1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Blue Screen of Death

Discussion in 'Malware and Virus Removal Archive' started by molsonrn, 2011/05/16.

Page 1 of 2
  1. 2011/05/16
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    [Resolved] Blue Screen of Death

    Hello. It's me again. I have had the blue screen of death 3 times in the past two weeks and things are running slowly, so I thought I should come here before having a major issue. I haven't been to any bad sites, so I am again suspecting facebook. But what do I know. I'm really not trying to take up your time. If I knew of a way (or you know of a way) to prevent myself from having issues I would certainly do it.

    Over the last several days I have run MBAM, Spybot, and an Avast full scan and none of them find anything. I don't think I've downloaded anything new.

    Also, is there anything in my boot-up menu that doesn't need to be there, because it seems to take a really long time?

    MBAM scan just run:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6588

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/16/2011 8:12:59 AM
    mbam-log-2011-05-16 (08-12-59).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 254754
    Time elapsed: 1 hour(s), 22 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Will do the other scans as soon as I get home from work. Just wanted to get this started.

    Thanks.
     
    molsonrn,
    #1
  2. 2011/05/16
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    Not working right

    I ran MBR check and nothing saves to the desktop. Then I ran DDS. It ran fine, I told it to save to desktop and nothing is on the desktop. I told it to save to desktop again and it said it already exists, do you want to replace it. I said yes, but still nothing on the desktop. That is super weird. It has never done that before.
     
    molsonrn,
    #2


  3. to hide this advert.

  4. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What worries me the most is the fact, that this is your 6th visit in malware removal forum sine February of 2010.
    If your computer is really infected again, there is something wrong somewhere with your computing habits.

    Download BlueScreenView (in Zip file)
    No installation required.
    Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
     
    broni,
    #3
  5. 2011/05/16
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    I know.

    Yes, I am well aware of how often I come here. That would be why I started the post apologizing for even being here and asking for help to prevent it from happening again.

    Mini051511-01.dmp 5/15/2011 9:56:28 PM BAD_POOL_CALLER 0x000000c2 0x00000040 0x10000000 0x80000000 0x00000000 ntoskrnl.exe ntoskrnl.exe+22f43 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini051511-01.dmp 2 15 2600 90,112
    Mini051411-01.dmp 5/14/2011 3:33:48 PM PAGE_FAULT_IN_NONPAGED_AREA 0x10000050 0x96258d48 0x00000000 0x805bc23d 0x00000000 aswSnx.SYS aswSnx.SYS+376a1 avast! Virtualization Driver avast! Antivirus System AVAST Software 6.0.1125.0 32-bit C:\WINDOWS\Minidump\Mini051411-01.dmp 2 15 2600 90,112
    Mini042211-01.dmp 4/22/2011 11:36:09 AM BAD_POOL_CALLER 0x000000c2 0x00000040 0x10000000 0x80000000 0x00000000 ntoskrnl.exe ntoskrnl.exe+22f43 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini042211-01.dmp 2 15 2600 90,112
    Mini020211-01.dmp 2/2/2011 10:26:52 PM PAGE_FAULT_IN_NONPAGED_AREA 0x10000050 0xf7dea038 0x00000000 0xb6243eed 0x00000000 pxtdypow.sys pxtdypow.sys+beed 32-bit C:\WINDOWS\Minidump\Mini020211-01.dmp 2 15 2600 90,112
    Mini121210-03.dmp 12/12/2010 2:36:56 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121210-03.dmp 2 15 2600 90,112
    Mini121210-02.dmp 12/12/2010 12:42:27 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121210-02.dmp 2 15 2600 90,112
    Mini121210-01.dmp 12/12/2010 10:30:23 AM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121210-01.dmp 2 15 2600 90,112
    Mini121110-04.dmp 12/11/2010 6:22:45 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121110-04.dmp 2 15 2600 90,112
    Mini121110-03.dmp 12/11/2010 2:15:29 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121110-03.dmp 2 15 2600 90,112
    Mini121110-02.dmp 12/11/2010 1:08:12 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121110-02.dmp 2 15 2600 90,112
    Mini121110-01.dmp 12/11/2010 11:37:05 AM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121110-01.dmp 2 15 2600 90,112
    Mini121010-05.dmp 12/10/2010 7:43:58 PM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121010-05.dmp 2 15 2600 90,112
    Mini121010-04.dmp 12/10/2010 9:39:00 AM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121010-04.dmp 2 15 2600 90,112
    Mini121010-03.dmp 12/10/2010 9:10:51 AM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121010-03.dmp 2 15 2600 90,112
    Mini121010-02.dmp 12/10/2010 8:49:11 AM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121010-02.dmp 2 15 2600 90,112
    Mini121010-01.dmp 12/10/2010 8:41:40 AM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000023 0x00000002 0x00000000 0x8050c653 ntoskrnl.exe ntoskrnl.exe+35653 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini121010-01.dmp 2 15 2600 90,112
    Mini102610-01.dmp 10/26/2010 6:24:39 AM IRQL_NOT_LESS_OR_EQUAL 0x1000000a 0x00000004 0x00000002 0x00000001 0x80535b2b Ntfs.sys Ntfs.sys+66af NT File System Driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.5512 (xpsp.080413-2111) 32-bit C:\WINDOWS\Minidump\Mini102610-01.dmp 2 15 2600 90,112
    Mini081609-01.dmp 8/16/2009 3:51:21 PM BAD_POOL_CALLER 0x000000c2 0x00000040 0x08c04000 0x80000000 0x00000000 ntoskrnl.exe ntoskrnl.exe+22f43 NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) 32-bit C:\WINDOWS\Minidump\Mini081609-01.dmp 2 15 2600 90,112
     
    molsonrn,
    #4
  6. 2011/05/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =====================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".
     
    broni,
    #5
  7. 2011/05/17
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    can't

    Like I said in my last post, I can't get anything to save to the desktop. I tried to save the bootkit remover, I told it desktop, then the box disappears and there is nothing on the desktop. ???????
     
    molsonrn,
    #6
  8. 2011/05/17
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    tried again

    I downloaded bootkit remover to My Documents. Downloaded 7-zip. Double-clicked on bootkit remover and it said it couldn't be opened because Windows can't find the program to open it.
     
    molsonrn,
    #7
  9. 2011/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download and run exeHelper.

    • Please download exeHelper from Raktor to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file named log.txt will be created in the directory where you ran exeHelper.com
    • Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Then, try to open Bootkit Remover again.
     
    broni,
    #8
  10. 2011/05/17
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    ok

    exeHelper by Raktor
    Build 20100414
    Run at 19:30:03 on 05/17/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--


    But bootkit remover won't open and rootkitunhooker said something about not be able to connect to a driver or something similar.
     
    molsonrn,
    #9
  11. 2011/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log ", save it to your desktop and post in your next reply:
    [​IMG]
     
    broni,
    #10
  12. 2011/05/18
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    tried

    When I clicked on the download link, it was trying to connect and said it was trying to connect to avast.public.com. So I turned off avast to see if that was blocking it from getting through, but it still said it was trying to connect to avast.public.com and then it timed out.

    I'm sorry this is being a pain.....
     
    molsonrn,
    #11
  13. 2011/05/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks like the server is down.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #12
  14. 2011/05/19
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    it said no infection

    2011/05/19 07:41:43.0390 3608 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
    2011/05/19 07:41:43.0765 3608 ================================================================================
    2011/05/19 07:41:43.0765 3608 SystemInfo:
    2011/05/19 07:41:43.0765 3608
    2011/05/19 07:41:43.0765 3608 OS Version: 5.1.2600 ServicePack: 3.0
    2011/05/19 07:41:43.0765 3608 Product type: Workstation
    2011/05/19 07:41:43.0765 3608 ComputerName: M
    2011/05/19 07:41:43.0765 3608 UserName: Melanie
    2011/05/19 07:41:43.0765 3608 Windows directory: C:\WINDOWS
    2011/05/19 07:41:43.0765 3608 System windows directory: C:\WINDOWS
    2011/05/19 07:41:43.0765 3608 Processor architecture: Intel x86
    2011/05/19 07:41:43.0765 3608 Number of processors: 2
    2011/05/19 07:41:43.0765 3608 Page size: 0x1000
    2011/05/19 07:41:43.0765 3608 Boot type: Normal boot
    2011/05/19 07:41:43.0765 3608 ================================================================================
    2011/05/19 07:41:44.0359 3608 Initialize success
    2011/05/19 07:42:21.0046 2836 ================================================================================
    2011/05/19 07:42:21.0046 2836 Scan started
    2011/05/19 07:42:21.0046 2836 Mode: Manual;
    2011/05/19 07:42:21.0046 2836 ================================================================================
    2011/05/19 07:42:21.0250 2836 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2011/05/19 07:42:21.0312 2836 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/05/19 07:42:21.0375 2836 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/05/19 07:42:21.0406 2836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/05/19 07:42:21.0437 2836 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/05/19 07:42:21.0515 2836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/05/19 07:42:21.0578 2836 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/05/19 07:42:21.0625 2836 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/05/19 07:42:21.0640 2836 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/05/19 07:42:21.0687 2836 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/05/19 07:42:21.0703 2836 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/05/19 07:42:21.0718 2836 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/05/19 07:42:21.0765 2836 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/05/19 07:42:21.0796 2836 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/05/19 07:42:21.0828 2836 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/05/19 07:42:21.0875 2836 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    2011/05/19 07:42:21.0937 2836 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/05/19 07:42:22.0000 2836 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
    2011/05/19 07:42:22.0031 2836 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/05/19 07:42:22.0062 2836 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/05/19 07:42:22.0109 2836 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/05/19 07:42:22.0203 2836 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011/05/19 07:42:22.0234 2836 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
    2011/05/19 07:42:22.0250 2836 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
    2011/05/19 07:42:22.0312 2836 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
    2011/05/19 07:42:22.0359 2836 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
    2011/05/19 07:42:22.0375 2836 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
    2011/05/19 07:42:22.0421 2836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/05/19 07:42:22.0484 2836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/05/19 07:42:22.0593 2836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/05/19 07:42:22.0609 2836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/05/19 07:42:22.0656 2836 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    2011/05/19 07:42:22.0718 2836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/05/19 07:42:22.0750 2836 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/05/19 07:42:22.0765 2836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/05/19 07:42:22.0796 2836 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/05/19 07:42:22.0843 2836 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/05/19 07:42:22.0906 2836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/05/19 07:42:22.0984 2836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/05/19 07:42:23.0031 2836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/05/19 07:42:23.0125 2836 CLBStor (eae645ef188964355fc03167a05177f3) C:\WINDOWS\system32\drivers\CLBStor.sys
    2011/05/19 07:42:23.0187 2836 CLBUDF (ff88c416df8457174f3a04b07457ea0d) C:\WINDOWS\system32\drivers\CLBUDF.sys
    2011/05/19 07:42:23.0234 2836 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/05/19 07:42:23.0328 2836 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/05/19 07:42:23.0343 2836 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/05/19 07:42:23.0375 2836 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/05/19 07:42:23.0437 2836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/05/19 07:42:23.0500 2836 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/05/19 07:42:23.0531 2836 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/05/19 07:42:23.0562 2836 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2011/05/19 07:42:23.0593 2836 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/05/19 07:42:23.0640 2836 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/05/19 07:42:23.0656 2836 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/05/19 07:42:23.0703 2836 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    2011/05/19 07:42:23.0734 2836 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/05/19 07:42:23.0765 2836 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/05/19 07:42:23.0843 2836 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/05/19 07:42:23.0890 2836 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/05/19 07:42:23.0921 2836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/05/19 07:42:23.0968 2836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/05/19 07:42:24.0015 2836 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/05/19 07:42:24.0062 2836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/05/19 07:42:24.0109 2836 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/05/19 07:42:24.0140 2836 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/05/19 07:42:24.0218 2836 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/05/19 07:42:24.0312 2836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/05/19 07:42:24.0375 2836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/05/19 07:42:24.0421 2836 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/05/19 07:42:24.0453 2836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/05/19 07:42:24.0531 2836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/05/19 07:42:24.0546 2836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/05/19 07:42:24.0640 2836 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/05/19 07:42:24.0687 2836 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/05/19 07:42:24.0734 2836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/05/19 07:42:24.0812 2836 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/05/19 07:42:24.0843 2836 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/05/19 07:42:24.0875 2836 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/05/19 07:42:24.0937 2836 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/05/19 07:42:25.0000 2836 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/05/19 07:42:25.0046 2836 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/05/19 07:42:25.0125 2836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/05/19 07:42:25.0203 2836 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/05/19 07:42:25.0281 2836 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/05/19 07:42:25.0328 2836 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/05/19 07:42:25.0375 2836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/05/19 07:42:25.0421 2836 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/05/19 07:42:25.0468 2836 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/05/19 07:42:25.0500 2836 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/05/19 07:42:25.0546 2836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/05/19 07:42:25.0609 2836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/05/19 07:42:25.0703 2836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/05/19 07:42:25.0765 2836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/05/19 07:42:25.0812 2836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/05/19 07:42:25.0859 2836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/05/19 07:42:25.0906 2836 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/05/19 07:42:25.0968 2836 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/05/19 07:42:26.0015 2836 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/05/19 07:42:26.0078 2836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/05/19 07:42:26.0125 2836 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/05/19 07:42:26.0250 2836 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2011/05/19 07:42:26.0312 2836 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
    2011/05/19 07:42:26.0343 2836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/05/19 07:42:26.0453 2836 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/05/19 07:42:26.0515 2836 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/05/19 07:42:26.0578 2836 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/05/19 07:42:26.0625 2836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/05/19 07:42:26.0671 2836 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/05/19 07:42:26.0703 2836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/05/19 07:42:26.0750 2836 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/05/19 07:42:26.0796 2836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/05/19 07:42:26.0843 2836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/05/19 07:42:26.0921 2836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/05/19 07:42:26.0968 2836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/05/19 07:42:27.0046 2836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/05/19 07:42:27.0125 2836 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/05/19 07:42:27.0218 2836 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/05/19 07:42:27.0250 2836 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/05/19 07:42:27.0343 2836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/05/19 07:42:27.0421 2836 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/05/19 07:42:27.0453 2836 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/05/19 07:42:27.0484 2836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/05/19 07:42:27.0546 2836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/05/19 07:42:27.0640 2836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/05/19 07:42:27.0687 2836 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\WINDOWS\system32\DRIVERS\netaapl.sys
    2011/05/19 07:42:27.0765 2836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/05/19 07:42:27.0796 2836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/05/19 07:42:27.0890 2836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/05/19 07:42:27.0953 2836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/05/19 07:42:28.0046 2836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/05/19 07:42:28.0375 2836 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/05/19 07:42:28.0687 2836 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
    2011/05/19 07:42:28.0765 2836 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
    2011/05/19 07:42:28.0859 2836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/05/19 07:42:28.0875 2836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/05/19 07:42:28.0937 2836 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/05/19 07:42:29.0000 2836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/05/19 07:42:29.0031 2836 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/05/19 07:42:29.0109 2836 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/05/19 07:42:29.0156 2836 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/05/19 07:42:29.0187 2836 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
    2011/05/19 07:42:29.0250 2836 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/05/19 07:42:29.0406 2836 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
    2011/05/19 07:42:29.0468 2836 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/05/19 07:42:29.0500 2836 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/05/19 07:42:29.0593 2836 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
    2011/05/19 07:42:29.0703 2836 PinnacleMarvinUsb (e70022ca483b9d2e2062fea2d7b88440) C:\WINDOWS\system32\DRIVERS\MarvinUsb.sys
    2011/05/19 07:42:29.0765 2836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/05/19 07:42:29.0812 2836 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/05/19 07:42:29.0843 2836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/05/19 07:42:29.0890 2836 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
    2011/05/19 07:42:29.0953 2836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/05/19 07:42:30.0000 2836 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/05/19 07:42:30.0046 2836 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/05/19 07:42:30.0062 2836 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/05/19 07:42:30.0093 2836 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/05/19 07:42:30.0109 2836 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/05/19 07:42:30.0125 2836 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/05/19 07:42:30.0187 2836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/05/19 07:42:30.0250 2836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/05/19 07:42:30.0265 2836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/05/19 07:42:30.0281 2836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/05/19 07:42:30.0328 2836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/05/19 07:42:30.0343 2836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/05/19 07:42:30.0390 2836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/05/19 07:42:30.0437 2836 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/05/19 07:42:30.0468 2836 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/05/19 07:42:30.0578 2836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/05/19 07:42:30.0656 2836 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/05/19 07:42:30.0687 2836 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/05/19 07:42:30.0750 2836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/05/19 07:42:30.0828 2836 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/05/19 07:42:30.0890 2836 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/05/19 07:42:30.0953 2836 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/05/19 07:42:30.0968 2836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/05/19 07:42:31.0031 2836 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/05/19 07:42:31.0062 2836 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/05/19 07:42:31.0156 2836 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
    2011/05/19 07:42:31.0265 2836 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/05/19 07:42:31.0296 2836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/05/19 07:42:31.0328 2836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/05/19 07:42:31.0375 2836 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/05/19 07:42:31.0390 2836 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/05/19 07:42:31.0406 2836 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/05/19 07:42:31.0437 2836 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/05/19 07:42:31.0484 2836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/05/19 07:42:31.0562 2836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/05/19 07:42:31.0593 2836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/05/19 07:42:31.0656 2836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/05/19 07:42:31.0718 2836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/05/19 07:42:31.0765 2836 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/05/19 07:42:31.0796 2836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/05/19 07:42:31.0843 2836 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/05/19 07:42:31.0906 2836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/05/19 07:42:31.0984 2836 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/05/19 07:42:32.0031 2836 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/05/19 07:42:32.0093 2836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/05/19 07:42:32.0140 2836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/05/19 07:42:32.0171 2836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/05/19 07:42:32.0234 2836 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/05/19 07:42:32.0296 2836 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/05/19 07:42:32.0343 2836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/05/19 07:42:32.0390 2836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/05/19 07:42:32.0437 2836 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/05/19 07:42:32.0484 2836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/05/19 07:42:32.0546 2836 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/05/19 07:42:32.0625 2836 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/05/19 07:42:32.0687 2836 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/05/19 07:42:32.0750 2836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/05/19 07:42:32.0875 2836 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2011/05/19 07:42:32.0921 2836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/05/19 07:42:33.0031 2836 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/05/19 07:42:33.0062 2836 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/05/19 07:42:33.0109 2836 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/05/19 07:42:33.0140 2836 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/05/19 07:42:33.0234 2836 ================================================================================
    2011/05/19 07:42:33.0234 2836 Scan finished
    2011/05/19 07:42:33.0234 2836 ================================================================================
     
    molsonrn,
    #13
  15. 2011/05/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, try aswMBR now.
    It's working.
     
    broni,
    #14
  16. 2011/05/19
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    mbr

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-19 19:57:52
    -----------------------------
    19:57:52.531 OS Version: Windows 5.1.2600 Service Pack 3
    19:57:52.531 Number of processors: 2 586 0x4B02
    19:57:52.531 ComputerName: M UserName:
    19:57:52.984 Initialize success
    19:57:55.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    19:57:55.937 Disk 0 Vendor: ST3160812AS 3.ADH Size: 152587MB BusType: 3
    19:57:57.984 Disk 0 MBR read successfully
    19:57:57.984 Disk 0 MBR scan
    19:57:57.984 Disk 0 unknown MBR code
    19:58:00.078 Disk 0 scanning sectors +312496380
    19:58:00.093 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:58:06.687 Service scanning
    19:58:07.906 Disk 0 trace - called modules:
    19:58:07.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    19:58:07.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861cbab8]
    19:58:07.906 3 CLASSPNP.SYS[f74a7fd7] -> nt!IofCallDriver -> \Device\00000061[0x861eff18]
    19:58:07.906 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86144940]
    19:58:07.906 Scan finished successfully
    19:58:23.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Melanie\Desktop\MBR.dat "
    19:58:23.250 The log file has been saved successfully to "C:\Documents and Settings\Melanie\Desktop\aswMBR.txt "
     
    molsonrn,
    #15
  17. 2011/05/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run aswMBR.exe again...

    • Click the Scan button as before.
    • Once the scan has completed, the Fix button should become active - click it.
    • If FixMBR becomes active instead, click that one.
    • The tool will decide which option to give you, but take Fix first, if it's offered.
    • Once complete, click Save log as before, save it to your desktop and post in your next reply.
     
    broni,
    #16
  18. 2011/05/21
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    mbr again

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-21 09:04:04
    -----------------------------
    09:04:04.781 OS Version: Windows 5.1.2600 Service Pack 3
    09:04:04.781 Number of processors: 2 586 0x4B02
    09:04:04.781 ComputerName: M UserName:
    09:04:05.031 Initialize success
    09:04:07.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    09:04:07.312 Disk 0 Vendor: ST3160812AS 3.ADH Size: 152587MB BusType: 3
    09:04:09.343 Disk 0 MBR read successfully
    09:04:09.343 Disk 0 MBR scan
    09:04:09.343 Disk 0 unknown MBR code
    09:04:11.343 Disk 0 scanning sectors +312496380
    09:04:11.359 Disk 0 scanning C:\WINDOWS\system32\drivers
    09:04:18.875 Service scanning
    09:04:19.875 Disk 0 trace - called modules:
    09:04:19.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    09:04:19.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861cbab8]
    09:04:19.890 3 CLASSPNP.SYS[f74a7fd7] -> nt!IofCallDriver -> \Device\00000061[0x861eff18]
    09:04:19.890 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86144940]
    09:04:19.890 Scan finished successfully
    09:05:03.437 Disk 0 Windows 501 MBR fixed successfully
    09:05:17.265 Disk 0 Windows 501 MBR fixed successfully
    09:05:24.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Melanie\Desktop\MBR.dat "
    09:05:24.765 The log file has been saved successfully to "C:\Documents and Settings\Melanie\Desktop\aswMBR.txt "
     
    molsonrn,
    #17
  19. 2011/05/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #18
  20. 2011/05/23
    molsonrn

    molsonrn Inactive Thread Starter

    Joined:
    2010/02/08
    Messages:
    121
    Likes Received:
    0
    ok

    I apologize. I was waiting for an email to tell you me you responded, but didn't get one.

    I cannot save anything to the desktop and I don't know why. I click on the link to download and then things download somewhere and don't offer me an option of WHERE to save it to.
     
    molsonrn,
    #19
  21. 2011/05/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Save it to a location, where normally your downloads go and then copy it to your desktop.
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...