Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

left single mouse click won't starts apps


  • Please log in to reply
7 replies to this topic

#1 astro3ron

astro3ron

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 25 February 2012 - 10:53 AM

Had a Security Shield Rogue infection and a couple of others that were finally removed by MBAM and Norton AV, but there's other issues remaining. I can't start apps from icons on the desktop or from Start/Programs.
Quick launch functions do NOT work with single left mouse click. Short cuts on the desktop or anywhere else do NOT work. Something has been changed registry wise, but don't know where to look for setting. I'm unabile to start up apps from Start/ any apps listed or to start any apps from the Start/All Programs with a left mouse click. If I right mouse on icon and select Open, I can start the application. IE works from the desktop, but not other application shortcuts. Any ideas as to what registry settings were changed to cause this?

Edited by hamluis, 25 February 2012 - 11:36 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:02 AM

Posted 26 February 2012 - 09:24 PM

Download

exehelper

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

ALso can you post your MBAM logs.

#3 astro3ron

astro3ron
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 28 February 2012 - 11:07 PM

exehelper log:

exeHelper by Raktor
Build 20100414
Run at 19:20:52 on 02/28/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

--------------------------

AVAST log:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 19:22:26
-----------------------------
19:22:26.828 OS Version: Windows 5.1.2600 Service Pack 3
19:22:26.828 Number of processors: 1 586 0x409
19:22:26.828 ComputerName: 8THGRADE UserName: admin1
19:22:27.687 Initialize success
19:42:29.968 AVAST engine defs: 12022802
19:44:09.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:44:09.640 Disk 0 Vendor: ST3802110A 3.ADH Size: 76293MB BusType: 3
19:44:09.687 Disk 0 MBR read successfully
19:44:09.687 Disk 0 MBR scan
19:44:09.765 Disk 0 unknown MBR code
19:44:09.765 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
19:44:09.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53976 MB offset 64260
19:44:09.859 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19053 MB offset 110607525
19:44:09.906 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 149629410
19:44:09.984 Disk 0 scanning sectors +156232125
19:44:10.203 Disk 0 scanning C:\WINDOWS\system32\drivers
19:44:39.187 Service scanning
19:45:19.296 Modules scanning
19:45:35.156 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:45:38.140 Disk 0 trace - called modules:
19:45:38.171 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:45:38.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b72ab8]
19:45:38.187 3 CLASSPNP.SYS[f7516fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86ba1d98]
19:45:38.718 AVAST engine scan C:\WINDOWS
19:46:09.765 AVAST engine scan C:\WINDOWS\system32
19:50:59.796 AVAST engine scan C:\WINDOWS\system32\drivers
19:51:28.359 AVAST engine scan C:\Documents and Settings\admin1
19:52:46.828 AVAST engine scan C:\Documents and Settings\All Users
19:54:03.687 Scan finished successfully
19:55:50.718 Disk 0 MBR has been saved successfully to "C:\Ziphold\Security\Nav\MBR.dat"
19:55:50.718 The log file has been saved successfully to "C:\Ziphold\Security\Nav\aswMBR.txt"

DLADResN.SYS is just a Roxio system file

------------

MBAM log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/4/2012 9:35:43 AM
mbam-log-2012-02-04 (09-35-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 122542
Time elapsed: 1 hour(s), 14 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\student\application data\Sun\Java\deployment\cache\6.0\31\3c9b96df-54e03f66 (Rogue.Installer) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-2247182655-949755525-1310143975-1005\Dc1563.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-2247182655-949755525-1310143975-1005\Dc58\setup.exe (Adware.Agent) -> Quarantined and deleted successfully.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:02 AM

Posted 29 February 2012 - 03:08 AM

Can you launch your applications now?


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Restart the PC


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

#5 astro3ron

astro3ron
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 04 March 2012 - 01:11 PM

Nothing really shows, up but here's the logs

TDSS Killer:
14:10:14.0687 3748 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
14:10:16.0687 3748 ============================================================
14:10:16.0687 3748 Current date / time: 2012/03/03 14:10:16.0687
14:10:16.0687 3748 SystemInfo:
14:10:16.0687 3748
14:10:16.0687 3748 OS Version: 5.1.2600 ServicePack: 3.0
14:10:16.0687 3748 Product type: Workstation
14:10:16.0687 3748 ComputerName: 8THGRADE
14:10:16.0687 3748 UserName: admin1
14:10:16.0687 3748 Windows directory: C:\WINDOWS
14:10:16.0687 3748 System windows directory: C:\WINDOWS
14:10:16.0687 3748 Processor architecture: Intel x86
14:10:16.0687 3748 Number of processors: 1
14:10:16.0687 3748 Page size: 0x1000
14:10:16.0687 3748 Boot type: Normal boot
14:10:16.0687 3748 ============================================================
14:10:40.0625 3748 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:10:40.0859 3748 \Device\Harddisk0\DR0:
14:10:40.0937 3748 MBR used
14:10:40.0937 3748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x696C1A1
14:10:40.0937 3748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x697BCA5, BlocksNum 0x2536D3D
14:10:43.0203 3748 Initialize success
14:10:43.0203 3748 ============================================================
14:11:13.0656 2712 ============================================================
14:11:13.0656 2712 Scan started
14:11:13.0656 2712 Mode: Manual; TDLFS;
14:11:13.0656 2712 ============================================================
14:11:15.0593 2712 Abiosdsk - ok
14:11:15.0906 2712 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:11:15.0937 2712 abp480n5 - ok
14:11:16.0312 2712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:11:16.0406 2712 ACPI - ok
14:11:16.0843 2712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:11:16.0859 2712 ACPIEC - ok
14:11:17.0078 2712 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:11:17.0093 2712 adpu160m - ok
14:11:17.0234 2712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:11:17.0250 2712 aec - ok
14:11:27.0984 2712 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:11:28.0046 2712 AFD - ok
14:11:28.0421 2712 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:11:28.0437 2712 agp440 - ok
14:11:28.0828 2712 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:11:28.0859 2712 agpCPQ - ok
14:11:29.0218 2712 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:11:29.0250 2712 Aha154x - ok
14:11:29.0593 2712 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:11:29.0609 2712 aic78u2 - ok
14:11:30.0000 2712 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:11:30.0015 2712 aic78xx - ok
14:11:30.0421 2712 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:11:30.0421 2712 AliIde - ok
14:11:38.0078 2712 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:11:38.0078 2712 alim1541 - ok
14:11:38.0390 2712 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:11:38.0390 2712 amdagp - ok
14:11:38.0781 2712 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:11:38.0796 2712 amsint - ok
14:11:40.0562 2712 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:11:40.0640 2712 asc - ok
14:11:41.0531 2712 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:11:41.0531 2712 asc3350p - ok
14:11:42.0453 2712 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:11:42.0500 2712 asc3550 - ok
14:11:43.0375 2712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:11:43.0375 2712 AsyncMac - ok
14:11:44.0359 2712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:11:44.0406 2712 atapi - ok
14:11:44.0765 2712 Atdisk - ok
14:11:49.0531 2712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:11:49.0562 2712 Atmarpc - ok
14:11:49.0937 2712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:11:49.0937 2712 audstub - ok
14:11:50.0312 2712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:11:50.0328 2712 Beep - ok
14:11:50.0734 2712 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
14:11:50.0750 2712 BrPar - ok
14:11:51.0062 2712 bvrp_pci - ok
14:11:51.0375 2712 catchme - ok
14:11:51.0781 2712 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:11:51.0796 2712 cbidf - ok
14:11:52.0140 2712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:11:52.0156 2712 cbidf2k - ok
14:11:52.0546 2712 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:11:52.0562 2712 cd20xrnt - ok
14:11:52.0937 2712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:11:52.0968 2712 Cdaudio - ok
14:11:53.0406 2712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:11:53.0421 2712 Cdfs - ok
14:11:53.0828 2712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:11:53.0843 2712 Cdrom - ok
14:11:54.0156 2712 Changer - ok
14:11:54.0546 2712 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:11:54.0562 2712 CmdIde - ok
14:11:54.0984 2712 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:11:55.0015 2712 Cpqarray - ok
14:11:55.0500 2712 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:11:55.0625 2712 dac2w2k - ok
14:11:56.0015 2712 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:11:56.0015 2712 dac960nt - ok
14:11:56.0390 2712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:11:56.0421 2712 Disk - ok
14:11:56.0890 2712 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:11:56.0953 2712 DLABOIOM - ok
14:11:57.0390 2712 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:11:57.0437 2712 DLACDBHM - ok
14:11:57.0843 2712 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
14:11:57.0906 2712 DLADResN - ok
14:11:58.0359 2712 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:11:58.0375 2712 DLAIFS_M - ok
14:11:58.0796 2712 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:11:58.0812 2712 DLAOPIOM - ok
14:11:59.0281 2712 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:11:59.0296 2712 DLAPoolM - ok
14:11:59.0781 2712 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
14:11:59.0796 2712 DLARTL_N - ok
14:12:00.0187 2712 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:12:00.0203 2712 DLAUDFAM - ok
14:12:00.0656 2712 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:12:00.0671 2712 DLAUDF_M - ok
14:12:01.0312 2712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:12:01.0859 2712 dmboot - ok
14:12:02.0156 2712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:12:02.0187 2712 dmio - ok
14:12:02.0609 2712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:12:02.0625 2712 dmload - ok
14:12:02.0906 2712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:12:02.0921 2712 DMusic - ok
14:12:03.0312 2712 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:12:03.0343 2712 dpti2o - ok
14:12:03.0781 2712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:12:03.0796 2712 drmkaud - ok
14:12:04.0156 2712 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:12:04.0187 2712 DRVMCDB - ok
14:12:04.0671 2712 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:12:04.0703 2712 DRVNDDM - ok
14:12:05.0109 2712 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:12:05.0140 2712 E100B - ok
14:12:05.0468 2712 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:12:05.0625 2712 eeCtrl - ok
14:12:05.0828 2712 EraserUtilDrv10910 - ok
14:12:06.0093 2712 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:12:06.0109 2712 EraserUtilRebootDrv - ok
14:12:06.0562 2712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:12:06.0578 2712 Fastfat - ok
14:12:06.0984 2712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:12:06.0984 2712 Fdc - ok
14:12:07.0484 2712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:12:07.0515 2712 Fips - ok
14:12:07.0875 2712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:12:07.0875 2712 Flpydisk - ok
14:12:08.0265 2712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:12:08.0265 2712 FltMgr - ok
14:12:08.0718 2712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:12:08.0734 2712 Fs_Rec - ok
14:12:09.0171 2712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:12:09.0218 2712 Ftdisk - ok
14:12:09.0609 2712 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:12:09.0625 2712 GEARAspiWDM - ok
14:12:10.0000 2712 GenericMount (69f8f310654d699c7e5bd5c67279980f) C:\WINDOWS\system32\DRIVERS\GenericMount.sys
14:12:10.0015 2712 GenericMount - ok
14:12:10.0421 2712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:12:10.0437 2712 Gpc - ok
14:12:10.0812 2712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:12:10.0859 2712 HidUsb - ok
14:12:11.0343 2712 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:12:11.0343 2712 hpn - ok
14:12:11.0781 2712 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:12:11.0796 2712 HPZid412 - ok
14:12:12.0218 2712 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:12:12.0218 2712 HPZipr12 - ok
14:12:12.0609 2712 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:12:12.0625 2712 HPZius12 - ok
14:12:13.0062 2712 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:12:13.0187 2712 HSFHWBS2 - ok
14:12:13.0828 2712 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:12:14.0359 2712 HSF_DP - ok
14:12:14.0796 2712 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:12:14.0937 2712 HTTP - ok
14:12:15.0296 2712 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:12:15.0296 2712 i2omgmt - ok
14:12:15.0687 2712 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:12:15.0734 2712 i2omp - ok
14:12:16.0078 2712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:12:16.0078 2712 i8042prt - ok
14:12:16.0812 2712 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:12:17.0515 2712 ialm - ok
14:12:17.0875 2712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:12:17.0875 2712 Imapi - ok
14:12:18.0296 2712 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:12:18.0296 2712 ini910u - ok
14:12:18.0671 2712 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:12:18.0687 2712 IntelIde - ok
14:12:19.0062 2712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:12:19.0093 2712 intelppm - ok
14:12:19.0500 2712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:12:19.0515 2712 Ip6Fw - ok
14:12:19.0937 2712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:12:19.0968 2712 IpFilterDriver - ok
14:12:20.0343 2712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:12:20.0390 2712 IpInIp - ok
14:12:20.0828 2712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:12:20.0843 2712 IpNat - ok
14:12:21.0234 2712 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:12:21.0265 2712 IPSec - ok
14:12:21.0609 2712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:12:21.0640 2712 IRENUM - ok
14:12:22.0031 2712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:12:22.0031 2712 isapnp - ok
14:12:22.0453 2712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:12:22.0453 2712 Kbdclass - ok
14:12:22.0859 2712 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:12:22.0890 2712 kbdhid - ok
14:12:23.0312 2712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:12:23.0406 2712 kmixer - ok
14:12:23.0796 2712 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:12:23.0828 2712 KSecDD - ok
14:12:24.0187 2712 lbrtfdc - ok
14:12:24.0531 2712 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
14:12:24.0546 2712 MBAMProtector - ok
14:12:24.0937 2712 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:12:24.0937 2712 mdmxsdk - ok
14:12:25.0359 2712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:12:25.0359 2712 mnmdd - ok
14:12:25.0718 2712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:12:25.0765 2712 Modem - ok
14:12:26.0156 2712 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:12:26.0156 2712 MODEMCSA - ok
14:12:26.0531 2712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:12:26.0546 2712 Mouclass - ok
14:12:26.0953 2712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:12:26.0953 2712 mouhid - ok
14:12:27.0359 2712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:12:27.0375 2712 MountMgr - ok
14:12:27.0828 2712 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:12:27.0843 2712 mraid35x - ok
14:12:28.0343 2712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:12:28.0437 2712 MRxDAV - ok
14:12:28.0937 2712 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:12:29.0218 2712 MRxSmb - ok
14:12:29.0546 2712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:12:29.0562 2712 Msfs - ok
14:12:29.0906 2712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:12:29.0906 2712 MSKSSRV - ok
14:12:30.0265 2712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:12:30.0265 2712 MSPCLOCK - ok
14:12:30.0515 2712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:12:30.0531 2712 MSPQM - ok
14:12:30.0750 2712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:12:30.0781 2712 mssmbios - ok
14:12:30.0906 2712 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:12:30.0921 2712 Mup - ok
14:12:31.0156 2712 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120301.001\naveng.sys
14:12:31.0187 2712 NAVENG - ok
14:12:31.0609 2712 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120301.001\navex15.sys
14:12:32.0171 2712 NAVEX15 - ok
14:12:32.0453 2712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:12:32.0484 2712 NDIS - ok
14:12:32.0625 2712 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:12:32.0625 2712 NdisTapi - ok
14:12:32.0765 2712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:12:32.0765 2712 Ndisuio - ok
14:12:33.0015 2712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:12:33.0046 2712 NdisWan - ok
14:12:33.0296 2712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:12:33.0296 2712 NDProxy - ok
14:12:33.0546 2712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:12:33.0546 2712 NetBIOS - ok
14:12:33.0718 2712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:12:33.0718 2712 NetBT - ok
14:12:33.0890 2712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:12:33.0906 2712 Npfs - ok
14:12:34.0109 2712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:12:34.0281 2712 Ntfs - ok
14:12:34.0531 2712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:12:34.0531 2712 Null - ok
14:12:34.0796 2712 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:12:34.0968 2712 nv - ok
14:12:35.0156 2712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:12:35.0156 2712 NwlnkFlt - ok
14:12:35.0375 2712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:12:35.0375 2712 NwlnkFwd - ok
14:12:35.0468 2712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:12:35.0484 2712 Parport - ok
14:12:35.0656 2712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:12:35.0671 2712 PartMgr - ok
14:12:35.0968 2712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:12:35.0968 2712 ParVdm - ok
14:12:36.0218 2712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:12:36.0218 2712 PCI - ok
14:12:36.0375 2712 PCIDump - ok
14:12:36.0625 2712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:12:36.0625 2712 PCIIde - ok
14:12:36.0828 2712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:12:36.0828 2712 Pcmcia - ok
14:12:37.0125 2712 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
14:12:37.0140 2712 pcouffin - ok
14:12:37.0328 2712 PDCOMP - ok
14:12:37.0500 2712 PDFRAME - ok
14:12:37.0640 2712 PDRELI - ok
14:12:37.0718 2712 PDRFRAME - ok
14:12:38.0031 2712 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:12:38.0031 2712 perc2 - ok
14:12:38.0296 2712 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:12:38.0296 2712 perc2hib - ok
14:12:38.0546 2712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:12:38.0546 2712 PptpMiniport - ok
14:12:38.0671 2712 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:12:38.0687 2712 PSched - ok
14:12:38.0796 2712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:12:38.0796 2712 Ptilink - ok
14:12:38.0968 2712 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:12:38.0968 2712 PxHelp20 - ok
14:12:39.0203 2712 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:12:39.0218 2712 ql1080 - ok
14:12:39.0578 2712 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:12:39.0593 2712 Ql10wnt - ok
14:12:39.0765 2712 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:12:39.0781 2712 ql12160 - ok
14:12:40.0062 2712 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:12:40.0062 2712 ql1240 - ok
14:12:40.0406 2712 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:12:40.0406 2712 ql1280 - ok
14:12:40.0640 2712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:12:40.0640 2712 RasAcd - ok
14:12:40.0765 2712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:12:40.0781 2712 Rasl2tp - ok
14:12:41.0109 2712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:12:41.0125 2712 RasPppoe - ok
14:12:41.0359 2712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:12:41.0375 2712 Raspti - ok
14:12:41.0546 2712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:12:41.0562 2712 Rdbss - ok
14:12:41.0687 2712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:12:41.0703 2712 RDPCDD - ok
14:12:41.0953 2712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:12:41.0984 2712 rdpdr - ok
14:12:42.0281 2712 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:12:42.0312 2712 RDPWD - ok
14:12:42.0515 2712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:12:42.0515 2712 redbook - ok
14:12:42.0671 2712 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
14:12:42.0750 2712 SAVRT - ok
14:12:42.0875 2712 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
14:12:42.0890 2712 SAVRTPEL - ok
14:12:43.0125 2712 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
14:12:43.0125 2712 SbcpHid - ok
14:12:43.0437 2712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:12:43.0468 2712 Secdrv - ok
14:12:43.0765 2712 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
14:12:43.0906 2712 senfilt - ok
14:12:44.0093 2712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:12:44.0093 2712 serenum - ok
14:12:44.0312 2712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:12:44.0328 2712 Serial - ok
14:12:44.0593 2712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:12:44.0593 2712 Sfloppy - ok
14:12:44.0765 2712 Simbad - ok
14:12:45.0015 2712 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:12:45.0015 2712 sisagp - ok
14:12:45.0265 2712 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
14:12:45.0328 2712 smwdm - ok
14:12:45.0437 2712 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:12:45.0437 2712 Sparrow - ok
14:12:45.0593 2712 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
14:12:45.0671 2712 SPBBCDrv - ok
14:12:46.0000 2712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:12:46.0015 2712 splitter - ok
14:12:46.0281 2712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:12:46.0312 2712 sr - ok
14:12:46.0531 2712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:12:46.0671 2712 Srv - ok
14:12:47.0015 2712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:12:47.0015 2712 swenum - ok
14:12:47.0359 2712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:12:47.0359 2712 swmidi - ok
14:12:47.0687 2712 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:12:47.0687 2712 symc810 - ok
14:12:47.0953 2712 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:12:47.0953 2712 symc8xx - ok
14:12:48.0093 2712 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
14:12:48.0125 2712 SymEvent - ok
14:12:48.0375 2712 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
14:12:48.0375 2712 SYMREDRV - ok
14:12:48.0640 2712 symsnap (b1fc68743a34d3acf01405a7fca6561d) C:\WINDOWS\system32\DRIVERS\symsnap.sys
14:12:48.0640 2712 symsnap - ok
14:12:48.0968 2712 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
14:12:49.0015 2712 SYMTDI - ok
14:12:49.0250 2712 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:12:49.0250 2712 sym_hi - ok
14:12:49.0562 2712 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:12:49.0562 2712 sym_u3 - ok
14:12:49.0765 2712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:12:49.0765 2712 sysaudio - ok
14:12:50.0125 2712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:12:50.0296 2712 Tcpip - ok
14:12:50.0578 2712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:12:50.0578 2712 TDPIPE - ok
14:12:50.0765 2712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:12:50.0781 2712 TDTCP - ok
14:12:51.0203 2712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:12:51.0218 2712 TermDD - ok
14:12:51.0593 2712 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:12:51.0593 2712 TosIde - ok
14:12:51.0859 2712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:12:51.0890 2712 Udfs - ok
14:12:52.0078 2712 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:12:52.0078 2712 ultra - ok
14:12:52.0296 2712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:12:52.0390 2712 Update - ok
14:12:52.0671 2712 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:12:52.0687 2712 usbccgp - ok
14:12:52.0937 2712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:12:52.0953 2712 usbehci - ok
14:12:53.0140 2712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:12:53.0156 2712 usbhub - ok
14:12:53.0343 2712 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:12:53.0343 2712 usbprint - ok
14:12:53.0515 2712 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:12:53.0515 2712 usbscan - ok
14:12:53.0796 2712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:12:53.0796 2712 USBSTOR - ok
14:12:53.0953 2712 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:12:53.0968 2712 usbuhci - ok
14:12:54.0218 2712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:12:54.0218 2712 VgaSave - ok
14:12:54.0375 2712 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:12:54.0390 2712 viaagp - ok
14:12:54.0703 2712 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:12:54.0703 2712 ViaIde - ok
14:12:54.0875 2712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:12:54.0875 2712 VolSnap - ok
14:12:55.0062 2712 VProEventMonitor (ef3506b04eb9124240b35148eaacbaa5) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
14:12:55.0078 2712 VProEventMonitor - ok
14:12:55.0343 2712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:12:55.0343 2712 Wanarp - ok
14:12:55.0609 2712 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:12:55.0734 2712 Wdf01000 - ok
14:12:56.0062 2712 WDICA - ok
14:12:56.0343 2712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:12:56.0375 2712 wdmaud - ok
14:12:56.0562 2712 WimFltr (090a2b8f055343815556a01f725f6c35) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
14:12:56.0671 2712 WimFltr - ok
14:12:57.0078 2712 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:12:57.0375 2712 winachsf - ok
14:12:57.0734 2712 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:12:57.0734 2712 WS2IFSL - ok
14:12:57.0828 2712 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
14:12:59.0109 2712 \Device\Harddisk0\DR0 - ok
14:12:59.0187 2712 Boot (0x1200) (5613a4ae3782a0897670c98113b30eac) \Device\Harddisk0\DR0\Partition0
14:12:59.0218 2712 \Device\Harddisk0\DR0\Partition0 - ok
14:12:59.0281 2712 Boot (0x1200) (6f3bc9fbda4abc877a26a80627bc30a8) \Device\Harddisk0\DR0\Partition1
14:12:59.0281 2712 \Device\Harddisk0\DR0\Partition1 - ok
14:12:59.0296 2712 ============================================================
14:12:59.0296 2712 Scan finished
14:12:59.0296 2712 ============================================================
14:12:59.0312 3392 Detected object count: 0
14:12:59.0312 3392 Actual detected object count: 0
14:17:04.0468 0324 Deinitialize success


----- GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-04 10:06:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3802110A rev.3.ADH
Running: dgko4vzwGMER.exe; Driver: C:\DOCUME~1\admin1\LOCALS~1\Temp\kwrcqpod.sys


---- System - GMER 1.0.15 ----

SSDT 8674DA70 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEEA23350]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEEA23580]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xEDF3C6D0]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6E2CF80]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[452] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2424] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2424] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2424] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2424] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2424] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2424] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2424] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2424] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2424] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\internet explorer\iexplore.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\InprocServer32@ mscoree.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\InprocServer32@Class System.Reflection.TargetException
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\InprocServer32\1.0.5000.0
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\InprocServer32\1.0.5000.0@Class System.Reflection.TargetException
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{E5C2559B-29BB-5994-97AE-BDE2D07E0CBE}\ProgId@ System.Reflection.TargetException

---- EOF - GMER 1.0.15 ----

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:02 AM

Posted 05 March 2012 - 03:27 AM

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply



Can you launch your applications now?

#7 astro3ron

astro3ron
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 06 March 2012 - 02:21 PM

Have done ESET before and it found nothing. Tried to run GMER a 2nd time, and got the BSOD. Also, after turning off the real time scan on Symantec AV Corp Ed and running GMER, I rechecked the real time scan box in SAV, rebooted and now MS Security center says that SAV is not active. It's as if something is preventing me from making system changes. I'm wondering if it's time to make an image copy of another machine's HDD and deep six this system. Will rescan with ESET later today to see what it finds.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:02 AM

Posted 08 March 2012 - 05:51 AM

What issues do you face now? ignore GMER




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users