same result.

I didnt try DDS again yet.

Any thoughts?

Thanks,

Patrick

Link to post
Share on other sites

  • Staff

Hi,

Delete your copy of ComboFix, download a fresh copy, except before you download it, rename it to lol.com

Save it to your Desktop but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\lol.com" /killall

See if ComboFix runs now. If no joy, try running DDS.

Link to post
Share on other sites

Chris,

Firstly, thanks again for the help.

Unfortunately it froze up at the same place.

It Creates a restore point, then states "Scanning for infected files". After about 3 minutes it displays, "However badly infected machines this time may easily double". Then it can hear the lack of disc activity. Then nothing. It sits there on that blue screen with a blinking cursor.

Sorry for the hassle.

Patrick

Link to post
Share on other sites

  • Staff

All right. Skip that.

Update MBAM, run a Quick Scan, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Chris,

Here is the MBAM Quick Scan Log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6415

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

4/21/2011 1:26:15 PM

mbam-log-2011-04-21 (13-26-15).txt

Scan type: Quick scan

Objects scanned: 169193

Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Chris,

I forgot to post the TDSSKiller Log...

Here it is:

2011/04/21 13:42:51.0031 3576 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/21 13:42:51.0609 3576 ================================================================================

2011/04/21 13:42:51.0609 3576 SystemInfo:

2011/04/21 13:42:51.0609 3576

2011/04/21 13:42:51.0609 3576 OS Version: 5.1.2600 ServicePack: 2.0

2011/04/21 13:42:51.0609 3576 Product type: Workstation

2011/04/21 13:42:51.0609 3576 ComputerName: KEN-LAPTOP

2011/04/21 13:42:51.0609 3576 UserName: Patrick

2011/04/21 13:42:51.0609 3576 Windows directory: C:\WINDOWS

2011/04/21 13:42:51.0609 3576 System windows directory: C:\WINDOWS

2011/04/21 13:42:51.0609 3576 Processor architecture: Intel x86

2011/04/21 13:42:51.0609 3576 Number of processors: 1

2011/04/21 13:42:51.0609 3576 Page size: 0x1000

2011/04/21 13:42:51.0609 3576 Boot type: Normal boot

2011/04/21 13:42:51.0609 3576 ================================================================================

2011/04/21 13:42:52.0000 3576 Initialize success

2011/04/21 13:43:05.0312 2296 ================================================================================

2011/04/21 13:43:05.0312 2296 Scan started

2011/04/21 13:43:05.0312 2296 Mode: Manual;

2011/04/21 13:43:05.0312 2296 ================================================================================

2011/04/21 13:43:06.0640 2296 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/04/21 13:43:06.0687 2296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/04/21 13:43:06.0781 2296 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/04/21 13:43:06.0843 2296 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/04/21 13:43:06.0921 2296 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys

2011/04/21 13:43:07.0046 2296 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/04/21 13:43:07.0359 2296 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/04/21 13:43:07.0468 2296 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/04/21 13:43:07.0625 2296 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/04/21 13:43:07.0671 2296 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/04/21 13:43:07.0812 2296 ati2mtag (1a12941c75be2003286c7787f21a7f81) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/04/21 13:43:07.0859 2296 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/04/21 13:43:08.0015 2296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/04/21 13:43:08.0125 2296 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/04/21 13:43:08.0218 2296 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/04/21 13:43:08.0265 2296 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/04/21 13:43:08.0343 2296 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/04/21 13:43:08.0375 2296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/04/21 13:43:08.0562 2296 BTWUSB (843e656db562ffff197afaf98042faca) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/04/21 13:43:08.0750 2296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/04/21 13:43:08.0843 2296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/04/21 13:43:08.0937 2296 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/04/21 13:43:09.0015 2296 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/04/21 13:43:09.0093 2296 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

2011/04/21 13:43:09.0187 2296 ClntMgmt.sys (573da08641afc8d940e0431945867906) C:\WINDOWS\System32\Drivers\ClntMgmt.sys

2011/04/21 13:43:09.0234 2296 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/04/21 13:43:09.0312 2296 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/04/21 13:43:09.0546 2296 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/04/21 13:43:09.0687 2296 DLKRCB (8e627b28a6dd388b9bbef9af13f073f1) C:\WINDOWS\system32\DRIVERS\DLKRCB.SYS

2011/04/21 13:43:09.0796 2296 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/04/21 13:43:09.0843 2296 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/04/21 13:43:09.0890 2296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/04/21 13:43:09.0953 2296 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/04/21 13:43:10.0062 2296 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/04/21 13:43:10.0296 2296 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/04/21 13:43:10.0421 2296 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/04/21 13:43:10.0453 2296 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/04/21 13:43:10.0500 2296 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/04/21 13:43:10.0578 2296 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/04/21 13:43:10.0671 2296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/04/21 13:43:10.0750 2296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/04/21 13:43:10.0890 2296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/04/21 13:43:11.0015 2296 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/04/21 13:43:11.0078 2296 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys

2011/04/21 13:43:11.0203 2296 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/04/21 13:43:11.0312 2296 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/04/21 13:43:11.0406 2296 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/04/21 13:43:11.0515 2296 IFXTPM (95ede689b1cb7045327eb671b8807833) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

2011/04/21 13:43:11.0531 2296 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/04/21 13:43:11.0609 2296 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/04/21 13:43:11.0718 2296 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/04/21 13:43:11.0750 2296 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/04/21 13:43:11.0765 2296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/04/21 13:43:11.0796 2296 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/04/21 13:43:11.0843 2296 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/04/21 13:43:11.0906 2296 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/04/21 13:43:11.0984 2296 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys

2011/04/21 13:43:12.0015 2296 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/04/21 13:43:12.0140 2296 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/04/21 13:43:12.0250 2296 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/04/21 13:43:12.0265 2296 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/04/21 13:43:12.0343 2296 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/04/21 13:43:12.0375 2296 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/04/21 13:43:12.0437 2296 L8042Kbd (df8770a17227e1adac3ca44818fbe622) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

2011/04/21 13:43:12.0453 2296 LBeepKE (839608e418a68bedc04faa656c7cab5a) C:\WINDOWS\system32\Drivers\LBeepKE.sys

2011/04/21 13:43:12.0500 2296 LHidKe (b66a77ed976f41ea6154fa0c1fb67f67) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

2011/04/21 13:43:12.0546 2296 LMouKE (190e7cb6bcf5fbe0dbb64e8d57087636) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

2011/04/21 13:43:12.0593 2296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/04/21 13:43:12.0671 2296 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/04/21 13:43:12.0796 2296 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/04/21 13:43:12.0890 2296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/04/21 13:43:12.0921 2296 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/04/21 13:43:12.0968 2296 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/04/21 13:43:13.0000 2296 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/04/21 13:43:13.0046 2296 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/04/21 13:43:13.0109 2296 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/04/21 13:43:13.0125 2296 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/04/21 13:43:13.0156 2296 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/04/21 13:43:13.0187 2296 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/04/21 13:43:13.0218 2296 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/04/21 13:43:13.0296 2296 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/04/21 13:43:13.0359 2296 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/04/21 13:43:13.0515 2296 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/04/21 13:43:13.0625 2296 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/04/21 13:43:13.0687 2296 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/04/21 13:43:13.0734 2296 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/04/21 13:43:13.0796 2296 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/04/21 13:43:13.0875 2296 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/04/21 13:43:13.0953 2296 npf (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys

2011/04/21 13:43:14.0062 2296 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/04/21 13:43:14.0171 2296 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/04/21 13:43:14.0250 2296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/04/21 13:43:14.0296 2296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/04/21 13:43:14.0343 2296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/04/21 13:43:14.0375 2296 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/04/21 13:43:14.0437 2296 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/04/21 13:43:14.0468 2296 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/04/21 13:43:14.0515 2296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/04/21 13:43:14.0640 2296 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/04/21 13:43:14.0750 2296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/04/21 13:43:14.0796 2296 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/04/21 13:43:14.0843 2296 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2011/04/21 13:43:15.0046 2296 Point32 (f754b09a839719575328f707693a919d) C:\WINDOWS\system32\DRIVERS\point32.sys

2011/04/21 13:43:15.0078 2296 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/04/21 13:43:15.0109 2296 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/04/21 13:43:15.0171 2296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/04/21 13:43:15.0218 2296 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/04/21 13:43:15.0390 2296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/04/21 13:43:15.0546 2296 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2011/04/21 13:43:15.0609 2296 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/04/21 13:43:15.0625 2296 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/04/21 13:43:15.0656 2296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/04/21 13:43:15.0718 2296 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/04/21 13:43:15.0750 2296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/04/21 13:43:15.0781 2296 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/04/21 13:43:15.0875 2296 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/04/21 13:43:15.0921 2296 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/04/21 13:43:15.0968 2296 RmAx (38f9077529578b4446d4a9465656106a) C:\WINDOWS\system32\Drivers\RmAx.sys

2011/04/21 13:43:16.0062 2296 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/04/21 13:43:16.0203 2296 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/04/21 13:43:16.0312 2296 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/04/21 13:43:16.0421 2296 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/04/21 13:43:16.0500 2296 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/04/21 13:43:16.0562 2296 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys

2011/04/21 13:43:16.0640 2296 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys

2011/04/21 13:43:16.0703 2296 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/04/21 13:43:16.0906 2296 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/04/21 13:43:16.0984 2296 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/04/21 13:43:17.0078 2296 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/04/21 13:43:17.0140 2296 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/04/21 13:43:17.0187 2296 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/04/21 13:43:17.0250 2296 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/04/21 13:43:17.0312 2296 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/04/21 13:43:17.0593 2296 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/04/21 13:43:17.0656 2296 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/04/21 13:43:17.0781 2296 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/04/21 13:43:17.0843 2296 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/04/21 13:43:17.0875 2296 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/04/21 13:43:17.0937 2296 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/04/21 13:43:18.0125 2296 tifm21 (a900f20ac0ed38223fbb87d2884cafb9) C:\WINDOWS\system32\drivers\tifm21.sys

2011/04/21 13:43:18.0218 2296 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/04/21 13:43:18.0328 2296 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/04/21 13:43:18.0390 2296 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/04/21 13:43:18.0453 2296 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/04/21 13:43:18.0484 2296 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/04/21 13:43:18.0531 2296 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/04/21 13:43:18.0687 2296 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/04/21 13:43:18.0734 2296 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/04/21 13:43:18.0765 2296 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/04/21 13:43:18.0890 2296 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/04/21 13:43:18.0937 2296 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/04/21 13:43:18.0968 2296 usb_rndisx (ee37e5c79d6c788711296075b2bc95f4) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2011/04/21 13:43:19.0015 2296 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/04/21 13:43:19.0046 2296 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/04/21 13:43:19.0078 2296 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/04/21 13:43:19.0296 2296 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys

2011/04/21 13:43:19.0453 2296 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/04/21 13:43:19.0500 2296 wceusbsh (b85b448fd2c398970382a28e47cf4bc6) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2011/04/21 13:43:19.0640 2296 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/04/21 13:43:19.0703 2296 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/04/21 13:43:19.0765 2296 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/04/21 13:43:19.0843 2296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/04/21 13:43:19.0875 2296 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/04/21 13:43:19.0984 2296 xxwgsoil (9bd37adda7d008d74badb5a0f213f9ea) C:\WINDOWS\system32\drivers\xxwgsoil.sys

2011/04/21 13:43:20.0187 2296 ================================================================================

2011/04/21 13:43:20.0187 2296 Scan finished

2011/04/21 13:43:20.0187 2296 ================================================================================

2011/04/21 13:44:21.0656 1236 Deinitialize success

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.