Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32.dropper-gen


  • This topic is locked This topic is locked
22 replies to this topic

#1 Halor69

Halor69

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 16 October 2011 - 12:13 PM

On October 13th, I started my laptop up as usual ready to play some City of Heroes... and alas, I had no sound, and my anti-virus seemed to have stopped working. So I started trying all the "normal" fixes; restart, checking drivers, smacking it... nothing worked. Eventually I gave up on the sound and concentrated on the Avast! program. The program itself would start and show in the bar, but the anti-virus and protections would not... you know, the silly little x over the icon. After trying a few things with that, I uninstalled and then downloaded a new copy and installed it, working normally and I gave it a chance to scan my whole system. It found the win32.dropper-gen, which I assume is a worm/trojan, and moved it to vault. After finding that the Avast! wanted me to do a boot time scan, so I did... and at that time it found a few more nasties (i assume they were nasties, Avast! was wanting to vault them too) so I vaulted them also. When all that was done, I did a TDSS scan and that was clean, and updated my MBAM and scanned with that also... nothing infected. So this could be due to my computer being a bit older... about 8 years, but still no sound, nothing everything seems to be working except that. Not just the speakers either, its also affecting the headphone plug in. So I did the pre-requisite scans, and will include those here. Maybe its something new thats not being caught... or possibly something simple, I just wanna be sure I am free of buggies. "Help me Obi Wan, you're my only hope"

Jeff

P.S. The site kept saying my post was too long... so I'll attempt to edit and attach them that way.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jeff at 16:10:09 on 2011-10-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.482 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.8.11.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PlayNC Launcher]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1000m\WNA1000M.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.8.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1311164610500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2D53D180-1FC9-47FA-A94C-1644134845D3} : DhcpNameServer = 192.168.2.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-14 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-14 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-14 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-14 44768]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2008-2-27 20480]
R3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\drivers\WNA1000M.sys [2011-1-31 994664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\a.tmp --> c:\windows\system32\A.tmp [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-10-8 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-14 13:47:27 -------- d-----w- c:\program files\Sophos
2011-10-14 13:36:47 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-14 13:35:54 41184 ----a-w- c:\windows\avastSS.scr
2011-10-14 13:24:57 -------- d-----w- c:\documents and settings\jeff.jeffs-laptop\local settings\application data\Google
2011-10-08 11:47:22 -------- d-----w- c:\documents and settings\jeff.jeffs-laptop\application data\Wizards of the Coast
2011-09-30 23:38:06 -------- d-----w- c:\program files\AnalogX
2011-09-30 23:24:35 -------- d-----w- c:\documents and settings\jeff.jeffs-laptop\application data\NCH Software
2011-09-30 23:24:18 -------- d-----w- c:\program files\NCH Software
2011-09-28 02:07:20 -------- d-----w- C:\db2dbcee3e2acae738a0ecdf
2011-09-28 01:48:02 -------- d-----w- c:\documents and settings\jeff.jeffs-laptop\local settings\application data\NCSoft
2011-09-28 01:03:09 -------- d-----w- c:\documents and settings\jeff.jeffs-laptop\local settings\application data\assembly
2011-09-28 00:39:56 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-27 23:47:42 -------- d-----w- C:\0ccdf11e7204cb9784b0520b3b
2011-09-26 13:43:08 -------- d-----w- c:\program files\MSXML 6.0
2011-09-23 02:03:05 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-23 02:02:44 14048 ------w- c:\windows\system32\spmsg2.dll
2011-09-22 19:05:12 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-09-22 19:05:12 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-09-22 19:04:54 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-09-22 19:04:54 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-09-22 01:42:18 -------- d-----w- c:\documents and settings\jeff.jeffs-laptop\local settings\application data\Identities
2011-09-22 01:41:31 -------- d-----w- c:\windows\system32\GroupPolicy
2011-09-22 01:41:31 -------- d-----w- c:\program files\Windows Desktop Search
2011-09-22 01:40:26 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2011-09-22 01:40:26 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2011-09-22 01:40:26 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2011-09-19 21:13:49 -------- d-----w- c:\documents and settings\jeff.jeffs-laptop\application data\GetRightToGo
2011-09-19 21:03:31 -------- d-----w- C:\758a07c9bfbd22471d7c85775995
2011-09-19 21:03:24 -------- d-----w- C:\737c5414fda6411904b99155
2011-09-19 00:43:59 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2011-09-15 17:32:31 -------- d-----w- c:\program files\GPLGS
2011-09-15 17:31:40 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-09-15 17:31:31 -------- d-----w- c:\program files\Acro Software
.
==================== Find3M ====================
.
2011-10-14 11:20:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-19 14:26:14 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-07-19 14:26:13 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce™ IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x85297AB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000084[0x851CAAC0]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000083[0x85243030]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
.
============= FINISH: 16:12:58.07 =============

Attached Files


Edited by Halor69, 16 October 2011 - 12:15 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 AM

Posted 18 October 2011 - 12:43 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Halor69

Halor69
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 October 2011 - 08:01 AM

I haven't run any other anti-virus or malware scanners, so I do not know if the actual infection is gone completely, but still no sound. I do have my recovery CD's if it seems that its a corrupt file that may have been cleaned while attempting to fix. Here is the Combofix log... I left it running when I went to bed and if it restarted, then maybe thats in the log itself. Many thanks for the help, you helped me before with my desktop.

ComboFix 11-10-18.04 - Jeff 10/18/2011 22:08:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.510 [GMT -4:00]
Running from: c:\documents and settings\Jeff.JEFFS-LAPTOP\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\System Recovery
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\Application & Driver Recovery.lnk
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\PC Recovery Disc Creator.lnk
c:\documents and settings\All Users\Start Menu\Programs\System Recovery\PC Recovery.lnk
c:\program files\Internet Explorer\SET37A.tmp
c:\program files\Internet Explorer\SET37B.tmp
c:\program files\Internet Explorer\SET37D.tmp
c:\program files\Internet Explorer\SET3E1.tmp
c:\program files\Internet Explorer\SET3E2.tmp
c:\program files\Internet Explorer\SET3E3.tmp
c:\program files\Internet Explorer\SET96.tmp
c:\program files\Internet Explorer\SET97.tmp
c:\program files\Internet Explorer\SET99.tmp
c:\program files\Internet Explorer\SETFD.tmp
c:\program files\Internet Explorer\SETFE.tmp
c:\program files\Internet Explorer\SETFF.tmp
c:\windows\kb913800.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-14 13:47 . 2011-10-14 13:47 -------- d-----w- c:\program files\Sophos
2011-10-14 13:36 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-14 13:36 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-14 13:36 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-14 13:36 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-14 13:36 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-14 13:36 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-10-14 13:36 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-10-14 13:36 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-14 13:35 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-14 13:35 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-14 13:30 . 2011-10-14 13:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-10-14 13:25 . 2011-10-14 13:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-10-14 13:24 . 2011-10-14 13:32 -------- d-----w- c:\program files\Google
2011-10-14 13:24 . 2011-10-14 13:28 -------- d-----w- c:\documents and settings\Jeff.JEFFS-LAPTOP\Local Settings\Application Data\Google
2011-10-08 11:47 . 2011-10-08 11:47 -------- d-----w- c:\documents and settings\Jeff.JEFFS-LAPTOP\Application Data\Wizards of the Coast
2011-09-30 23:38 . 2011-10-01 00:14 -------- d-----w- c:\program files\AnalogX
2011-09-30 23:24 . 2011-09-30 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-09-30 23:24 . 2011-09-30 23:24 -------- d-----w- c:\documents and settings\Jeff.JEFFS-LAPTOP\Application Data\NCH Software
2011-09-30 23:24 . 2011-10-15 01:07 -------- d-----w- c:\program files\NCH Software
2011-09-29 11:54 . 2011-10-01 00:14 -------- d-----w- c:\documents and settings\Jeff.JEFFS-LAPTOP\Application Data\U3
2011-09-28 02:07 . 2011-09-28 02:07 -------- d-----w- C:\db2dbcee3e2acae738a0ecdf
2011-09-28 01:48 . 2011-09-28 01:48 -------- d-----w- c:\documents and settings\Jeff.JEFFS-LAPTOP\Local Settings\Application Data\NCSoft
2011-09-28 01:03 . 2011-09-28 01:03 -------- d-----w- c:\documents and settings\Jeff.JEFFS-LAPTOP\Local Settings\Application Data\assembly
2011-09-28 00:39 . 2011-09-28 02:08 -------- d-----w- c:\windows\system32\XPSViewer
2011-09-27 23:47 . 2011-09-28 00:04 -------- d-----w- C:\0ccdf11e7204cb9784b0520b3b
2011-09-26 13:43 . 2011-09-26 13:43 -------- d-----w- c:\program files\MSXML 6.0
2011-09-26 13:39 . 2011-09-26 13:39 -------- d-----w- c:\documents and settings\Jeff.JEFFS-LAPTOP\Application Data\InstallShield
2011-09-23 02:03 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-23 02:02 . 2006-06-29 17:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-09-22 19:05 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-09-22 19:05 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-09-22 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-09-22 19:04 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2011-09-22 01:42 . 2011-09-22 01:42 -------- d-----w- c:\documents and settings\Jeff.JEFFS-LAPTOP\Local Settings\Application Data\Identities
2011-09-22 01:41 . 2011-09-23 01:32 -------- d-----w- c:\program files\Windows Desktop Search
2011-09-22 01:41 . 2011-09-22 01:41 -------- d-----w- c:\windows\system32\GroupPolicy
2011-09-22 01:40 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2011-09-22 01:40 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2011-09-22 01:40 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2011-09-22 01:37 . 2011-09-22 01:38 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-09-19 21:13 . 2011-09-19 21:14 -------- d-----w- c:\documents and settings\Jeff.JEFFS-LAPTOP\Application Data\GetRightToGo
2011-09-19 21:03 . 2011-09-19 21:03 -------- d-----w- C:\758a07c9bfbd22471d7c85775995
2011-09-19 21:03 . 2011-09-19 21:05 -------- d-----w- C:\737c5414fda6411904b99155
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 11:20 . 2011-07-30 11:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41 . 2009-10-08 18:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-03-16 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-03-16 04:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-03-16 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-03-16 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2011-07-19 19:48 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-03-16 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-03-16 04:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-03-16 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-03-16 04:00 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-16 04:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-10 00:26 . 2011-07-13 15:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-27 86016]
"nwiz"="nwiz.exe" [2006-09-27 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Tharen\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA1000M Smart Wizard.lnk - c:\program files\NETGEAR\WNA1000M\WNA1000M.exe [2011-2-22 2079200]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\NCSoft\\Launcher\\NCLauncher.exe"=
"c:\\Program Files\\NCSoft\\Launcher\\NCAccess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12199:TCP"= 12199:TCP:BitComet 12199 TCP
"12199:UDP"= 12199:UDP:BitComet 12199 UDP
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/14/2011 9:36 AM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/14/2011 9:36 AM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/14/2011 9:36 AM 20568]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2/27/2008 10:54 AM 20480]
R3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\drivers\WNA1000M.sys [1/31/2011 5:03 PM 994664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/8/2010 2:07 PM 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-30 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-09-30 23:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PlayNC Launcher - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-18 22:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????P??????Y?@?????<?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2.tmp"
.
Completion time: 2011-10-18 22:26:25
ComboFix-quarantined-files.txt 2011-10-19 02:26
.
Pre-Run: 21,312,856,064 bytes free
Post-Run: 22,057,189,376 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3A5D1E8E112CED3A0ACDE43FC5117A65

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 AM

Posted 19 October 2011 - 08:31 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Halor69

Halor69
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 October 2011 - 08:35 AM

Here is the report... I have a class in 20 mins so anything further will unfortunately need to wait.

09:34:38.0718 3312 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
09:34:39.0140 3312 ============================================================
09:34:39.0140 3312 Current date / time: 2011/10/19 09:34:39.0140
09:34:39.0140 3312 SystemInfo:
09:34:39.0140 3312
09:34:39.0140 3312 OS Version: 5.1.2600 ServicePack: 3.0
09:34:39.0140 3312 Product type: Workstation
09:34:39.0140 3312 ComputerName: JEFFS-LAPTOP
09:34:39.0140 3312 UserName: Jeff
09:34:39.0140 3312 Windows directory: C:\WINDOWS
09:34:39.0140 3312 System windows directory: C:\WINDOWS
09:34:39.0140 3312 Processor architecture: Intel x86
09:34:39.0140 3312 Number of processors: 2
09:34:39.0140 3312 Page size: 0x1000
09:34:39.0140 3312 Boot type: Normal boot
09:34:39.0140 3312 ============================================================
09:34:39.0656 3312 Initialize success
09:34:44.0546 4016 ============================================================
09:34:44.0546 4016 Scan started
09:34:44.0546 4016 Mode: Manual;
09:34:44.0546 4016 ============================================================
09:34:44.0828 4016 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
09:34:44.0828 4016 5U870CAP_VID_1262&PID_25FD - ok
09:34:44.0890 4016 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
09:34:44.0890 4016 Aavmker4 - ok
09:34:44.0906 4016 Abiosdsk - ok
09:34:44.0937 4016 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:34:44.0937 4016 abp480n5 - ok
09:34:44.0984 4016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:34:45.0000 4016 ACPI - ok
09:34:45.0015 4016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:34:45.0015 4016 ACPIEC - ok
09:34:45.0078 4016 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:34:45.0078 4016 adpu160m - ok
09:34:45.0125 4016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:34:45.0125 4016 aec - ok
09:34:45.0171 4016 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:34:45.0171 4016 AegisP - ok
09:34:45.0218 4016 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:34:45.0218 4016 AFD - ok
09:34:45.0265 4016 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:34:45.0265 4016 agp440 - ok
09:34:45.0296 4016 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:34:45.0296 4016 agpCPQ - ok
09:34:45.0328 4016 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:34:45.0328 4016 Aha154x - ok
09:34:45.0375 4016 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:34:45.0375 4016 aic78u2 - ok
09:34:45.0406 4016 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:34:45.0406 4016 aic78xx - ok
09:34:45.0453 4016 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:34:45.0453 4016 AliIde - ok
09:34:45.0500 4016 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:34:45.0500 4016 alim1541 - ok
09:34:45.0531 4016 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:34:45.0546 4016 amdagp - ok
09:34:45.0578 4016 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
09:34:45.0578 4016 AmdK8 - ok
09:34:45.0593 4016 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:34:45.0593 4016 amsint - ok
09:34:45.0656 4016 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:34:45.0656 4016 Arp1394 - ok
09:34:45.0687 4016 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:34:45.0687 4016 asc - ok
09:34:45.0703 4016 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:34:45.0703 4016 asc3350p - ok
09:34:45.0734 4016 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:34:45.0734 4016 asc3550 - ok
09:34:45.0781 4016 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:34:45.0781 4016 aswFsBlk - ok
09:34:45.0828 4016 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
09:34:45.0828 4016 aswMon2 - ok
09:34:45.0875 4016 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
09:34:45.0875 4016 aswRdr - ok
09:34:45.0906 4016 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
09:34:45.0921 4016 aswSnx - ok
09:34:45.0984 4016 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
09:34:45.0984 4016 aswSP - ok
09:34:46.0031 4016 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
09:34:46.0031 4016 aswTdi - ok
09:34:46.0078 4016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:34:46.0078 4016 AsyncMac - ok
09:34:46.0093 4016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:34:46.0109 4016 atapi - ok
09:34:46.0109 4016 Atdisk - ok
09:34:46.0140 4016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:34:46.0140 4016 Atmarpc - ok
09:34:46.0171 4016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:34:46.0187 4016 audstub - ok
09:34:46.0234 4016 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
09:34:46.0234 4016 BCM43XX - ok
09:34:46.0265 4016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:34:46.0265 4016 Beep - ok
09:34:46.0296 4016 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
09:34:46.0296 4016 BTWUSB - ok
09:34:46.0390 4016 catchme - ok
09:34:46.0515 4016 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:34:46.0515 4016 cbidf - ok
09:34:46.0531 4016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:34:46.0531 4016 cbidf2k - ok
09:34:46.0578 4016 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:34:46.0578 4016 CCDECODE - ok
09:34:46.0609 4016 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:34:46.0609 4016 cd20xrnt - ok
09:34:46.0625 4016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:34:46.0625 4016 Cdaudio - ok
09:34:46.0656 4016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:34:46.0656 4016 Cdfs - ok
09:34:46.0687 4016 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:34:46.0687 4016 Cdrom - ok
09:34:46.0703 4016 Changer - ok
09:34:46.0734 4016 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:34:46.0750 4016 CmBatt - ok
09:34:46.0781 4016 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:34:46.0781 4016 CmdIde - ok
09:34:46.0796 4016 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:34:46.0796 4016 Compbatt - ok
09:34:46.0843 4016 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:34:46.0843 4016 Cpqarray - ok
09:34:46.0875 4016 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:34:46.0875 4016 dac2w2k - ok
09:34:46.0906 4016 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:34:46.0906 4016 dac960nt - ok
09:34:46.0953 4016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:34:46.0953 4016 Disk - ok
09:34:47.0015 4016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:34:47.0062 4016 dmboot - ok
09:34:47.0093 4016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:34:47.0093 4016 dmio - ok
09:34:47.0125 4016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:34:47.0125 4016 dmload - ok
09:34:47.0156 4016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:34:47.0156 4016 DMusic - ok
09:34:47.0187 4016 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:34:47.0187 4016 dpti2o - ok
09:34:47.0203 4016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:34:47.0218 4016 drmkaud - ok
09:34:47.0281 4016 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
09:34:47.0281 4016 eabfiltr - ok
09:34:47.0328 4016 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
09:34:47.0328 4016 eabusb - ok
09:34:47.0406 4016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:34:47.0406 4016 Fastfat - ok
09:34:47.0437 4016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:34:47.0437 4016 Fdc - ok
09:34:47.0468 4016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:34:47.0468 4016 Fips - ok
09:34:47.0484 4016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:34:47.0484 4016 Flpydisk - ok
09:34:47.0531 4016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:34:47.0531 4016 FltMgr - ok
09:34:47.0546 4016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:34:47.0562 4016 Fs_Rec - ok
09:34:47.0578 4016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:34:47.0578 4016 Ftdisk - ok
09:34:47.0609 4016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:34:47.0609 4016 Gpc - ok
09:34:47.0625 4016 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
09:34:47.0625 4016 HBtnKey - ok
09:34:47.0687 4016 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys
09:34:47.0703 4016 HdAudAddService - ok
09:34:47.0750 4016 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:34:47.0750 4016 HDAudBus - ok
09:34:47.0796 4016 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:34:47.0796 4016 HidUsb - ok
09:34:47.0843 4016 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:34:47.0859 4016 hpn - ok
09:34:47.0906 4016 HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:34:47.0906 4016 HSFHWAZL - ok
09:34:47.0968 4016 HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:34:48.0031 4016 HSF_DPV - ok
09:34:48.0078 4016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:34:48.0093 4016 HTTP - ok
09:34:48.0125 4016 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:34:48.0125 4016 i2omgmt - ok
09:34:48.0156 4016 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:34:48.0156 4016 i2omp - ok
09:34:48.0187 4016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:34:48.0187 4016 i8042prt - ok
09:34:48.0250 4016 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:34:48.0296 4016 iaStor - ok
09:34:48.0343 4016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:34:48.0359 4016 Imapi - ok
09:34:48.0375 4016 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:34:48.0390 4016 ini910u - ok
09:34:48.0421 4016 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:34:48.0421 4016 IntelIde - ok
09:34:48.0453 4016 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:34:48.0453 4016 Ip6Fw - ok
09:34:48.0500 4016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:34:48.0500 4016 IpFilterDriver - ok
09:34:48.0546 4016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:34:48.0546 4016 IpInIp - ok
09:34:48.0593 4016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:34:48.0593 4016 IpNat - ok
09:34:48.0625 4016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:34:48.0640 4016 IPSec - ok
09:34:48.0656 4016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:34:48.0671 4016 IRENUM - ok
09:34:48.0703 4016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:34:48.0718 4016 isapnp - ok
09:34:48.0734 4016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:34:48.0734 4016 Kbdclass - ok
09:34:48.0750 4016 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:34:48.0765 4016 kbdhid - ok
09:34:48.0796 4016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:34:48.0812 4016 kmixer - ok
09:34:48.0843 4016 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:34:48.0843 4016 KSecDD - ok
09:34:48.0875 4016 lbrtfdc - ok
09:34:48.0921 4016 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:34:48.0921 4016 mdmxsdk - ok
09:34:48.0937 4016 MEMSWEEP2 - ok
09:34:48.0984 4016 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
09:34:48.0984 4016 MHNDRV - ok
09:34:49.0000 4016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:34:49.0000 4016 mnmdd - ok
09:34:49.0062 4016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:34:49.0062 4016 Modem - ok
09:34:49.0078 4016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:34:49.0078 4016 Mouclass - ok
09:34:49.0109 4016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:34:49.0109 4016 mouhid - ok
09:34:49.0140 4016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:34:49.0140 4016 MountMgr - ok
09:34:49.0171 4016 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
09:34:49.0171 4016 MQAC - ok
09:34:49.0203 4016 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:34:49.0203 4016 mraid35x - ok
09:34:49.0265 4016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:34:49.0265 4016 MRxDAV - ok
09:34:49.0312 4016 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:34:49.0328 4016 MRxSmb - ok
09:34:49.0359 4016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:34:49.0359 4016 Msfs - ok
09:34:49.0390 4016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:34:49.0390 4016 MSKSSRV - ok
09:34:49.0421 4016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:34:49.0421 4016 MSPCLOCK - ok
09:34:49.0437 4016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:34:49.0437 4016 MSPQM - ok
09:34:49.0468 4016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:34:49.0484 4016 mssmbios - ok
09:34:49.0500 4016 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:34:49.0500 4016 MSTEE - ok
09:34:49.0546 4016 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:34:49.0546 4016 Mup - ok
09:34:49.0578 4016 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:34:49.0578 4016 NABTSFEC - ok
09:34:49.0609 4016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:34:49.0609 4016 NDIS - ok
09:34:49.0640 4016 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:34:49.0640 4016 NdisIP - ok
09:34:49.0671 4016 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:34:49.0687 4016 NdisTapi - ok
09:34:49.0718 4016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:34:49.0718 4016 Ndisuio - ok
09:34:49.0750 4016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:34:49.0750 4016 NdisWan - ok
09:34:49.0781 4016 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:34:49.0796 4016 NDProxy - ok
09:34:49.0812 4016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:34:49.0812 4016 NetBIOS - ok
09:34:49.0843 4016 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:34:49.0843 4016 NetBT - ok
09:34:49.0890 4016 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:34:49.0906 4016 NIC1394 - ok
09:34:49.0937 4016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:34:49.0953 4016 Npfs - ok
09:34:50.0015 4016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:34:50.0031 4016 Ntfs - ok
09:34:50.0078 4016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:34:50.0078 4016 Null - ok
09:34:50.0265 4016 nv (c493bec0b489551bfe60de6c76e6f4ec) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:34:50.0421 4016 nv - ok
09:34:50.0515 4016 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
09:34:50.0515 4016 nvata - ok
09:34:50.0562 4016 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:34:50.0562 4016 NVENETFD - ok
09:34:50.0578 4016 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:34:50.0578 4016 nvnetbus - ok
09:34:50.0593 4016 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
09:34:50.0609 4016 nvsmu - ok
09:34:50.0625 4016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:34:50.0640 4016 NwlnkFlt - ok
09:34:50.0656 4016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:34:50.0656 4016 NwlnkFwd - ok
09:34:50.0703 4016 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:34:50.0703 4016 ohci1394 - ok
09:34:50.0734 4016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:34:50.0734 4016 Parport - ok
09:34:50.0765 4016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:34:50.0765 4016 PartMgr - ok
09:34:50.0796 4016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:34:50.0796 4016 ParVdm - ok
09:34:50.0828 4016 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:34:50.0843 4016 PCI - ok
09:34:50.0859 4016 PCIDump - ok
09:34:50.0875 4016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:34:50.0875 4016 PCIIde - ok
09:34:50.0906 4016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:34:50.0906 4016 Pcmcia - ok
09:34:50.0921 4016 PDCOMP - ok
09:34:50.0937 4016 PDFRAME - ok
09:34:50.0953 4016 PDRELI - ok
09:34:50.0968 4016 PDRFRAME - ok
09:34:51.0000 4016 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:34:51.0000 4016 perc2 - ok
09:34:51.0031 4016 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:34:51.0031 4016 perc2hib - ok
09:34:51.0093 4016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:34:51.0093 4016 PptpMiniport - ok
09:34:51.0125 4016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:34:51.0125 4016 PSched - ok
09:34:51.0171 4016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:34:51.0171 4016 Ptilink - ok
09:34:51.0187 4016 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:34:51.0187 4016 PxHelp20 - ok
09:34:51.0203 4016 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:34:51.0218 4016 ql1080 - ok
09:34:51.0234 4016 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:34:51.0234 4016 Ql10wnt - ok
09:34:51.0265 4016 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:34:51.0265 4016 ql12160 - ok
09:34:51.0281 4016 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:34:51.0281 4016 ql1240 - ok
09:34:51.0296 4016 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:34:51.0312 4016 ql1280 - ok
09:34:51.0328 4016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:34:51.0328 4016 RasAcd - ok
09:34:51.0390 4016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:34:51.0390 4016 Rasl2tp - ok
09:34:51.0421 4016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:34:51.0421 4016 RasPppoe - ok
09:34:51.0468 4016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:34:51.0468 4016 Raspti - ok
09:34:51.0515 4016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:34:51.0515 4016 Rdbss - ok
09:34:51.0546 4016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:34:51.0546 4016 RDPCDD - ok
09:34:51.0593 4016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:34:51.0609 4016 rdpdr - ok
09:34:51.0656 4016 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:34:51.0656 4016 RDPWD - ok
09:34:51.0703 4016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:34:51.0703 4016 redbook - ok
09:34:51.0765 4016 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
09:34:51.0765 4016 Revoflt - ok
09:34:51.0796 4016 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
09:34:51.0796 4016 rimmptsk - ok
09:34:51.0828 4016 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
09:34:51.0828 4016 rimsptsk - ok
09:34:51.0859 4016 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
09:34:51.0875 4016 rismxdp - ok
09:34:51.0921 4016 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
09:34:51.0921 4016 RMCAST - ok
09:34:51.0984 4016 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
09:34:51.0984 4016 rtl8139 - ok
09:34:52.0062 4016 RTL8192cu (c1d693bcac8a411f44a503f473c9e2df) C:\WINDOWS\system32\DRIVERS\WNA1000M.sys
09:34:52.0109 4016 RTL8192cu - ok
09:34:52.0218 4016 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:34:52.0218 4016 sdbus - ok
09:34:52.0265 4016 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:34:52.0265 4016 Secdrv - ok
09:34:52.0296 4016 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:34:52.0296 4016 Serial - ok
09:34:52.0359 4016 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:34:52.0359 4016 Sfloppy - ok
09:34:52.0375 4016 Simbad - ok
09:34:52.0421 4016 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:34:52.0421 4016 sisagp - ok
09:34:52.0453 4016 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:34:52.0453 4016 SLIP - ok
09:34:52.0484 4016 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:34:52.0500 4016 Sparrow - ok
09:34:52.0531 4016 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:34:52.0531 4016 splitter - ok
09:34:52.0562 4016 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:34:52.0562 4016 sr - ok
09:34:52.0625 4016 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:34:52.0625 4016 Srv - ok
09:34:52.0671 4016 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:34:52.0671 4016 streamip - ok
09:34:52.0703 4016 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:34:52.0703 4016 swenum - ok
09:34:52.0718 4016 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:34:52.0734 4016 swmidi - ok
09:34:52.0781 4016 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:34:52.0781 4016 symc810 - ok
09:34:52.0796 4016 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:34:52.0796 4016 symc8xx - ok
09:34:52.0828 4016 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:34:52.0828 4016 sym_hi - ok
09:34:52.0859 4016 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:34:52.0859 4016 sym_u3 - ok
09:34:52.0890 4016 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:34:52.0890 4016 SynTP - ok
09:34:52.0937 4016 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:34:52.0937 4016 sysaudio - ok
09:34:53.0000 4016 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:34:53.0000 4016 Tcpip - ok
09:34:53.0109 4016 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:34:53.0109 4016 TDPIPE - ok
09:34:53.0140 4016 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:34:53.0140 4016 TDTCP - ok
09:34:53.0156 4016 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:34:53.0171 4016 TermDD - ok
09:34:53.0218 4016 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:34:53.0218 4016 TosIde - ok
09:34:53.0281 4016 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:34:53.0281 4016 Udfs - ok
09:34:53.0296 4016 UIUSys - ok
09:34:53.0328 4016 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:34:53.0328 4016 ultra - ok
09:34:53.0375 4016 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:34:53.0390 4016 Update - ok
09:34:53.0437 4016 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:34:53.0437 4016 usbccgp - ok
09:34:53.0468 4016 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:34:53.0468 4016 usbehci - ok
09:34:53.0484 4016 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:34:53.0500 4016 usbhub - ok
09:34:53.0515 4016 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:34:53.0515 4016 usbohci - ok
09:34:53.0562 4016 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:34:53.0562 4016 USBSTOR - ok
09:34:53.0609 4016 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:34:53.0609 4016 usbuhci - ok
09:34:53.0656 4016 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:34:53.0656 4016 usbvideo - ok
09:34:53.0671 4016 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:34:53.0687 4016 VgaSave - ok
09:34:53.0718 4016 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:34:53.0718 4016 viaagp - ok
09:34:53.0750 4016 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:34:53.0750 4016 ViaIde - ok
09:34:53.0781 4016 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:34:53.0781 4016 VolSnap - ok
09:34:53.0828 4016 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:34:53.0828 4016 Wanarp - ok
09:34:53.0843 4016 WDICA - ok
09:34:53.0875 4016 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:34:53.0890 4016 wdmaud - ok
09:34:53.0953 4016 winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:34:54.0000 4016 winachsf - ok
09:34:54.0046 4016 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
09:34:54.0046 4016 WLNdis50 - ok
09:34:54.0093 4016 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:34:54.0093 4016 WmiAcpi - ok
09:34:54.0140 4016 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:34:54.0140 4016 WSTCODEC - ok
09:34:54.0187 4016 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:34:54.0203 4016 WudfPf - ok
09:34:54.0218 4016 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:34:54.0218 4016 WudfRd - ok
09:34:54.0281 4016 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
09:34:54.0281 4016 \Device\Harddisk0\DR0 - ok
09:34:54.0281 4016 Boot (0x1200) (ad79441d13d93f03b84de67062dfb57e) \Device\Harddisk0\DR0\Partition0
09:34:54.0281 4016 \Device\Harddisk0\DR0\Partition0 - ok
09:34:54.0312 4016 Boot (0x1200) (b4567804a973cdb52237fa1f3eaeb612) \Device\Harddisk0\DR0\Partition1
09:34:54.0312 4016 \Device\Harddisk0\DR0\Partition1 - ok
09:34:54.0312 4016 ============================================================
09:34:54.0312 4016 Scan finished
09:34:54.0312 4016 ============================================================
09:34:54.0328 3856 Detected object count: 0
09:34:54.0328 3856 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 AM

Posted 19 October 2011 - 08:44 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Halor69

Halor69
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 October 2011 - 10:18 AM

I will run the scan after classes, which will be around 3pm Eastern US time. Cheers.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 AM

Posted 19 October 2011 - 11:59 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Halor69

Halor69
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 October 2011 - 02:47 PM

Here is the log from aswMBR. Just another note, after my dds and gmer logs I did a disk cleanup, defrag, and uninstalled some programs that I no longer use with REVO.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-19 15:38:37
-----------------------------
15:38:37.875 OS Version: Windows 5.1.2600 Service Pack 3
15:38:37.875 Number of processors: 2 586 0x4802
15:38:37.875 ComputerName: JEFFS-LAPTOP UserName: Jeff
15:38:38.828 Initialize success
15:38:38.984 AVAST engine defs: 11101901
15:38:48.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000083
15:38:48.812 Disk 0 Vendor: Size: 0MB BusType: 0
15:38:48.828 Disk 0 MBR read successfully
15:38:48.843 Disk 0 MBR scan
15:38:48.859 Disk 0 unknown MBR code
15:38:48.859 Disk 0 MBR hidden
15:38:48.890 Disk 0 scanning C:\WINDOWS\system32\drivers
15:38:57.671 Service scanning
15:38:58.875 Modules scanning
15:39:05.562 Disk 0 trace - called modules:
15:39:05.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
15:39:05.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85291ab8]
15:39:05.609 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000084[0x8528ff18]
15:39:05.609 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\00000083[0x85266030]
15:39:06.140 AVAST engine scan C:\WINDOWS
15:39:23.812 AVAST engine scan C:\WINDOWS\system32
15:40:39.968 AVAST engine scan C:\WINDOWS\system32\drivers
15:40:50.234 AVAST engine scan C:\Documents and Settings\Jeff.JEFFS-LAPTOP
15:41:56.171 AVAST engine scan C:\Documents and Settings\All Users
15:43:15.421 Scan finished successfully
15:44:47.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jeff.JEFFS-LAPTOP\Desktop\MBR.dat"
15:44:47.343 The log file has been saved successfully to "C:\Documents and Settings\Jeff.JEFFS-LAPTOP\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 AM

Posted 19 October 2011 - 08:54 PM

how are things running right now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Halor69

Halor69
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 20 October 2011 - 07:16 AM

Speed and startup times are back to normal, but still no sound. Drivers and hardware config all checked, and no sound from headphone jack either. Other than that I see no more symptoms of a virus or other malware.

Jeff

#12 Halor69

Halor69
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 21 October 2011 - 07:44 PM

Coming up on 48 hours no reply... so... bump.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 AM

Posted 21 October 2011 - 08:44 PM

what is the make and model of the computer?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Halor69

Halor69
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 22 October 2011 - 08:24 AM

Its a HP Pavillion dv6125om. Ive had it a long time, and been updating it as necessary... starting to think that the sound is just dead cause its old.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:14 AM

Posted 22 October 2011 - 12:15 PM

Hello


download the audio driver from here - http://www.laptopdrivers.info/2045-hp-pavilion-dv6125om-notebook-drivers-windows-xp/
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users