Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Maleware + Audio Device Problem

  • Please log in to reply
1 reply to this topic

#1 Dr. Weird

Dr. Weird

  • Members
  • 20 posts
  • Local time:12:43 AM

Posted 05 July 2009 - 11:31 AM

I am running Windows XP Service Pack 3. I have used Malewarebytes' Anti-Maleware to remove some maleware but it keeps coming back right after removal. I have also lost use of my keyboard and audio device (Realtek AC'97 Audio for VIA). I have the keyboard working again after uninstalling the universal host controllers and restarting the system detected it for me. However, I tried to update drivers and uninstall device/drivers and still no sound. I get an error message that there is a problem with my sound device. When I check Realtek's properties in Device Manager, it says "driver has been enabled but has not been started".

Edit: This error message is listed for the following items found in Device Manager:
Microsoft WINMM WDM Audio Compatibility Driver - Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
- Microsoft Kernel Audio Splitter
- Microsoft Kernel GS Wavetable Synthesizer
- Network Adapters: Direct Parallel
- Ports (COM & LPT): Communications Port (COM1)
- System Devices: Microcode Update Device
- Universal Serial Bus controllers: VIA USB Enhanced Host Controller

[Plug and Play Software Enumerator was also corrupted but I just managed to fix that and uninstalled Microsoft WINMM WDM Audio Compatibility Driver hoping that it would reinstall on reboot (a suggestion from another site). It did not. Instead I got Code 39s for the 2 Microsoft Kernel items listed above.]

Here is my latest Malewarebytes' log:

Malwarebytes' Anti-Malware 1.38
Database version: 2376
Windows 5.1.2600 Service Pack 3

7/5/2009 12:08:09 PM
mbam-log-2009-07-05 (12-08-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 128271
Time elapsed: 18 minute(s), 11 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Edited by Dr. Weird, 06 July 2009 - 12:25 AM.

BC AdBot (Login to Remove)


#2 Zllio


  • Members
  • 1,107 posts
  • Local time:12:43 AM

Posted 09 July 2009 - 05:59 AM

Hi Dr Weird,

sorry you've had to wait so long. We can try a couple of things, but stubborn malware often requires removal tools which we can't use in this forum. If the following doesn't give more information, I'll send you off to the HJT forum. Please do the following:

Step 1: ATF Cleaner

If you're running XP, please run ATF cleaner according to the following instructions. If you're using Vista, right-click on the icon and select "run as Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Step 2: Next I would like for you to run an online scan called Kaspersky Online Scanner

To run this scan, your Java needs to be up-to-date, you may need to install additional plug-ins, and you will need to disable any antivirus program you have running. Here is a link that will help you determine how to disable your particular antivirus program:

How to Temporarily Disable your Anti-virus, Firewall and Anti-Malware Programs

To start the online scan, click on the magnifying glass and then on accept.
A database will be installed on your computer
Then run the full scan
Copy the report into your next post.

Step 3: Please post the logs or reports for the following:Kaspersky Online Scan
How did this go?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users