Having problems installing and using Malwareytes'Anti-Malware

[piet12]

Hello Mainard,

You lost me

Do I have set these settings again.

Change Drivers to All

Change Standard Registry to All

Under File Scans, change File age to 30

And run scan.

Or run your script with Run Fix?

Thanks!

[Mainard]

Remaining instructions, my apologies

• Then click the Run Fix button at the top
  
• Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  
• Please post that log in your next reply.
  

[piet12]

Ha Mainard,

After running OTL it came up with press ok to reboot.

After bootup a popup with run otl.......

And it opened a log file.

I hope this is the one you mean.

All processes killed

========== OTL ==========

Service RkPavproc1 stopped successfully!

Service RkPavproc1 deleted successfully!

C:\WINDOWS\system32\drivers\RkPavproc1.sys moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 81920 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Patty

->Temp folder emptied: 8182636 bytes

->Temporary Internet Files folder emptied: 39904444 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 98231732 bytes

->Flash cache emptied: 1380 bytes

User: test

->Temp folder emptied: 839882 bytes

->Temporary Internet Files folder emptied: 4257933 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16912773 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 31313040 bytes

Total Files Cleaned = 191,00 mb

OTL by OldTimer - Version 3.2.20.2 log created on 01182011_192332

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Mainard]

Piet12,

Are you able to run MBAM with no issue?

If not, can I get another OTL report, do it the same way:

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  OTL should now start. Change the following settings:
  Change Drivers to All
  Change Standard Registry to All
  Under File Scans, change File age to 30
  Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
  Please attach these 2 files in your next reply.
  

Thank you for your patience!

[piet12]

Same problem Mainard....

OTL.zip

[Mainard]

Piet12,

No more Panda on your system.

Please follow my instructions from post 43 found Here Concerning Autoruns. (we already did the OTL items)

Thank you!

[piet12]

Hello Mainard,

See attachment.....

AutoRuns.zip

[Mainard]

Thank you very much Piet12,

I would like to see a dependency log for your MBAM.

Create a Dependency Walker Log:

• Download Dependency Walker from here and save it to your desktop
  
• Extract it to its own folder and open the folder and double-click on depends.exe to run the program
  
• Click on File at the top and click Open...
  
• Browse to Malwarebytes' Anti-Malware program folder in one of the following locations depending on your operating system:
  
  • 32 bit - C:\Program Files
    
  • 64 bit - C:\Program Files (x86)
    

  [*]Once there, double-click on <MBAM.exe> It should be in path C:\Program Files\Malwarebytes' Anti-Malware

  [*]After the info is onscreen, pleaes click on Profile->Start Profiling...

  [*]The Profile Module comes up, Leave everything at its default and Click OK.

  [*]Wait for MBAM to start up, then Exit MBAM.

  [*]Once it shows the info onscreen, click on File and choose Save As...

  [*]Browse to your desktop and save the file as dependWalk, making certain that Save as type: is set to Dependency Walker Image (*.dwi)

  [*]Right-click on the dependWalk file you just saved and hover your mouse over Send to and choose Compressed (zipped) Folder

  [*]Attach the dependWalk.zip file you just created to your next reply

Thank you Piet12!

[piet12]

Ha Mainard,

Done so!

See attachment

Thanks again.

dependWalk.zip

[Mainard]

Hello Piet12,

I need another report from you, the dev's I sent your reports to think you may have been infected with a rootkit.

Please:

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on on it.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory.

In your next reply, please include the Log from TDSSKiller.

[piet12]

Hello Mainard,

See log.

Thanks again.

2011/01/20 17:53:53.0984 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51

2011/01/20 17:53:53.0984 ================================================================================

2011/01/20 17:53:53.0984 SystemInfo:

2011/01/20 17:53:53.0984

2011/01/20 17:53:53.0984 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/20 17:53:53.0984 Product type: Workstation

2011/01/20 17:53:53.0984 ComputerName: LAPTOP08P

2011/01/20 17:53:53.0984 UserName: Patty

2011/01/20 17:53:53.0984 Windows directory: C:\WINDOWS

2011/01/20 17:53:53.0984 System windows directory: C:\WINDOWS

2011/01/20 17:53:53.0984 Processor architecture: Intel x86

2011/01/20 17:53:53.0984 Number of processors: 2

2011/01/20 17:53:53.0984 Page size: 0x1000

2011/01/20 17:53:53.0984 Boot type: Normal boot

2011/01/20 17:53:53.0984 ================================================================================

2011/01/20 17:53:54.0437 Initialize success

2011/01/20 17:54:12.0187 ================================================================================

2011/01/20 17:54:12.0187 Scan started

2011/01/20 17:54:12.0187 Mode: Manual;

2011/01/20 17:54:12.0187 ================================================================================

2011/01/20 17:54:14.0500 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/20 17:54:14.0546 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/01/20 17:54:14.0625 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/20 17:54:14.0671 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/20 17:54:15.0109 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys

2011/01/20 17:54:15.0218 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/20 17:54:15.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/20 17:54:15.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/20 17:54:15.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/20 17:54:15.0421 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/20 17:54:15.0656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/20 17:54:15.0687 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/01/20 17:54:15.0765 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/20 17:54:15.0812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/20 17:54:15.0843 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/20 17:54:15.0921 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/20 17:54:16.0000 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/20 17:54:16.0171 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/20 17:54:16.0234 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/20 17:54:16.0296 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/20 17:54:16.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/20 17:54:16.0390 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/20 17:54:16.0468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/20 17:54:16.0531 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/20 17:54:16.0578 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/01/20 17:54:16.0625 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/20 17:54:16.0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/01/20 17:54:16.0703 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/01/20 17:54:16.0750 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/20 17:54:16.0796 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/20 17:54:16.0828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/20 17:54:16.0875 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/01/20 17:54:16.0921 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/20 17:54:17.0015 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/20 17:54:17.0140 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/20 17:54:17.0281 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/01/20 17:54:17.0421 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/01/20 17:54:17.0750 IntcAzAudAddService (47c79f7e330cbb829934d00f64d55fc9) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/01/20 17:54:17.0859 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/20 17:54:17.0890 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/01/20 17:54:17.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/20 17:54:17.0968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/20 17:54:18.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/20 17:54:18.0125 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/20 17:54:18.0171 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/20 17:54:18.0203 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/20 17:54:18.0250 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/20 17:54:18.0281 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/20 17:54:18.0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/20 17:54:18.0375 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/20 17:54:18.0406 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

2011/01/20 17:54:18.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/20 17:54:18.0562 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/20 17:54:18.0593 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/20 17:54:18.0640 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/20 17:54:18.0671 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/20 17:54:18.0765 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/20 17:54:18.0828 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/20 17:54:18.0890 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/20 17:54:18.0937 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/20 17:54:18.0968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/20 17:54:19.0015 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/20 17:54:19.0140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/20 17:54:19.0171 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/01/20 17:54:19.0218 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/20 17:54:19.0265 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/01/20 17:54:19.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/20 17:54:19.0343 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/01/20 17:54:19.0390 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/20 17:54:19.0421 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/20 17:54:19.0468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/20 17:54:19.0500 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/20 17:54:19.0546 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/20 17:54:19.0578 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/20 17:54:19.0656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/20 17:54:19.0734 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/20 17:54:19.0812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/20 17:54:19.0843 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/20 17:54:19.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/20 17:54:19.0921 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys

2011/01/20 17:54:19.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/20 17:54:20.0000 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/20 17:54:20.0046 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/20 17:54:20.0109 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/20 17:54:20.0156 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/01/20 17:54:20.0437 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/20 17:54:20.0484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/01/20 17:54:20.0515 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/20 17:54:20.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/20 17:54:20.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/20 17:54:20.0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/20 17:54:20.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/20 17:54:20.0890 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/20 17:54:20.0937 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/20 17:54:20.0984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/20 17:54:21.0109 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/20 17:54:21.0203 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys

2011/01/20 17:54:21.0281 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/20 17:54:21.0343 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys

2011/01/20 17:54:21.0375 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/20 17:54:21.0453 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/01/20 17:54:21.0531 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/20 17:54:21.0578 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/20 17:54:21.0640 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/20 17:54:21.0687 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

2011/01/20 17:54:21.0812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/01/20 17:54:21.0843 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/20 17:54:21.0890 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/20 17:54:22.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/20 17:54:22.0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/20 17:54:22.0187 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/20 17:54:22.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/20 17:54:22.0265 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/20 17:54:22.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/20 17:54:22.0453 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/20 17:54:22.0515 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/20 17:54:22.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/20 17:54:22.0593 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/20 17:54:22.0640 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/20 17:54:22.0671 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/20 17:54:22.0718 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/01/20 17:54:22.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/20 17:54:22.0843 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/20 17:54:22.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/20 17:54:22.0968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/20 17:54:23.0078 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/01/20 17:54:23.0125 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/01/20 17:54:23.0171 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/20 17:54:23.0218 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/20 17:54:23.0890 ================================================================================

2011/01/20 17:54:23.0890 Scan finished

2011/01/20 17:54:23.0890 ================================================================================

[Mainard]

Let's reinstall VB6 Runtime.

To do this, please follow the link Here

Run the .exe and let me know the results please.

Thank you!

[piet12]

Hello Mainard,

Done!

Same result after a reboot.

Thanks again for your effort.

[piet12]

Hello Mainard,

What else can we try?

I hope you have still some idea's.

Thanks!

[Mainard]

Hello Piet12,

I have sent your data to the developers, in the meanwhile I have another test if you could please run it:

• Download MBRCheck to your desktop
  
• For Windows XP: Double click on MBRCheck.exe to run it.
  
• For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  
• It will show a black screen with some data on it
  
• Don't run any of the options!!!
  
• When it's done, Press Enter to close the program
  
• A file will called MBRCheck_ will appear on your desktop
  
• Please copy/paste into to your next reply
  

Thank you!

[piet12]

Hey Mainard,

Incredible the time and effort your putting in to this problem.

I really appreciate it.

Thanks!

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000002c

Kernel Drivers (total 108):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xF7A88000 \WINDOWS\system32\KDCOM.DLL

0xF7998000 \WINDOWS\system32\BOOTVID.dll

0xF7458000 ACPI.sys

0xF7A8A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7447000 pci.sys

0xF7588000 isapnp.sys

0xF799C000 compbatt.sys

0xF79A0000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xF7B50000 pciide.sys

0xF7808000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7598000 MountMgr.sys

0xF7428000 ftdisk.sys

0xF79A4000 ACPIEC.sys

0xF7B51000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

0xF7810000 PartMgr.sys

0xF75A8000 VolSnap.sys

0xF7410000 atapi.sys

0xF75B8000 disk.sys

0xF75C8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF73F0000 fltMgr.sys

0xF73DE000 sr.sys

0xF73C7000 KSecDD.sys

0xF73B4000 WudfPf.sys

0xF7327000 Ntfs.sys

0xF72FA000 NDIS.sys

0xF72E0000 Mup.sys

0xF7718000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF5F82000 \SystemRoot\system32\DRIVERS\igxpmp32.sys

0xF5F6E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF5F46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF5EAD000 \SystemRoot\system32\DRIVERS\RT2860.sys

0xF78C8000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xF5E89000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF78D0000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF7728000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF78D8000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF78E0000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7A58000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xF7A5C000 \SystemRoot\system32\DRIVERS\ASUSACPI.sys

0xF7CAB000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7738000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7A60000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF5E54000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF7768000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF7778000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF78F8000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF5E43000 \SystemRoot\system32\DRIVERS\psched.sys

0xF7788000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7900000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7908000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF7798000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7AA4000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF5E20000 \SystemRoot\system32\DRIVERS\ks.sys

0xF5DC2000 \SystemRoot\system32\DRIVERS\update.sys

0xF7A78000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF77A8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF6548000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7ACE000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xA951A000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xA94F6000 \SystemRoot\system32\drivers\portcls.sys

0xF7638000 \SystemRoot\system32\drivers\drmk.sys

0xF7ADE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7C0A000 \SystemRoot\System32\Drivers\Null.SYS

0xF7AE0000 \SystemRoot\System32\Drivers\Beep.SYS

0xF7938000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7940000 \SystemRoot\System32\drivers\vga.sys

0xF7AE2000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7AE4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF7948000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7950000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7A54000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xA949B000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xA9442000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xA941A000 \SystemRoot\system32\DRIVERS\netbt.sys

0xA93F4000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xA93D2000 \SystemRoot\System32\drivers\afd.sys

0xF7668000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF7678000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF7958000 \SystemRoot\System32\Drivers\StarOpen.SYS

0xA93A7000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xA9337000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF76A8000 \SystemRoot\System32\Drivers\Fips.SYS

0xF7978000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF7980000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF7A68000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF76D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF7A74000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xA92F7000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7AEA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF729C000 \SystemRoot\System32\drivers\Dxapi.sys

0xF7840000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7C89000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF024000 \SystemRoot\System32\igxpgd32.dll

0xBF012000 \SystemRoot\System32\igxprd32.dll

0xBF04F000 \SystemRoot\System32\igxpdv32.DLL

0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL

0xA91F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA903C000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xA8F47000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xA8DD8000 \SystemRoot\system32\DRIVERS\srv.sys

0xA8C0B000 \SystemRoot\system32\drivers\wdmaud.sys

0xA8D78000 \SystemRoot\system32\drivers\sysaudio.sys

0xA873C000 \SystemRoot\System32\Drivers\HTTP.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):

0 System Idle Process

4 System

444 C:\WINDOWS\system32\smss.exe

492 csrss.exe

516 C:\WINDOWS\system32\winlogon.exe

560 C:\WINDOWS\system32\services.exe

572 C:\WINDOWS\system32\lsass.exe

736 C:\WINDOWS\system32\svchost.exe

784 svchost.exe

824 C:\WINDOWS\system32\svchost.exe

864 C:\WINDOWS\system32\svchost.exe

912 svchost.exe

964 svchost.exe

1196 C:\WINDOWS\system32\spoolsv.exe

1276 svchost.exe

1352 C:\WINDOWS\system32\svchost.exe

1824 alg.exe

372 C:\WINDOWS\explorer.exe

400 C:\WINDOWS\system32\wscntfy.exe

468 C:\WINDOWS\system32\igfxtray.exe

488 C:\WINDOWS\system32\hkcmd.exe

536 D:\Program Files\EeePC\ACPI\AsTray.exe

848 C:\WINDOWS\system32\igfxsrvc.exe

948 D:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

1036 D:\Program Files\EeePC\ACPI\AsEPCMon.exe

1068 C:\WINDOWS\RTHDCPL.exe

1064 C:\WINDOWS\system32\igfxext.exe

1120 D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

1572 C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe

1592 C:\WINDOWS\system32\wuauclt.exe

1672 C:\Documents and Settings\Patty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

2980 C:\Documents and Settings\Patty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

3028 C:\Documents and Settings\Patty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

2792 wmiprvse.exe

3228 C:\Documents and Settings\Patty\Mijn documenten\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ASUS-PHISONSSD, Rev: TST2.04U

PhysicalDrive1 Model Number: ASUS-PHISONSSD, Rev: TST2.04P

Size Device Name MBR Status

--------------------------------------------

3 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

7 GB \\.\PhysicalDrive1 Unknown MBR code

SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

[Mainard]

Piet12,

Thank you very much for the log, I have sent all of your logs to the developers. Currently this issue is not able to be replicated on our systems. We are looking into any and all possible solutions to why your database is not loading.

Thank you very much for your continued patience!

[piet12]

Hello Mainard,

Thanks for all the work you have done for us.

A lot of you suggestions I have never done before.

So for me it was also very interesting.

I think the research for the developers will take some time.

What do you suggest?

Format C: for now?

Thanks again and best regards.

Piet.

[Mainard]

Piet12,

How are you compressing your files? It appears some portions of your C: is compressed, not all of them but some are compressed. Which options and drives did you specifically set to be compressed?

Thank you!

[piet12]

Hello Mainard,

I have had used eeepc shrink.

It's a asus solution for the small disk they used in the eeepc901xp design.

It really sucks to have only a 4G windows disk.

But for internet, email, and some little office work ........

The tool I am talking about yoy can find http://support.asus.com/faq/asus-faq.aspx?...SLanguage=en-us

An other thing I have set is "Station comprimeren om schijfruimte te besparen" in properties of C:

Something like: compress to save disk space.

Best regards.

[Mainard]

Piet12,

I tested with compression, still unable to replicate the issue. I am fresh out of new ideas to think of. It seems that your system is missing a vital file (deletion or corruption) and MBAM is unable to load.

It could be something within your system files that prevents MBAM from loading the database. I recommend to Please back up all vital data that is on the machine. Do a system restore, After OS installation Please install MBAM. Do not compress your C:\ until after MBAM has been installed.

Sorry I think it has come to that, thank you!

[piet12]

Thanks Mainard,

I wil do what you suggest.

But I need some time.

I want to thank you again for your effort en time.

Also thanks for this forum.

Best regards,

Piet.