Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IEXPLORE.EXE and post XP defender virus problem.


  • This topic is locked This topic is locked
23 replies to this topic

#1 Haggar

Haggar

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 08 August 2010 - 03:29 PM

Hello, I'm Haggar's brother and using his account to help fix our mom's computer.

If I put this in the wrong area, my appologies. Please move it to the proper board, and once again, sorry!

Recently our house hold got hit by the Xp defender virus, and though we got it removed from her computer, it still has slow downs and issues. The computer has multiple user logins, but we are using our side, the one which is most stable and least used. Our mother's side is very unstable, having sound driver crashes, major slow downs, Internet Explorer opening mulitiple windows or frequently crashing among other things. We are doing a scan of our side first in order to see if there might be something over here on the less used side first before we move onto hers. Both sides have admin status ( I believe, since sometimes I had to tweek stuff on this side) so everything should be in order. If anything further is needed, just give me the info ;)
Thanks!
-Haggar's Brother

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:45 PM

Posted 16 August 2010 - 02:42 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 21 August 2010 - 10:56 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 23 August 2010 - 06:51 PM

Re-opened per the users request.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Haggar

Haggar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 24 August 2010 - 02:35 PM

Hi there, Haggar's brother again.
Okay, I ran the scans yesterday, of this date, and got everything saved from both GMER and DDS, which I'm attaching to this post in update.
As far as problems, as I stated in the first post, we had problems with the av security suite virus, but we got it fixed, to my knowledge. In term sof other problems is that there are serious slowdown issues on her side of the computer (less so on the other 2 user's accounts), to the point were the computer will be loading the close out of explorer windows for well over 3 minutes, before it slowly dissolves off screen and closes. SVhost is giving out huge memory use. Her sound constantly crashes, saying no drivers are installed, even before I close out SVhost, which prior would crash the sound. The onboard ethernet plug also was having issues with power or processing, as it wasnt giving any connection and only seeming to power up when the computer was off, turning its self when the computer was active. Overall, I dont know of what the exact problems are, but hopefully you can find something. sad.gif

Thanks!

Attached Files



#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 24 August 2010 - 08:37 PM

Hi,

Please copy and post the rest of the logs directly into your reply.

===========

Do you have a Windows XP disc to repair some damaged files?

===========

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy

==========

Download and Run ComboFix (by sUBs)

Link 1
Link 2

Save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Please download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (With Vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • A log named MBRcheck will be on your desktop
  • Copy and paste that log in your next reply

==========

With your next post please provide:

* Answer to question
* Combofix.txt
* MbrCheck log
* How is your computer running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 26 August 2010 - 06:43 PM

Are you still there? Do you still desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 Haggar

Haggar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 26 August 2010 - 08:12 PM

Sorry for the slow replies, its been a busy week sad.gif Kids going back to school, job hunts etc :x
I will do the prescribed steps above as soon as I can. The computer is currently tied up at the moment and given the hour that I'm typing this post the computer would be shut down before any of the scans would be finished (as people sleep in the room with the computer.) I will run the scans tomorrow morning and then run combo fix when return. I will edit this post with the results. I will also post the logs in the post themselves on future reference ;)
Sorry for the delays!
-Haggar's Brother

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 26 August 2010 - 09:53 PM

Please do not edit posts. I do not receive a notification of your reply if you edit an existing post. Please post anew.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 Haggar

Haggar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 27 August 2010 - 05:18 PM

Hey, its me again. Sorry, just double posting goes against everything I've learned from forums whistling.gif

Yes, we do have a copy of Windows available to fix/restore/format. Sorry I forgot to answer.

Anyways, turned off TeaTimer and Avast!, ran combofix, which I will attach
Also have the MBR Check report below.

The computer is running a bit faster, but is still slow, a bit noisy and the sound driver crashed again.

Sorry if I've been difficult. Its been pretty busy lately and losing train of thought tends to make me forget things. Regardless, thank you for your time and help thumbup.gif

-Haggar's brother

MBRCheck
=====================

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 140):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF89E0000 \WINDOWS\system32\KDCOM.DLL
0xF88F0000 \WINDOWS\system32\BOOTVID.dll
0xF8491000 ACPI.sys
0xF89E2000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8480000 pci.sys
0xF84E0000 isapnp.sys
0xF8AA8000 pciide.sys
0xF8760000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF84F0000 MountMgr.sys
0xF8461000 ftdisk.sys
0xF89E4000 dmload.sys
0xF843B000 dmio.sys
0xF8768000 PartMgr.sys
0xF8500000 VolSnap.sys
0xF8423000 atapi.sys
0xF8510000 disk.sys
0xF8520000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8403000 fltmgr.sys
0xF83F1000 sr.sys
0xF8530000 PxHelp20.sys
0xF83DA000 KSecDD.sys
0xF83C7000 WudfPf.sys
0xF833A000 Ntfs.sys
0xF830D000 NDIS.sys
0xF8540000 Combo-Fix.sys
0xF82F3000 Mup.sys
0xF8740000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7D7C000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7D68000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8820000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7D44000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8828000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7D10000 \SystemRoot\System32\DRIVERS\HSFHWBS2.sys
0xF7CED000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7BEE000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
0xF7B47000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF8830000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7B23000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8750000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8838000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8840000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8560000 \SystemRoot\System32\DRIVERS\serial.sys
0xF89B4000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7B0F000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8570000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8580000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7A79000 \SystemRoot\system32\drivers\smwdm.sys
0xF7A55000 \SystemRoot\system32\drivers\portcls.sys
0xF85A0000 \SystemRoot\system32\drivers\drmk.sys
0xF7A3D000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8B1F000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8610000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF89BC000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF79C9000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8620000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8630000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8850000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF79B8000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8640000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8858000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8860000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF796E000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8660000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8868000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8A1A000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7870000 \SystemRoot\System32\DRIVERS\update.sys
0xF89D8000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8670000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8690000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A22000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8878000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8970000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8A2A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8BD6000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A2C000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8888000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8890000 \SystemRoot\System32\drivers\vga.sys
0xF8A2E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A30000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8898000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8978000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEE5E7000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEE58E000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF86E0000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xEE566000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEE544000 \SystemRoot\System32\drivers\afd.sys
0xF86F0000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEE479000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEE409000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8720000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE3E3000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8730000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xEE394000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF88B0000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF89A0000 \SystemRoot\system32\DRIVERS\pelusblf.sys
0xF89A4000 \SystemRoot\system32\DRIVERS\pelmouse.sys
0xF89B0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF85B0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF786C000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF85C0000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xF785C000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xF88B8000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF85E0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE354000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A50000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEE70C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88E8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B5F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEE714000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEE230000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEE095000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xEDE10000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xEE4A4000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys
0xF8A48000 \??\C:\WINDOWS\system32\drivers\ds1410d.sys
0xEDCB1000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xEDC8D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDF7D000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xEDC0E000 \SystemRoot\System32\DRIVERS\srv.sys
0xEDE45000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xF8A54000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
0xEDEA5000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xF87D8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xED7C1000 \SystemRoot\system32\drivers\wdmaud.sys
0xEDD30000 \SystemRoot\system32\drivers\sysaudio.sys
0xED40A000 \SystemRoot\System32\Drivers\HTTP.sys
0xF87E8000 \??\C:\DOCUME~1\Arlene\LOCALS~1\Temp\mbr.sys
0xED10F000 \SystemRoot\system32\drivers\kmixer.sys
0xF8808000 \??\C:\ComboFix\catchme.sys
0xF8A84000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
652 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
732 C:\WINDOWS\system32\lsass.exe
892 C:\WINDOWS\system32\svchost.exe
956 svchost.exe
1052 C:\WINDOWS\system32\svchost.exe
1084 C:\WINDOWS\system32\svchost.exe
1268 svchost.exe
1340 svchost.exe
1472 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1744 C:\WINDOWS\system32\LEXBCES.EXE
1768 C:\WINDOWS\system32\spoolsv.exe
1816 C:\WINDOWS\system32\LEXPPS.EXE
1944 svchost.exe
252 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
320 C:\WINDOWS\system32\srvany.exe
392 C:\pvsw\bin\w3dbsmgr.exe
436 C:\WINDOWS\system32\snmp.exe
492 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
556 C:\WINDOWS\system32\svchost.exe
2544 alg.exe
3992 C:\WINDOWS\system32\ico.exe
4076 C:\WINDOWS\system32\hkcmd.exe
4084 C:\WINDOWS\system32\igfxpers.exe
200 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
236 C:\Program Files\Java\jre6\bin\jusched.exe
1792 C:\WINDOWS\system32\PELMICED.EXE
2244 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3476 C:\WINDOWS\explorer.exe
3648 C:\Program Files\Opera\opera.exe
3880 C:\Documents and Settings\Arlene\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD400BB-08JHC0, Rev: 06.01C06

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 233E67FF621C8B60F9040C973E04BEF47EE7914E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!






Combofix


ComboFix 10-08-27.01 - Arlene 08/27/2010 16:41:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.229 [GMT -5:00]
Running from: c:\documents and settings\Arlene\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Arlene\Favorites\Thumbs.db
c:\documents and settings\Christopher\Application Data\.#
c:\windows\system32\pwdmon.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PODMENA
-------\Legacy_PODMENADRV


((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.

2010-08-27 04:18 . 2010-08-27 04:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-23 22:39 . 2010-08-23 22:39 -------- d-sh--w- c:\documents and settings\Ed\PrivacIE
2010-08-23 22:38 . 2010-08-23 22:38 -------- d-sh--w- c:\documents and settings\Ed\IETldCache
2010-08-13 16:47 . 2010-08-13 16:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-01 20:11 . 2010-08-01 20:11 -------- d-sh--w- c:\documents and settings\Christopher\PrivacIE
2010-07-30 01:15 . 2010-07-30 01:15 -------- d-sh--w- c:\documents and settings\Christopher\IETldCache
2010-07-28 23:12 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-28 23:12 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-28 23:12 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-28 23:12 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-28 23:12 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-28 23:12 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-28 23:12 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-28 23:12 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-28 23:11 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-28 23:11 . 2010-07-28 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 21:22 . 2009-02-26 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-27 04:27 . 2006-06-15 20:42 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-08-17 20:10 . 2007-10-17 03:07 -------- d-----w- c:\documents and settings\Christopher\Application Data\U3
2010-08-15 01:31 . 2009-09-05 18:59 -------- d-----w- c:\documents and settings\Christopher\Application Data\.minecraft
2010-08-15 01:30 . 2010-07-04 17:15 65024 ----a-w- c:\documents and settings\Christopher\Application Data\.minecraft\bin\natives\jinput-dx8_64.dll
2010-08-15 01:30 . 2010-07-04 17:15 62464 ----a-w- c:\documents and settings\Christopher\Application Data\.minecraft\bin\natives\jinput-raw_64.dll
2010-08-15 01:30 . 2010-07-04 17:15 59392 ----a-w- c:\documents and settings\Christopher\Application Data\.minecraft\bin\natives\jinput-raw.dll
2010-08-15 01:30 . 2010-07-04 17:15 273920 ----a-w- c:\documents and settings\Christopher\Application Data\.minecraft\bin\natives\lwjgl64.dll
2010-08-15 01:30 . 2010-07-04 17:15 195072 ----a-w- c:\documents and settings\Christopher\Application Data\.minecraft\bin\natives\OpenAL64.dll
2010-08-15 01:30 . 2010-07-04 17:15 193024 ----a-w- c:\documents and settings\Christopher\Application Data\.minecraft\bin\natives\lwjgl.dll
2010-08-15 01:30 . 2010-07-04 17:15 108032 ----a-w- c:\documents and settings\Christopher\Application Data\.minecraft\bin\natives\OpenAL32.dll
2010-08-15 01:30 . 2010-07-04 17:15 61952 ----a-w- c:\documents and settings\Christopher\Application Data\.minecraft\bin\natives\jinput-dx8.dll
2010-08-05 00:50 . 2007-06-26 19:05 -------- d-----w- c:\program files\Winamp
2010-08-05 00:49 . 2009-11-22 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-05 00:47 . 2007-03-29 02:42 -------- d-----w- c:\program files\Google
2010-08-05 00:46 . 2010-05-18 22:20 -------- d-----w- c:\program files\CCleaner
2010-07-28 23:11 . 2009-02-26 21:51 -------- d-----w- c:\program files\Alwil Software
2010-07-25 17:10 . 2009-06-09 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-23 22:23 . 2010-07-23 22:23 -------- d-----w- c:\program files\LEGO Company
2010-06-30 23:24 . 2007-06-27 20:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-30 12:31 . 1980-01-01 07:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 1980-01-01 07:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:19 . 2010-06-24 02:19 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb79.tmp.exe
2010-06-23 13:44 . 1980-01-01 07:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1980-01-01 07:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 1980-01-01 07:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2003-02-19 20:25 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 1980-01-01 07:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2003-09-30 36864]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-17 98304]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Arlene\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-3-3 113664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
backup=c:\windows\pss\CallWave.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBMPRC]
2004-03-19 19:12 90112 -c--a-w- c:\ibmtools\utils\ibmprc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 23:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeachtreePrefetcher.exe]
2007-05-16 17:12 32768 -c--a-r- c:\progra~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-11-17 17:51 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"npkcmsvc"=2 (0x2)
"MDM"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IBM Rapid Restore Ultra Service"=2 (0x2)
"C-DillaCdaC11BA"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\ucsmb.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\Christopher\\My Documents\\oC11b72rv1.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
"25777:UDP"= 25777:UDP:xfire

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/28/2010 6:12 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/28/2010 6:12 PM 17744]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [8/12/2007 12:44 PM 13864]
S1 aiptektp;Pen Pad;c:\windows\system32\DRIVERS\aiptektp.sys --> c:\windows\system32\DRIVERS\aiptektp.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/11/2010 12:23 AM 136176]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 05:23]

2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 05:23]

2005-11-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-27 01:38]

2010-08-27 c:\windows\Tasks\User_Feed_Synchronization-{CCEF9CB8-B5C2-4864-B867-F9323B016548}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Arlene\Application Data\Mozilla\Firefox\Profiles\m4mrkt7s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGraalPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UC_SMB - (no file)
MSConfigStartUp-AIM - c:\program files\AIM\aim.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
AddRemove-GLOBEtrotter FLEXid Drivers - c:\program files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 17:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\pvsw\bin\w3dbsmgr.exe
c:\windows\System32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\Pelmiced.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-27 17:09:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-27 22:09

Pre-Run: 6,904,643,584 bytes free
Post-Run: 7,219,392,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 32849199A4D02F9F9DB1992572C603AF

Attached Files



#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 27 August 2010 - 08:16 PM

This next please...

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

=========

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

==========
  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start.
  3. Pay attention it flashes fast
  4. Use the up and down arrow key to select Microsoft Windows Recovery Console
  5. You must enter which Windows installation to log onto. Type 1 and press enter.
  6. At the C:\Windows prompt, type the following green bolded text, and press Enter:


    fixmbr

  7. At the next prompt type the following bolded text, and press Enter:


    exit
Windows will now begin loading

==========

Right click and delete the MbrCheck log from your desktop

Rerun MbrCheck and post the log.

==========

With your next post please provide:

* TDSSKiller log
* MbrCheck log
* How is your computer running? What problems remain?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 Haggar

Haggar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 29 August 2010 - 11:29 AM

Okay, I cleaned up the computer and ran TDSSkiller. TDSS killer found nothing, and when I did restart the computer, nothing came up, it just went straight to windows. The computer is still running better than a few days ago, but its still not loading the sound drivers. It might be because of some sort of damaged windows component or something. Thats my guess at least wacko.gif
Thanks again for the help!
-Haggar's brother




TDSSKiller log
=========================

2010/08/29 11:17:01.0000 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/29 11:17:01.0000 ================================================================================
2010/08/29 11:17:01.0000 SystemInfo:
2010/08/29 11:17:01.0000
2010/08/29 11:17:01.0000 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/29 11:17:01.0000 Product type: Workstation
2010/08/29 11:17:01.0000 ComputerName: IBM-4AF87065029
2010/08/29 11:17:01.0000 UserName: Arlene
2010/08/29 11:17:01.0000 Windows directory: C:\WINDOWS
2010/08/29 11:17:01.0000 System windows directory: C:\WINDOWS
2010/08/29 11:17:01.0000 Processor architecture: Intel x86
2010/08/29 11:17:01.0000 Number of processors: 1
2010/08/29 11:17:01.0000 Page size: 0x1000
2010/08/29 11:17:01.0000 Boot type: Normal boot
2010/08/29 11:17:01.0000 ================================================================================
2010/08/29 11:17:01.0500 Initialize success
2010/08/29 11:17:13.0234 ================================================================================
2010/08/29 11:17:13.0234 Scan started
2010/08/29 11:17:13.0234 Mode: Manual;
2010/08/29 11:17:13.0234 ================================================================================
2010/08/29 11:17:13.0890 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/08/29 11:17:14.0093 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/08/29 11:17:14.0187 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/08/29 11:17:14.0281 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/29 11:17:14.0406 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/29 11:17:14.0515 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/08/29 11:17:14.0578 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/29 11:17:14.0718 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/29 11:17:14.0828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/29 11:17:14.0921 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2010/08/29 11:17:14.0984 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/08/29 11:17:15.0093 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/08/29 11:17:15.0187 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/08/29 11:17:15.0296 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/08/29 11:17:15.0515 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/08/29 11:17:15.0593 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/08/29 11:17:15.0687 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/08/29 11:17:15.0765 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/08/29 11:17:15.0843 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/08/29 11:17:15.0937 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/08/29 11:17:16.0031 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/08/29 11:17:16.0156 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/08/29 11:17:16.0265 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/08/29 11:17:16.0375 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/08/29 11:17:16.0453 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/08/29 11:17:16.0562 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/08/29 11:17:16.0625 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/29 11:17:16.0734 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/29 11:17:16.0937 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/29 11:17:17.0031 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/29 11:17:17.0156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/29 11:17:17.0359 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/08/29 11:17:17.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/29 11:17:17.0531 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/29 11:17:17.0640 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/08/29 11:17:17.0734 CdaC15BA (c4dfe77bd5977335d54aedd21cd9e6a9) C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2010/08/29 11:17:17.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/29 11:17:17.0921 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/29 11:17:18.0031 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/29 11:17:18.0187 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/08/29 11:17:18.0312 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/08/29 11:17:18.0484 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/08/29 11:17:18.0546 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/08/29 11:17:18.0703 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/29 11:17:18.0796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/29 11:17:18.0937 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/29 11:17:19.0000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/29 11:17:19.0109 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/29 11:17:19.0265 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/08/29 11:17:19.0328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/29 11:17:19.0453 DS1410D (1a51e03b66635280684e9edf34a2e8c0) C:\WINDOWS\system32\drivers\ds1410d.sys
2010/08/29 11:17:19.0546 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/29 11:17:19.0812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/29 11:17:19.0890 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/29 11:17:20.0000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/29 11:17:20.0078 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/29 11:17:20.0234 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/29 11:17:20.0375 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/29 11:17:20.0437 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/29 11:17:20.0531 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/29 11:17:20.0640 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/08/29 11:17:20.0750 hardlock (c818b973110a1c9f7763dd39bffd0fd3) C:\WINDOWS\system32\drivers\hardlock.sys
2010/08/29 11:17:20.0890 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2010/08/29 11:17:20.0984 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/29 11:17:21.0156 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/08/29 11:17:21.0265 HSFHWBS2 (0ede148eed2a4e212dad6ef29b73fc0b) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/08/29 11:17:21.0390 HSF_DP (d9eb0b254da1a80ebe607cdac8c38e5d) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/08/29 11:17:21.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/29 11:17:21.0671 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/29 11:17:21.0750 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/08/29 11:17:21.0843 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/29 11:17:21.0968 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/29 11:17:22.0171 ibmfilter (4dc41ab5aa3f96fa7f01587dd9ccf467) C:\WINDOWS\system32\drivers\ibmfilter.sys
2010/08/29 11:17:22.0343 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/29 11:17:22.0421 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/08/29 11:17:22.0546 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/08/29 11:17:22.0656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/29 11:17:22.0812 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/29 11:17:22.0921 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/29 11:17:23.0000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/29 11:17:23.0109 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/29 11:17:23.0187 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/29 11:17:23.0281 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/29 11:17:23.0343 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/29 11:17:23.0468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/29 11:17:23.0546 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/29 11:17:23.0640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/29 11:17:23.0734 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/29 11:17:23.0953 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/08/29 11:17:24.0125 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/08/29 11:17:24.0281 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/08/29 11:17:24.0437 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/29 11:17:24.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/29 11:17:24.0625 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/29 11:17:24.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/29 11:17:24.0812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/29 11:17:24.0921 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/29 11:17:25.0046 MR97310_USB_DUAL_CAMERA (d2edba04df4d3e428e1e5dbd217e242a) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
2010/08/29 11:17:25.0156 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/08/29 11:17:25.0250 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/29 11:17:25.0359 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/29 11:17:25.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/29 11:17:25.0562 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/29 11:17:25.0687 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/29 11:17:25.0765 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/29 11:17:25.0875 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/29 11:17:25.0953 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/29 11:17:26.0046 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/29 11:17:26.0125 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/29 11:17:26.0265 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/29 11:17:26.0375 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/29 11:17:26.0437 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/29 11:17:26.0562 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/29 11:17:26.0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/29 11:17:26.0718 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/29 11:17:26.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/29 11:17:26.0921 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/29 11:17:27.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/29 11:17:27.0218 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/29 11:17:27.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/29 11:17:27.0484 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/29 11:17:27.0671 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/29 11:17:27.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/29 11:17:27.0859 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/29 11:17:27.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/29 11:17:28.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/29 11:17:28.0156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/29 11:17:28.0437 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/29 11:17:28.0546 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/29 11:17:28.0781 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2010/08/29 11:17:28.0859 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2010/08/29 11:17:28.0968 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2010/08/29 11:17:29.0062 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/08/29 11:17:29.0156 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/08/29 11:17:29.0359 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2010/08/29 11:17:29.0546 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS
2010/08/29 11:17:29.0656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/29 11:17:29.0734 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/29 11:17:29.0859 psadd (dc23b0d9a0282cb0d8281dbda431ac14) C:\WINDOWS\system32\Drivers\psadd.sys
2010/08/29 11:17:29.0968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/29 11:17:30.0062 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/29 11:17:30.0171 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/08/29 11:17:30.0296 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/08/29 11:17:30.0375 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/08/29 11:17:30.0484 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/08/29 11:17:30.0578 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/08/29 11:17:30.0687 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/08/29 11:17:30.0781 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/29 11:17:30.0890 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/29 11:17:30.0984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/29 11:17:31.0078 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/29 11:17:31.0187 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/29 11:17:31.0265 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/29 11:17:31.0390 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/29 11:17:31.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/29 11:17:31.0671 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/29 11:17:31.0984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/29 11:17:32.0093 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/29 11:17:32.0187 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/29 11:17:32.0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/29 11:17:32.0515 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/08/29 11:17:32.0593 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/29 11:17:32.0703 smwdm (f41896d591106713649b7eba668324e6) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/29 11:17:32.0859 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/08/29 11:17:32.0937 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/29 11:17:33.0062 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/29 11:17:33.0187 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/29 11:17:33.0312 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/29 11:17:33.0421 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/29 11:17:33.0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/29 11:17:33.0687 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/08/29 11:17:33.0796 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/08/29 11:17:33.0859 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/08/29 11:17:33.0968 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/08/29 11:17:34.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/29 11:17:34.0187 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/29 11:17:34.0343 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/29 11:17:34.0406 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/29 11:17:34.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/29 11:17:34.0640 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/08/29 11:17:34.0750 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/29 11:17:34.0859 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/08/29 11:17:34.0968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/29 11:17:35.0156 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/29 11:17:35.0250 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/29 11:17:35.0359 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/29 11:17:35.0453 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/29 11:17:35.0546 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/29 11:17:35.0656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/29 11:17:35.0750 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/29 11:17:35.0859 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/29 11:17:35.0984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/29 11:17:36.0140 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/08/29 11:17:36.0234 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/08/29 11:17:36.0312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/29 11:17:36.0468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/29 11:17:36.0531 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/08/29 11:17:36.0671 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/29 11:17:36.0843 winachsf (80b61587281fc516842c9c1c827fb148) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/29 11:17:37.0046 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/29 11:17:37.0187 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/29 11:17:37.0296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/29 11:17:37.0390 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/29 11:17:37.0531 {6080A529-897E-4629-A488-ABA0C29B635E} (5ff57eedf48f189859d6e9bf81e297c5) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/08/29 11:17:37.0625 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (c2eb14d84069443437f1b3b856bcb665) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/08/29 11:17:37.0656 ================================================================================
2010/08/29 11:17:37.0671 Scan finished
2010/08/29 11:17:37.0671 ================================================================================
2010/08/29 11:17:46.0640 ================================================================================
2010/08/29 11:17:46.0640 Scan started
2010/08/29 11:17:46.0640 Mode: Manual;
2010/08/29 11:17:46.0640 ================================================================================
2010/08/29 11:17:47.0015 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/08/29 11:17:47.0171 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/08/29 11:17:47.0265 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/08/29 11:17:47.0375 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/29 11:17:47.0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/29 11:17:47.0562 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/08/29 11:17:47.0671 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/29 11:17:47.0750 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/29 11:17:47.0875 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/29 11:17:47.0984 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2010/08/29 11:17:48.0031 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/08/29 11:17:48.0140 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/08/29 11:17:48.0203 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/08/29 11:17:48.0296 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/08/29 11:17:48.0468 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/08/29 11:17:48.0546 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/08/29 11:17:48.0625 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/08/29 11:17:48.0718 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/08/29 11:17:48.0843 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/08/29 11:17:48.0906 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/08/29 11:17:49.0000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/08/29 11:17:49.0125 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/08/29 11:17:49.0187 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/08/29 11:17:49.0281 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/08/29 11:17:49.0343 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/08/29 11:17:49.0468 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/08/29 11:17:49.0546 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/29 11:17:49.0656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/29 11:17:49.0796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/29 11:17:49.0906 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/29 11:17:50.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/29 11:17:50.0140 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/08/29 11:17:50.0203 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/29 11:17:50.0296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/29 11:17:50.0390 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/08/29 11:17:50.0484 CdaC15BA (c4dfe77bd5977335d54aedd21cd9e6a9) C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2010/08/29 11:17:50.0593 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/29 11:17:50.0687 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/29 11:17:50.0796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/29 11:17:50.0984 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/08/29 11:17:51.0109 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/08/29 11:17:51.0171 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/08/29 11:17:51.0296 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/08/29 11:17:51.0375 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/29 11:17:51.0515 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/29 11:17:51.0640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/29 11:17:51.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/29 11:17:51.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/29 11:17:51.0921 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/08/29 11:17:51.0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/29 11:17:52.0093 DS1410D (1a51e03b66635280684e9edf34a2e8c0) C:\WINDOWS\system32\drivers\ds1410d.sys
2010/08/29 11:17:52.0218 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/29 11:17:52.0390 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/29 11:17:52.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/29 11:17:52.0578 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/29 11:17:52.0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/29 11:17:52.0750 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/29 11:17:52.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/29 11:17:52.0984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/29 11:17:53.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/29 11:17:53.0171 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/08/29 11:17:53.0296 hardlock (c818b973110a1c9f7763dd39bffd0fd3) C:\WINDOWS\system32\drivers\hardlock.sys
2010/08/29 11:17:53.0421 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2010/08/29 11:17:53.0515 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/29 11:17:53.0640 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/08/29 11:17:53.0718 HSFHWBS2 (0ede148eed2a4e212dad6ef29b73fc0b) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/08/29 11:17:53.0843 HSF_DP (d9eb0b254da1a80ebe607cdac8c38e5d) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/08/29 11:17:53.0984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/29 11:17:54.0093 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/29 11:17:54.0156 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/08/29 11:17:54.0250 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/29 11:17:54.0390 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/29 11:17:54.0468 ibmfilter (4dc41ab5aa3f96fa7f01587dd9ccf467) C:\WINDOWS\system32\drivers\ibmfilter.sys
2010/08/29 11:17:54.0593 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/29 11:17:54.0703 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/08/29 11:17:54.0812 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/08/29 11:17:54.0875 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/29 11:17:54.0968 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/29 11:17:55.0062 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/29 11:17:55.0156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/29 11:17:55.0218 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/29 11:17:55.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/29 11:17:55.0406 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/29 11:17:55.0515 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/29 11:17:55.0625 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/29 11:17:55.0750 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/29 11:17:55.0843 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/29 11:17:55.0937 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/29 11:17:56.0140 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/08/29 11:17:56.0281 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/08/29 11:17:56.0390 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/08/29 11:17:56.0500 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/29 11:17:56.0593 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/29 11:17:56.0703 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/29 11:17:56.0781 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/29 11:17:56.0890 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/29 11:17:56.0984 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/29 11:17:57.0062 MR97310_USB_DUAL_CAMERA (d2edba04df4d3e428e1e5dbd217e242a) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
2010/08/29 11:17:57.0156 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/08/29 11:17:57.0265 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/29 11:17:57.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/29 11:17:57.0515 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/29 11:17:57.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/29 11:17:57.0687 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/29 11:17:57.0750 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/29 11:17:57.0859 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/29 11:17:57.0953 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/29 11:17:58.0046 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/29 11:17:58.0171 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/29 11:17:58.0250 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/29 11:17:58.0343 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/29 11:17:58.0406 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/29 11:17:58.0500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/29 11:17:58.0578 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/29 11:17:58.0687 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/29 11:17:58.0750 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/29 11:17:58.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/29 11:17:58.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/29 11:17:59.0078 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/29 11:17:59.0203 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/29 11:17:59.0328 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/29 11:17:59.0437 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/29 11:17:59.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/29 11:17:59.0625 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/29 11:17:59.0703 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/29 11:17:59.0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/29 11:17:59.0875 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/29 11:18:00.0031 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/29 11:18:00.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/29 11:18:00.0468 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2010/08/29 11:18:00.0578 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2010/08/29 11:18:00.0640 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2010/08/29 11:18:00.0750 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/08/29 11:18:00.0812 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/08/29 11:18:01.0015 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2010/08/29 11:18:01.0109 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS
2010/08/29 11:18:01.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/29 11:18:01.0265 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/29 11:18:01.0375 psadd (dc23b0d9a0282cb0d8281dbda431ac14) C:\WINDOWS\system32\Drivers\psadd.sys
2010/08/29 11:18:01.0468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/29 11:18:01.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/29 11:18:01.0640 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/08/29 11:18:01.0734 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/08/29 11:18:01.0843 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/08/29 11:18:01.0921 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/08/29 11:18:02.0015 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/08/29 11:18:02.0109 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/08/29 11:18:02.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/29 11:18:02.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/29 11:18:02.0406 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/29 11:18:02.0515 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/29 11:18:02.0625 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/29 11:18:02.0703 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/29 11:18:02.0812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/29 11:18:02.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/29 11:18:03.0078 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/29 11:18:03.0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/29 11:18:03.0453 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/29 11:18:03.0515 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/29 11:18:03.0656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/29 11:18:03.0812 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/08/29 11:18:03.0890 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/29 11:18:04.0000 smwdm (f41896d591106713649b7eba668324e6) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/29 11:18:04.0125 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/08/29 11:18:04.0203 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/29 11:18:04.0328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/29 11:18:04.0421 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/29 11:18:04.0546 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/29 11:18:04.0609 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/29 11:18:04.0734 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/29 11:18:04.0843 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/08/29 11:18:04.0937 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/08/29 11:18:05.0046 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/08/29 11:18:05.0109 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/08/29 11:18:05.0234 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/29 11:18:05.0328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/29 11:18:05.0421 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/29 11:18:05.0484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/29 11:18:05.0593 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/29 11:18:05.0687 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/08/29 11:18:05.0812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/29 11:18:05.0921 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/08/29 11:18:06.0015 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/29 11:18:06.0156 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/29 11:18:06.0218 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/29 11:18:06.0343 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/29 11:18:06.0453 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/29 11:18:06.0562 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/29 11:18:06.0640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/29 11:18:06.0734 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/29 11:18:06.0828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/29 11:18:06.0937 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/29 11:18:07.0031 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/08/29 11:18:07.0109 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/08/29 11:18:07.0218 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/29 11:18:07.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/29 11:18:07.0421 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/08/29 11:18:07.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/29 11:18:07.0703 winachsf (80b61587281fc516842c9c1c827fb148) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/29 11:18:07.0906 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/29 11:18:07.0984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/29 11:18:08.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/29 11:18:08.0187 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/29 11:18:08.0312 {6080A529-897E-4629-A488-ABA0C29B635E} (5ff57eedf48f189859d6e9bf81e297c5) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/08/29 11:18:08.0421 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (c2eb14d84069443437f1b3b856bcb665) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/08/29 11:18:08.0453 ================================================================================
2010/08/29 11:18:08.0453 Scan finished
2010/08/29 11:18:08.0453 ================================================================================
2010/08/29 11:18:10.0968 Deinitialize success



MBRCHECK
============================
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF89C2000 \WINDOWS\system32\KDCOM.DLL
0xF88D2000 \WINDOWS\system32\BOOTVID.dll
0xF8473000 ACPI.sys
0xF89C4000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8462000 pci.sys
0xF84C2000 isapnp.sys
0xF8A8A000 pciide.sys
0xF8742000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF84D2000 MountMgr.sys
0xF8443000 ftdisk.sys
0xF89C6000 dmload.sys
0xF841D000 dmio.sys
0xF874A000 PartMgr.sys
0xF84E2000 VolSnap.sys
0xF8405000 atapi.sys
0xF84F2000 disk.sys
0xF8502000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF83E5000 fltmgr.sys
0xF83D3000 sr.sys
0xF8512000 PxHelp20.sys
0xF83BC000 KSecDD.sys
0xF83A9000 WudfPf.sys
0xF831C000 Ntfs.sys
0xF82EF000 NDIS.sys
0xF82D5000 Mup.sys
0xF86D2000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF8102000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF80EE000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF87F2000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF80CA000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF87FA000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF8096000 \SystemRoot\System32\DRIVERS\HSFHWBS2.sys
0xF8073000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7F74000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
0xF7ECD000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF8802000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7EA9000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF86E2000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF880A000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8812000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF86F2000 \SystemRoot\System32\DRIVERS\serial.sys
0xF898A000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7E95000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8702000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8712000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7DFF000 \SystemRoot\system32\drivers\smwdm.sys
0xF7DDB000 \SystemRoot\system32\drivers\portcls.sys
0xF8732000 \SystemRoot\system32\drivers\drmk.sys
0xF7DC3000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8BEB000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8592000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8992000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7D4F000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF85A2000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF85B2000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8822000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7D3E000 \SystemRoot\System32\DRIVERS\psched.sys
0xF85C2000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF882A000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8832000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7CF4000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF85E2000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF883A000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF89FC000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7C96000 \SystemRoot\System32\DRIVERS\update.sys
0xF89AE000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF85F2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8612000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A02000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8852000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8240000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8A06000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B11000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A08000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8862000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF886A000 \SystemRoot\System32\drivers\vga.sys
0xF8A0A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A0C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8872000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF887A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF894E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEEA43000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEE9EA000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF8652000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xEE9C2000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEE9A0000 \SystemRoot\System32\drivers\afd.sys
0xF8662000 \SystemRoot\System32\DRIVERS\netbios.sys
0xEE975000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEE905000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8692000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE8DF000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF86A2000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xEE890000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF8892000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF8976000 \SystemRoot\system32\DRIVERS\pelusblf.sys
0xF897A000 \SystemRoot\system32\DRIVERS\pelmouse.sys
0xF8982000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF86B2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8986000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF8542000 \SystemRoot\system32\drivers\LVUSBSta.sys
0xF7C8E000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xF88A2000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF8552000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE7B0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A24000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEEA92000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88B2000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B75000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEEA96000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEE720000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEE4F1000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xEDFB4000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE2D9000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDDA1000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xEDFF9000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys
0xF89CE000 \??\C:\WINDOWS\system32\drivers\ds1410d.sys
0xEDD0A000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xEDCE6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEDFC9000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xEDDF2000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xEDB9F000 \SystemRoot\System32\DRIVERS\srv.sys
0xF89D4000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
0xEDEE6000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xED74E000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
600 C:\WINDOWS\system32\smss.exe
648 csrss.exe
672 C:\WINDOWS\system32\winlogon.exe
716 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
888 C:\WINDOWS\system32\svchost.exe
952 svchost.exe
1048 C:\WINDOWS\system32\svchost.exe
1084 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1336 svchost.exe
1468 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1660 C:\WINDOWS\explorer.exe
1816 C:\WINDOWS\system32\ico.exe
1848 C:\WINDOWS\system32\hkcmd.exe
1860 C:\WINDOWS\system32\igfxpers.exe
1868 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
1876 C:\Program Files\Java\jre6\bin\jusched.exe
1892 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
1904 C:\WINDOWS\system32\FSRremoS.EXE
1916 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1952 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2024 C:\WINDOWS\system32\ctfmon.exe
184 C:\WINDOWS\system32\PELMICED.EXE
332 C:\Program Files\Opera\opera.exe
1112 C:\WINDOWS\system32\LEXBCES.EXE
1984 C:\WINDOWS\system32\spoolsv.exe
1532 C:\WINDOWS\system32\LEXPPS.EXE
1040 svchost.exe
848 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
912 C:\WINDOWS\system32\srvany.exe
1564 C:\pvsw\bin\w3dbsmgr.exe
1592 C:\WINDOWS\system32\snmp.exe
2468 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2504 C:\WINDOWS\system32\svchost.exe
2628 C:\WINDOWS\system32\wuauclt.exe
3364 alg.exe
3900 C:\Documents and Settings\Arlene\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD400BB-08JHC0, Rev: 06.01C06

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 233E67FF621C8B60F9040C973E04BEF47EE7914E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Attached Files



#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 29 August 2010 - 07:29 PM

Hello,

Let's see if that Mbr is actually infected.

I want to check your Mbr. The best way to do this is by booting an alternate OS other than your Windows OS.

Create it like this.....

Please download http://noahdfear.net/downloads/bootable/NTBR_USB.exe to your desktop
  • You will need a USB drive
  • Plug it in now
  • Double click NTBR_USB.exe
  • Press OK
  • After installation is complete press Exit
  • Reboot your computer and quickly tap F12 as it re-boots to choose boot options so you can choose the option to boot from the USB drive
  • After the USB boots choose USB and press Enter
  • Follow the prompts until you get a menu and choose 2 TestDisc
    • The TestDisk command window will open
    • Choose Create and press Enter
    • TestDisk will now detect all local hard drives
    • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
    • If your not sure then note everything you see and post it for my review
    • Select Intel (even if you have an AMD processor) and press Enter
    • Select Advanced and press Enter
    • Select [Boot] and press Enter
    • Select [Dump] and press Enter
    • Select [Quit] to exit
A log will be created in the root of the usb device
Reboot your computer into normal Windows

Copy and paste the resultant log for my review

=========

Do you have your Windows XP install disc? We might need it to fix a few System Files that might be damaged from the aftermath.

You may have corrupt critical system files. Let's see if we can fix that.

* Click Start > Run Copy and paste sfc /scannow into the run box and the click OK
* You may need your Windows XP CD so have it ready
* Allow the scan to run and when completed, reboot the system.

Thanks,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:45 AM

Posted 31 August 2010 - 10:08 PM

You still there?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 Haggar

Haggar
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 September 2010 - 07:50 PM

I apologies for my brother, he is a bit slow/forgetful at getting around to this, and due to school starting back up I am busy at the moment, if he does not reply by tomorrow afternoon I will take over on posting and getting help from here, seeing as he has had this topic open for almost a month.
-My apologies,
Haggar

Edited by Haggar, 01 September 2010 - 07:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users