Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Maleware: Rundll32.exe not found & Automatic Updates not turned on

Started by wisesilver , May 17 2011 06:09 PM

  • Please log in to reply

#16
Salagubang
Posted 21 May 2011 - 06:30 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
  • 0

Advertisements

#17
wisesilver
Posted 21 May 2011 - 09:42 AM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang. :)

Here is the exeHelper (which I ran in safe mode):
exeHelper by Raktor
Build 20100414
Run at 11:38:53 on 05/21/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
  • 0

#18
Salagubang
Posted 21 May 2011 - 04:40 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Can you try if programs are opening now?
  • 0

#19
wisesilver
Posted 21 May 2011 - 10:09 PM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang. :)

I still cannot run programs in normal mode. :unsure: When I boot in normal mode I am still not able to run programs. When I right click on My Computer and select Properties I get Rundll32.exe not found. When I try to run Malwarebytes I get program not found. Attempting to execute other programs cause the window to pop up to associae what I am trying to execute to a windows application. When I shut down I am asked if I want to end the application FreeAgenSoftware (it was something with a name like this).

P.S. The good news is that the warning that Windows update is not turned on has not been there since ComboFix.
  • 0

#20
Salagubang
Posted 21 May 2011 - 10:14 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Ok lets find that missing Rundll32. :)

  • Run OTL
  • Click the None button at the top
  • Under the Custom Scan box paste this in:

    /md5start
    rundll32.exe
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open a notepad window. Post OTL.Txt here.

  • 0

#21
wisesilver
Posted 23 May 2011 - 03:53 PM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang. :)

Here is the OTL log:
OTL logfile created on: 5/23/2011 5:43:48 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\All Users\Desktop\Anti Virus & Spyware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 17.67 Gb Free Space | 13.80% Space Free | Partition Type: NTFS
Drive D: | 21.05 Gb Total Space | 16.88 Gb Free Space | 80.18% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 695.16 Gb Free Space | 74.63% Space Free | Partition Type: NTFS

Computer Name: WEISS3GIG | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: RUNDLL32.EXE >
[2008/04/13 20:12:33 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=037B1E7798960E0420003D05BB577EE6 -- C:\WINDOWS\ServicePackFiles\i386\rundll32.exe
[2008/04/13 20:12:33 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=037B1E7798960E0420003D05BB577EE6 -- C:\WINDOWS\system32\rundll32.exe
[2002/08/29 08:00:00 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=0FB22DD37C17F80AD71316049F725170 -- C:\pebuilder3110a\BartPE\i386\system32\rundll32.exe
[2004/08/04 01:56:56 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=DA285490BBD8A1D0CE6623577D5BA1FF -- C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe

< >

< End of report >
  • 0

#22
Salagubang
Posted 23 May 2011 - 05:25 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi wisesilver,

Lets try this.

Go to the Run box on the Start Menu and type in:

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

More info on this process can be found here.
  • 0

#23
wisesilver
Posted 23 May 2011 - 05:55 PM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagibang. :) I tried to run sfc /scannow with a normal bootup. It wanted me to select a program to use to run it. :unsure:

Shall I run it in safe mode?
  • 0

#24
Salagubang
Posted 23 May 2011 - 06:00 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Could you check this one for me.

Try opening am application an application, when a pop up windows appears and asks for which program to open the application, look for the browse button and point it to C:\windows\Explorer.exe

Tell me if it opens the program alright.
  • 0

#25
wisesilver
Posted 23 May 2011 - 06:31 PM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang. :) It appears like it will but ends up asking again for me to associate it to a program.

So, specifically:
1) I browse to C:\Windows\Explorer.exe
2) I Select OK
3) A file Download Pop Up appears and I click Run (as opposed to save or exit)
4) A Windows Security Warning pops up and I select Run
5) And now I am back to the Associate With window. :unsure:

P.S. I did some Googling and saw some people were using a download called exefix_up for a similar problem
  • 0

Advertisements

#26
Salagubang
Posted 23 May 2011 - 07:05 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

P.S. I did some Googling and saw some people were using a download called exefix_up for a similar problem


Could be useful, give it a whirl.

:)
  • 0

#27
wisesilver
Posted 23 May 2011 - 07:36 PM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang. :unsure: It has helped a litle. I can now right click on My Computer and open properties without a Run32DLL error. I can open my Mozila browser. I tried to run Malwarebytes, it started to run but get error when I try to update the virus definitions, here it is:
An error has occurred. Please report this error code to our support team.
PROGRAM_ERROR_UPDATING (404, 0, HTTPStatusCode)
:yes:

So, I made a step in the right direction but I am no there yet. :)

I had to use the .bat file xp_fileassoc.bat (I saved it from a link in "Bleepingcomputer.com"). It's contents are:
REM Restore Default File Associations for Windows XP.
REM Copyright 2003 - Doug Knox
REM This BAT file restores the Default associations that XP ships with
REM It does not restore associations created by 3rd party applications.

Echo Restoring Default File Associations

assoc.323=h323file
assoc.386=vxdfile
assoc.aca=Agent.Character.2
assoc.acf=Agent.Character.2
assoc.acs=Agent.Character2.2
assoc.acw=acwfile
assoc.ai=
assoc.aif=AIFFFile
assoc.aifc=AIFFFile
assoc.aiff=AIFFFile
assoc.ani=anifile
assoc.aps=
assoc.asa=aspfile
assoc.ascx=
assoc.asf=ASFFile
assoc.asm=
assoc.asmx=
assoc.asp=aspfile
assoc.aspx=
assoc.asx=ASXFile
assoc.au=AUFile
assoc.AudioCD=AudioCD
assoc.avi=avifile
assoc.bat=batfile
assoc.bfc=Briefcase
assoc.bin=
assoc.bkf=msbackupfile
assoc.blg=PerfFile
assoc.bmp=Paint.Picture
assoc.bsc=
assoc.c=
assoc.cab=CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}
assoc.cat=CATFile
assoc.cda=CDAFile
assoc.cdf=ChannelFile
assoc.cdx=aspfile
assoc.cer=CERFile
assoc.cgm=
assoc.chk=chkfile
assoc.chm=chm.file
assoc.clp=clpfile
assoc.cmd=cmdfile
assoc.cnf=ConferenceLink
assoc.com=comfile
assoc.cpl=cplfile
assoc.cpp=
assoc.crl=CRLFile
assoc.crt=CERFile
assoc.css=CSSfile
assoc.csv=
assoc.CTT=MessengerContactList
assoc.cur=curfile
assoc.cxx=
assoc.dat=
assoc.db=dbfile
assoc.dbg=
assoc.dct=
assoc.def=
assoc.der=CERFile
assoc.DeskLink=CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}
assoc.dib=Paint.Picture
assoc.dic=
assoc.diz=
assoc.dll=dllfile
assoc.dl_=
assoc.doc=WordPad.Document.1
assoc.dos=
assoc.dot=
assoc.drv=drvfile
assoc.dsn=MSDASQL
assoc.dun=dunfile
assoc.DVD=DVD
assoc.emf=emffile
assoc.eml=Microsoft Internet Mail Message
assoc.eps=
assoc.exe=exefile
assoc.exp=
assoc.ex_=
assoc.eyb=
assoc.fif=
assoc.fnd=fndfile
assoc.fnt=
assoc.Folder=Folder
assoc.fon=fonfile
assoc.ghi=
assoc.gif=giffile
assoc.grp=MSProgramGroup
assoc.gz=
assoc.h=
assoc.hhc=
assoc.hlp=hlpfile
assoc.hpp=
assoc.hqx=
assoc.ht=htfile
assoc.hta=htafile
assoc.htc=
assoc.htm=htmlfile
assoc.html=htmlfile
assoc.htt=HTTfile
assoc.htw=
assoc.htx=
assoc.hxx=
assoc.icc=icmfile
assoc.icm=icmfile
assoc.ico=icofile
assoc.idb=
assoc.idl=
assoc.idq=
assoc.iii=iiifile
assoc.ilk=
assoc.imc=
assoc.inc=
assoc.inf=inffile
assoc.ini=inifile
assoc.ins=x-internet-signup
assoc.inv=
assoc.inx=
assoc.in_=
assoc.isp=x-internet-signup
assoc.its=ITS File
assoc.IVF=IVFFile
assoc.java=
assoc.jbf=
assoc.jfif=pjpegfile
assoc.job=JobObject
assoc.jod=Microsoft.Jet.OLEDB.4.0
assoc.jpe=jpegfile
assoc.jpeg=jpegfile
assoc.jpg=jpegfile
assoc.JS=JSFile
assoc.JSE=JSEFile
assoc.latex=
assoc.lib=
assoc.lnk=lnkfile
assoc.local=
assoc.log=txtfile
assoc.lwv=LWVFile
assoc.m14=
assoc.m1v=mpegfile
assoc.m3u=m3ufile
assoc.man=
assoc.manifest=
assoc.MAPIMail=CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}
assoc.mdb=
assoc.mht=mhtmlfile
assoc.mhtml=mhtmlfile
assoc.mid=midfile
assoc.midi=midfile
assoc.mmf=
assoc.mmm=MPlayer
assoc.mov=
assoc.movie=
assoc.mp2=mpegfile
assoc.mp2v=mpegfile
assoc.mp3=mp3file
assoc.mpa=mpegfile
assoc.mpe=mpegfile
assoc.mpeg=mpegfile
assoc.mpg=mpegfile
assoc.mpv2=mpegfile
assoc.msc=MSCFile
assoc.msg=
assoc.msi=Msi.Package
assoc.msp=Msi.Patch
assoc.MsRcIncident=MsRcIncident
assoc.msstyles=msstylesfile
assoc.MSWMM=Windows.Movie.Maker
assoc.mv=
assoc.mydocs=CLSID\{ECF03A32-103D-11d2-854D-006008059367}
assoc.ncb=
assoc.nfo=MSInfo.Document
assoc.nls=
assoc.NMW=T126_Whiteboard
assoc.nsc=
assoc.nvr=
assoc.nws=Microsoft Internet News Message
assoc.obj=
assoc.ocx=ocxfile
assoc.oc_=
assoc.odc=
assoc.otf=otffile
assoc.p10=P10File
assoc.p12=PFXFile
assoc.p7b=SPCFile
assoc.p7c=certificate_wab_auto_file
assoc.p7m=P7MFile
assoc.p7r=SPCFile
assoc.p7s=P7SFile
assoc.pbk=pbkfile
assoc.pch=
assoc.pdb=
assoc.pds=
assoc.pfm=pfmfile
assoc.pfx=PFXFile
assoc.php3=
assoc.pic=
assoc.pif=piffile
assoc.pko=PKOFile
assoc.pl=
assoc.plg=
assoc.pma=PerfFile
assoc.pmc=PerfFile
assoc.pml=PerfFile
assoc.pmr=PerfFile
assoc.pmw=PerfFile
assoc.pnf=pnffile
assoc.png=pngfile
assoc.pot=
assoc.pps=
assoc.ppt=
assoc.prf=prffile
assoc.ps=
assoc.psd=
assoc.psw=PSWFile
assoc.qds=SavedDsQuery
assoc.rat=ratfile
assoc.rc=
assoc.RDP=RDP.File
assoc.reg=regfile
assoc.res=
assoc.rle=
assoc.rmi=midfile
assoc.rnk=rnkfile
assoc.rpc=
assoc.rsp=
assoc.rtf=rtffile
assoc.sam=
assoc.sbr=
assoc.sc2=
assoc.scf=SHCmdFile
assoc.scp=txtfile
assoc.scr=scrfile
assoc.sct=scriptletfile
assoc.sdb=appfixfile
assoc.sed=
assoc.shb=DocShortcut
assoc.shs=ShellScrap
assoc.shtml=
assoc.shw=
assoc.sit=
assoc.snd=AUFile
assoc.spc=SPCFile
assoc.spl=ShockwaveFlash.ShockwaveFlash
assoc.sql=
assoc.sr_=
assoc.sst=CertificateStoreFile
assoc.stl=STLFile
assoc.stm=
assoc.swf=ShockwaveFlash.ShockwaveFlash
assoc.sym=
assoc.sys=sysfile
assoc.sy_=
assoc.tar=
assoc.text=
assoc.tgz=
assoc.theme=themefile
assoc.tif=TIFImage.Document
assoc.tiff=TIFImage.Document
assoc.tlb=
assoc.tsp=
assoc.tsv=
assoc.ttc=ttcfile
assoc.ttf=ttffile
assoc.txt=txtfile
assoc.UDL=MSDASC
assoc.uls=ulsfile
assoc.URL=InternetShortcut
assoc.VBE=VBEFile
assoc.vbs=VBSFile
assoc.vbx=
assoc.vcf=vcard_wab_auto_file
assoc.vxd=vxdfile
assoc.wab=wab_auto_file
assoc.wav=soundrec
assoc.wax=WAXFile
assoc.wb2=
assoc.webpnp=webpnpFile
assoc.WHT=Whiteboard
assoc.wk4=
assoc.wll=
assoc.wlt=
assoc.wm=ASFFile
assoc.wma=WMAFile
assoc.wmd=WMDFile
assoc.wmf=wmffile
assoc.wmp=WMPFile
assoc.wms=WMSFile
assoc.wmv=WMVFile
assoc.wmx=ASXFile
assoc.wmz=WMZFile
assoc.wpd=
assoc.wpg=
assoc.wri=wrifile
assoc.wsc=scriptletfile
assoc.WSF=WSFFile
assoc.WSH=WSHFile
assoc.wsz=
assoc.wtx=txtfile
assoc.wvx=WVXFile
assoc.x=
assoc.xbm=
assoc.xix=
assoc.xlb=
assoc.xlc=
assoc.xls=
assoc.xlt=
assoc.xml=xmlfile
assoc.xsl=xslfile
assoc.z=
assoc.z96=
assoc.zap=zapfile
assoc.ZFSendToTarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
assoc.zip=CompressedFolder

Echo Default File Associations Restored
  • 0

#28
Salagubang
Posted 23 May 2011 - 07:40 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

So, I made a step in the right direction but I am no there yet. :)

I had to use the .bat file xp_fileassoc.bat (I saved it from a link in "Bleepingcomputer.com"). It's contents are:


Did you already ran it?

See if you can run this one:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#29
wisesilver
Posted 23 May 2011 - 08:49 PM

wisesilver

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 501 posts
Hi Salagubang. :) I was able to download and run TDSSKiller. :yes: The Log file is attached. By the way after my las post I rebooted and downloaded a fresh copy of Malwarebytes. This fresh copy seems to be running OK.:unsure:

2011/05/23 22:45:46.0796 0328 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/23 22:45:47.0062 0328 ================================================================================
2011/05/23 22:45:47.0062 0328 SystemInfo:
2011/05/23 22:45:47.0062 0328
2011/05/23 22:45:47.0062 0328 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/23 22:45:47.0062 0328 Product type: Workstation
2011/05/23 22:45:47.0062 0328 ComputerName: WEISS3GIG
2011/05/23 22:45:47.0062 0328 UserName: COMPUTER
2011/05/23 22:45:47.0062 0328 Windows directory: C:\WINDOWS
2011/05/23 22:45:47.0062 0328 System windows directory: C:\WINDOWS
2011/05/23 22:45:47.0062 0328 Processor architecture: Intel x86
2011/05/23 22:45:47.0062 0328 Number of processors: 2
2011/05/23 22:45:47.0062 0328 Page size: 0x1000
2011/05/23 22:45:47.0062 0328 Boot type: Normal boot
2011/05/23 22:45:47.0062 0328 ================================================================================
2011/05/23 22:45:56.0437 0328 Initialize success
2011/05/23 22:46:40.0390 2396 ================================================================================
2011/05/23 22:46:40.0390 2396 Scan started
2011/05/23 22:46:40.0390 2396 Mode: Manual;
2011/05/23 22:46:40.0390 2396 ================================================================================
2011/05/23 22:46:43.0000 2396 3c1807pd (f82ab4a2a26e172b929d27d60b637973) C:\WINDOWS\system32\DRIVERS\3c1807pd.sys
2011/05/23 22:46:43.0171 2396 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/23 22:46:43.0234 2396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/23 22:46:43.0281 2396 ActivHidSerMini (092542818ccd17b659e17e4dcb427bad) C:\WINDOWS\system32\DRIVERS\activhidsermini.sys
2011/05/23 22:46:43.0343 2396 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/23 22:46:43.0406 2396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/23 22:46:43.0453 2396 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/05/23 22:46:43.0500 2396 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/23 22:46:43.0562 2396 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/05/23 22:46:43.0593 2396 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/23 22:46:43.0921 2396 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/05/23 22:46:43.0953 2396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/23 22:46:43.0984 2396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/23 22:46:44.0046 2396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/23 22:46:44.0093 2396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/23 22:46:44.0156 2396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/23 22:46:44.0281 2396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/23 22:46:44.0375 2396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/23 22:46:44.0406 2396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/23 22:46:44.0453 2396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/23 22:46:44.0515 2396 CDRPDACC (30b37c18e1725eb9f25039e9a1fb9b7e) C:\Program Files\321Studios\Shared\CDRPDACC.SYS
2011/05/23 22:46:44.0734 2396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/23 22:46:44.0812 2396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/23 22:46:44.0875 2396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/23 22:46:44.0921 2396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/23 22:46:44.0968 2396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/23 22:46:45.0015 2396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/23 22:46:45.0093 2396 E1000 (2476936f4994e9084ccfe75ed4f6226a) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/05/23 22:46:45.0140 2396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/23 22:46:45.0203 2396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/23 22:46:45.0234 2396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/23 22:46:45.0250 2396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/23 22:46:45.0296 2396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/23 22:46:45.0343 2396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/23 22:46:45.0390 2396 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/05/23 22:46:45.0421 2396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/23 22:46:45.0468 2396 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/05/23 22:46:45.0515 2396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/23 22:46:45.0562 2396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/23 22:46:45.0609 2396 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/23 22:46:45.0718 2396 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/23 22:46:45.0750 2396 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/23 22:46:45.0781 2396 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/23 22:46:45.0843 2396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/23 22:46:46.0000 2396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/23 22:46:46.0031 2396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/23 22:46:46.0093 2396 InCDfs (580904d6cdb481bb72fee15aa575b5bd) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/05/23 22:46:46.0125 2396 InCDPass (37b31b5741674525bba5c1659b132418) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/05/23 22:46:46.0171 2396 InCDrec (a2f6306e5e12b9f78cca5485b312fcbd) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/05/23 22:46:46.0203 2396 incdrm (084f6c2e3e2be980242984b74279bfb6) C:\WINDOWS\system32\drivers\incdrm.sys
2011/05/23 22:46:46.0328 2396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/23 22:46:46.0375 2396 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/23 22:46:46.0421 2396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/23 22:46:46.0468 2396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/23 22:46:46.0515 2396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/23 22:46:46.0546 2396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/23 22:46:46.0578 2396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/23 22:46:46.0609 2396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/23 22:46:46.0640 2396 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/05/23 22:46:46.0687 2396 ivicd (6681d4a5dd4967a4ddc8deb3e4bd491e) C:\WINDOWS\system32\drivers\ivicd.sys
2011/05/23 22:46:46.0718 2396 iviudf (b9a95933eb169573e3c3b33e97df061b) C:\WINDOWS\system32\drivers\IviUdf.sys
2011/05/23 22:46:46.0750 2396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/23 22:46:46.0796 2396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/23 22:46:46.0843 2396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/23 22:46:46.0890 2396 kvpndev (8622b7e7991ddbe4a04a7f6044153bf6) C:\WINDOWS\system32\DRIVERS\kvpndrv.sys
2011/05/23 22:46:46.0984 2396 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/05/23 22:46:47.0031 2396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/23 22:46:47.0078 2396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/23 22:46:47.0125 2396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/23 22:46:47.0171 2396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/23 22:46:47.0187 2396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/23 22:46:47.0250 2396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/23 22:46:47.0328 2396 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/23 22:46:47.0406 2396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/23 22:46:47.0453 2396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/23 22:46:47.0484 2396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/23 22:46:47.0515 2396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/23 22:46:47.0562 2396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/23 22:46:47.0593 2396 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/23 22:46:47.0625 2396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/23 22:46:47.0656 2396 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/23 22:46:47.0687 2396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/23 22:46:47.0718 2396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/23 22:46:47.0750 2396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/23 22:46:47.0781 2396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/23 22:46:47.0812 2396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/23 22:46:47.0875 2396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/23 22:46:47.0921 2396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/23 22:46:48.0000 2396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/23 22:46:48.0093 2396 nv (981666c0fbd10816db943cbceac82ab3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/23 22:46:48.0218 2396 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
2011/05/23 22:46:48.0328 2396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/23 22:46:48.0375 2396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/23 22:46:48.0437 2396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/23 22:46:48.0468 2396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/23 22:46:48.0515 2396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/23 22:46:48.0546 2396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/23 22:46:48.0593 2396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/23 22:46:48.0640 2396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/23 22:46:48.0671 2396 Pcouffin (c3224a794b4fe2f6d0d5434a9fcad26d) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/05/23 22:46:48.0796 2396 PdiPorts (3b2f443b8e23d17d46f0e43e2fc42cfe) C:\WINDOWS\system32\Drivers\PdiPorts.sys
2011/05/23 22:46:48.0968 2396 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/05/23 22:46:49.0000 2396 Pivot (943f840611d33832308ec5310b616b57) C:\WINDOWS\system32\drivers\pivot.sys
2011/05/23 22:46:49.0046 2396 pivotmou (998c58295288eedfbfe95e7f6cc94df4) C:\WINDOWS\system32\drivers\pivotmou.sys
2011/05/23 22:46:49.0140 2396 ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys
2011/05/23 22:46:49.0203 2396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/23 22:46:49.0234 2396 prmvmouse (20a45d4fdfcc079265816e8f46acb1ae) C:\WINDOWS\system32\DRIVERS\activmouse.sys
2011/05/23 22:46:49.0281 2396 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/23 22:46:49.0312 2396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/23 22:46:49.0343 2396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/23 22:46:49.0515 2396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/23 22:46:49.0546 2396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/23 22:46:49.0578 2396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/23 22:46:49.0609 2396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/23 22:46:49.0640 2396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/23 22:46:49.0671 2396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/23 22:46:49.0734 2396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/23 22:46:49.0781 2396 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/23 22:46:49.0812 2396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/23 22:46:50.0000 2396 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/23 22:46:50.0031 2396 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/23 22:46:50.0078 2396 SBFSHOOK (c7887cf1e400a420c4d336764a3f56af) C:\WINDOWS\system32\drivers\sbfshook.sys
2011/05/23 22:46:50.0156 2396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/23 22:46:50.0218 2396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/23 22:46:50.0265 2396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/23 22:46:50.0312 2396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/23 22:46:50.0421 2396 smwdm (eba50c8f7efd8178e8c4bde6b74e744c) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/23 22:46:50.0500 2396 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/05/23 22:46:50.0578 2396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/23 22:46:50.0640 2396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/23 22:46:50.0703 2396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/23 22:46:50.0781 2396 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/05/23 22:46:50.0828 2396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/23 22:46:50.0875 2396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/23 22:46:51.0031 2396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/23 22:46:51.0093 2396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/23 22:46:51.0203 2396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/23 22:46:51.0281 2396 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2011/05/23 22:46:51.0312 2396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/23 22:46:51.0343 2396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/23 22:46:51.0375 2396 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/05/23 22:46:51.0421 2396 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/05/23 22:46:51.0546 2396 udffsrec (d3679d7954718c92a5a826450582dfea) C:\WINDOWS\system32\drivers\udffsrec.sys
2011/05/23 22:46:51.0578 2396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/23 22:46:51.0656 2396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/23 22:46:51.0765 2396 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/23 22:46:51.0812 2396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/23 22:46:51.0859 2396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/23 22:46:51.0875 2396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/23 22:46:51.0906 2396 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/23 22:46:51.0937 2396 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/23 22:46:51.0968 2396 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/23 22:46:52.0000 2396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/23 22:46:52.0031 2396 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/05/23 22:46:52.0078 2396 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
2011/05/23 22:46:52.0140 2396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/23 22:46:52.0250 2396 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
2011/05/23 22:46:52.0312 2396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/23 22:46:52.0359 2396 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
2011/05/23 22:46:52.0406 2396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/23 22:46:52.0453 2396 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/05/23 22:46:52.0531 2396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/23 22:46:52.0687 2396 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/23 22:46:52.0750 2396 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/23 22:46:52.0953 2396 ================================================================================
2011/05/23 22:46:52.0953 2396 Scan finished
2011/05/23 22:46:52.0953 2396 ================================================================================
  • 0

#30
Salagubang
Posted 23 May 2011 - 08:55 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

Hi Salagubang. :) I was able to download and run TDSSKiller. :) The Log file is attached. By the way after my las post I rebooted and downloaded a fresh copy of Malwarebytes. This fresh copy seems to be running OK.:unsure:


Ok lets sweep for remnants.

Run a scan with MBAM then post the log.

Next

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

:yes:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP