Unknown Malware/Spware. Need Help!!

View previous topic View next topic Go down

Unknown Malware/Spware. Need Help!!

Post by mufi02 on Tue 19 Jul 2011, 5:12 am

I have windows 7 operating system in my laptop. I left my comp for few hours and when I came back I saw a dialog box asking "VLC Plugin for Firefox". Stupidly enough, I thought it was the real VLC and downloaded it. The setup downloaded the file and I immediately realized it was some form of malware/spyware as my laptop went to blue screen. I restarted it and it seemed to be working fine but the blue screen came up after 5 mins and the cycle continued. I noticed a new file called 'FileZilly" was downloaded in my computer. I tried running Malwarebytes but after 5-10 secs the program closes by itself. I tried running Avast and CCleaner but they all close after few secs and later when I clicked on .exe file it doesn't open, saying "windows can't open the specified file...". I really don't know what to do and so any suggestions will be really helpful. Thank You

mufi02

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-07-19
Operating System : windows 7

View user profile

Back to top Go down

Re: Unknown Malware/Spware. Need Help!!

Post by Gabethebabe on Tue 19 Jul 2011, 9:37 pm

Hi there mufi02!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst Im helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. Im here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesnt mean it is clean yet!

====================

Please download OTL by OldTimer from here and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
explorer.exe
userinit.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

  • Double click aswMBR.exe to run the tool
  • Click the Scan button to start the scan
  • Dont panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Unknown Malware/Spware. Need Help!!

Post by mufi02 on Wed 20 Jul 2011, 3:17 pm

I tried running OTL. It was scanning and after a while it stopped. Few suspicious antivirus program popped up and they started scanning and saying my computer is infected. i tried opening OTL but in my taskbar it said OTL.exe was infected by some Win32 virus or something. I tried opening IE but that also said the same thing. I then had to restart my laptop.

mufi02

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-07-19
Operating System : windows 7

View user profile

Back to top Go down

Re: Unknown Malware/Spware. Need Help!!

Post by Gabethebabe on Wed 20 Jul 2011, 6:42 pm

You might be infected with some fake antivirus. Lets try the following:

Please download RKill by Grinler from Download Mirror #1 and save it to your desktop.
Download Mirror #1 (rkill.exe)
Download Mirror #2 (rkill.scr)
Download Mirror #3 (rkill.com)
Download Mirror #4 (WiNlOgOn.exe)
Download Mirror #5 (uSeRiNiT.exe)
Download Mirror #6 (iExplore.exe)
Download Mirror #7 (eXplorer.exe)

  • Double click the RKill desktop icon (rightclick > Run as Administrator for Vista/WIN7).
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and try using Mirror #2
  • Continue process until the tool runs.
  • Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.

====================

After this, try running OTL again, please.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Unknown Malware/Spware. Need Help!!

Post by mufi02 on Thu 21 Jul 2011, 7:05 am

I ran aswMBR and I got the following log

aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-20 15:55:42
-----------------------------
15:55:42.293 OS Version: Windows 6.1.7601 Service Pack 1
15:55:42.293 Number of processors: 2 586 0xF0A
15:55:42.293 ComputerName: MUSTAFA-PC UserName:
15:55:50.623 Initialize success
15:55:51.216 AVAST engine defs: 11072001
15:55:58.641 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:55:58.641 Disk 0 Vendor: ST912082 3.AD Size: 114473MB BusType: 3
15:55:58.657 Disk 0 MBR read successfully
15:55:58.657 Disk 0 MBR scan
15:55:59.000 Disk 0 MBR:Alureon-G [Rtk]
15:55:59.016 Disk 0 TDL4@MBR code has been found
15:55:59.016 Disk 0 Windows 7 default MBR code found via API
15:55:59.016 Disk 0 MBR hidden
15:55:59.031 Disk 0 MBR [TDL4] **ROOTKIT**
15:55:59.031 Disk 0 trace - called modules:
15:55:59.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x855914d0]<<
15:55:59.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85554528]
15:55:59.063 3 CLASSPNP.SYS[885a659e] -> nt!IofCallDriver -> [0x8557b338]
15:55:59.078 \Driver\iaStor[0x855555a8] -> IRP_MJ_CREATE -> 0x855914d0
15:55:59.437 AVAST engine scan C:\Windows
15:56:04.008 AVAST engine scan C:\Windows\system32
15:58:02.537 AVAST engine scan C:\Windows\system32\drivers
15:58:02.662 File: C:\Windows\system32\drivers\1265917749.sys **INFECTED** Win32:Alureon-AGH [Rtk]
15:58:04.393 File: C:\Windows\system32\drivers\csc.sys **INFECTED** Win32:Alureon-AGH [Rtk]
15:58:12.100 AVAST engine scan C:\Users\Administrator
16:00:09.989 AVAST engine scan C:\ProgramData
16:01:00.533 Scan finished successfully
16:03:18.515 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
16:03:18.547 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"



mufi02

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-07-19
Operating System : windows 7

View user profile

Back to top Go down

Re: Unknown Malware/Spware. Need Help!!

Post by Gabethebabe on Thu 21 Jul 2011, 7:09 am

There is some pretty bad stuff going on.

  • Download TDSSKiller by Kaspersky from here and save it to your desktop
  • Do NOT run it yet!
  • Double click aswMBR.exe to run the tool
  • Click the Scan button to start the scan
  • Once the scan finishes click Fix to fix the infected MBR and close the tool
  • Now Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).
  • Reboot the computer
  • After the reboot, re-run aswMBR
  • Once the scan finishes click Save log to save the log to your desktop
  • Copy and paste the contents of this log (aswMBR.txt) into your next reply.



Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Unknown Malware/Spware. Need Help!!

Post by mufi02 on Thu 21 Jul 2011, 7:28 am

This is the TDS Killer Report

2011/07/20 16:26:28.0187 1816 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/20 16:26:28.0437 1816 ================================================================================
2011/07/20 16:26:28.0437 1816 SystemInfo:
2011/07/20 16:26:28.0437 1816
2011/07/20 16:26:28.0437 1816 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/20 16:26:28.0437 1816 Product type: Workstation
2011/07/20 16:26:28.0437 1816 ComputerName: MUSTAFA-PC
2011/07/20 16:26:28.0437 1816 UserName: Administrator
2011/07/20 16:26:28.0437 1816 Windows directory: C:\Windows
2011/07/20 16:26:28.0437 1816 System windows directory: C:\Windows
2011/07/20 16:26:28.0437 1816 Processor architecture: Intel x86
2011/07/20 16:26:28.0437 1816 Number of processors: 2
2011/07/20 16:26:28.0437 1816 Page size: 0x1000
2011/07/20 16:26:28.0437 1816 Boot type: Safe boot with network
2011/07/20 16:26:28.0437 1816 ================================================================================
2011/07/20 16:26:28.0951 1816 Initialize success
2011/07/20 16:26:34.0801 1836 ================================================================================
2011/07/20 16:26:34.0801 1836 Scan started
2011/07/20 16:26:34.0801 1836 Mode: Manual;
2011/07/20 16:26:34.0801 1836 ================================================================================
2011/07/20 16:26:35.0691 1836 1265917749 (88473c7ff4698e92bc7177415e14d666) C:\Windows\system32\drivers\1265917749.sys
2011/07/20 16:26:35.0691 1836 Suspicious file (NoAccess): C:\Windows\system32\drivers\1265917749.sys. md5: 88473c7ff4698e92bc7177415e14d666
2011/07/20 16:26:35.0706 1836 1265917749 - detected LockedFile.Multi.Generic (1)
2011/07/20 16:26:35.0784 1836 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/20 16:26:35.0862 1836 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/20 16:26:35.0925 1836 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/20 16:26:36.0034 1836 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/20 16:26:36.0096 1836 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
2011/07/20 16:26:36.0143 1836 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
2011/07/20 16:26:36.0221 1836 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/20 16:26:36.0330 1836 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/20 16:26:36.0424 1836 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
2011/07/20 16:26:36.0502 1836 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/20 16:26:36.0580 1836 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/20 16:26:36.0658 1836 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/20 16:26:36.0720 1836 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
2011/07/20 16:26:36.0798 1836 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
2011/07/20 16:26:36.0923 1836 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/07/20 16:26:36.0985 1836 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
2011/07/20 16:26:37.0032 1836 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/07/20 16:26:37.0095 1836 ApfiltrService (c51ec0615ef781b00b7389521f397132) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/20 16:26:37.0157 1836 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/20 16:26:37.0329 1836 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
2011/07/20 16:26:37.0391 1836 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
2011/07/20 16:26:37.0500 1836 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/07/20 16:26:37.0609 1836 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/07/20 16:26:37.0672 1836 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/07/20 16:26:37.0750 1836 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/07/20 16:26:37.0859 1836 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/07/20 16:26:37.0937 1836 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/07/20 16:26:38.0015 1836 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/20 16:26:38.0124 1836 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/20 16:26:38.0296 1836 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
2011/07/20 16:26:38.0421 1836 b57nd60x (1fd21000184a9fe91b14b8b542a301c1) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/20 16:26:38.0483 1836 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/20 16:26:38.0561 1836 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/20 16:26:38.0686 1836 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/20 16:26:38.0748 1836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
2011/07/20 16:26:38.0811 1836 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
2011/07/20 16:26:38.0873 1836 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/20 16:26:39.0263 1836 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/20 16:26:39.0435 1836 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/20 16:26:39.0575 1836 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/20 16:26:39.0622 1836 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
2011/07/20 16:26:39.0903 1836 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/20 16:26:39.0965 1836 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/20 16:26:40.0012 1836 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
2011/07/20 16:26:40.0059 1836 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/20 16:26:40.0137 1836 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/20 16:26:40.0183 1836 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/20 16:26:40.0230 1836 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/20 16:26:40.0324 1836 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
2011/07/20 16:26:40.0386 1836 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/20 16:26:40.0464 1836 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
2011/07/20 16:26:40.0589 1836 CSC (baeea5f21f3797bb5cb55569370663b6) C:\Windows\system32\drivers\csc.sys
2011/07/20 16:26:40.0729 1836 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/20 16:26:40.0776 1836 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/20 16:26:40.0870 1836 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
2011/07/20 16:26:40.0917 1836 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
2011/07/20 16:26:41.0026 1836 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/20 16:26:41.0104 1836 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/20 16:26:41.0182 1836 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/20 16:26:41.0322 1836 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
2011/07/20 16:26:41.0541 1836 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
2011/07/20 16:26:41.0603 1836 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/20 16:26:41.0728 1836 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/20 16:26:41.0790 1836 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/20 16:26:41.0868 1836 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
2011/07/20 16:26:41.0931 1836 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/20 16:26:42.0009 1836 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/20 16:26:42.0055 1836 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
2011/07/20 16:26:42.0118 1836 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/20 16:26:42.0196 1836 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/20 16:26:42.0274 1836 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/20 16:26:42.0352 1836 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/20 16:26:42.0445 1836 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/20 16:26:42.0508 1836 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/20 16:26:42.0570 1836 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/20 16:26:42.0633 1836 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/07/20 16:26:42.0679 1836 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/20 16:26:42.0742 1836 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
2011/07/20 16:26:42.0804 1836 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
2011/07/20 16:26:42.0867 1836 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
2011/07/20 16:26:42.0945 1836 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/07/20 16:26:43.0054 1836 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/20 16:26:43.0116 1836 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/20 16:26:43.0163 1836 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/20 16:26:43.0257 1836 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/20 16:26:43.0319 1836 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/20 16:26:43.0397 1836 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/07/20 16:26:43.0584 1836 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/20 16:26:43.0849 1836 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
2011/07/20 16:26:44.0005 1836 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/20 16:26:44.0068 1836 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/20 16:26:44.0115 1836 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/20 16:26:44.0161 1836 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/20 16:26:44.0208 1836 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/20 16:26:44.0286 1836 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/20 16:26:44.0364 1836 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/20 16:26:44.0411 1836 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/20 16:26:44.0505 1836 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/20 16:26:44.0567 1836 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/07/20 16:26:44.0614 1836 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/20 16:26:44.0692 1836 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/20 16:26:44.0832 1836 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/20 16:26:44.0941 1836 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/20 16:26:45.0004 1836 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/20 16:26:45.0066 1836 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
2011/07/20 16:26:45.0113 1836 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/20 16:26:45.0191 1836 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/20 16:26:45.0253 1836 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
2011/07/20 16:26:45.0331 1836 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
2011/07/20 16:26:45.0409 1836 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/20 16:26:45.0487 1836 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/20 16:26:45.0550 1836 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/20 16:26:45.0628 1836 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys
2011/07/20 16:26:45.0675 1836 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/20 16:26:45.0737 1836 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/20 16:26:46.0143 1836 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/20 16:26:46.0189 1836 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/20 16:26:46.0252 1836 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/20 16:26:46.0299 1836 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/20 16:26:46.0330 1836 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/20 16:26:46.0361 1836 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/07/20 16:26:46.0408 1836 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/07/20 16:26:46.0501 1836 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/20 16:26:46.0548 1836 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/20 16:26:46.0595 1836 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/20 16:26:46.0673 1836 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/20 16:26:46.0735 1836 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/20 16:26:46.0782 1836 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/20 16:26:46.0829 1836 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/20 16:26:46.0876 1836 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/20 16:26:46.0954 1836 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/20 16:26:47.0016 1836 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
2011/07/20 16:26:47.0063 1836 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/20 16:26:47.0141 1836 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/20 16:26:47.0219 1836 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/20 16:26:47.0313 1836 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/20 16:26:47.0375 1836 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/20 16:26:47.0422 1836 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/20 16:26:47.0469 1836 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/20 16:26:47.0515 1836 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/20 16:26:47.0562 1836 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/20 16:26:47.0609 1836 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/20 16:26:47.0827 1836 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/07/20 16:26:47.0999 1836 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
2011/07/20 16:26:48.0061 1836 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/20 16:26:48.0108 1836 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/20 16:26:48.0186 1836 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/07/20 16:26:48.0295 1836 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/20 16:26:48.0342 1836 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/07/20 16:26:48.0405 1836 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/07/20 16:26:48.0467 1836 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/20 16:26:48.0529 1836 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/20 16:26:48.0654 1836 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
2011/07/20 16:26:48.0701 1836 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/20 16:26:48.0763 1836 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
2011/07/20 16:26:48.0857 1836 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/20 16:26:48.0919 1836 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/20 16:26:48.0997 1836 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/20 16:26:49.0060 1836 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/20 16:26:49.0107 1836 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/20 16:26:49.0341 1836 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/20 16:26:49.0387 1836 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
2011/07/20 16:26:49.0481 1836 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/20 16:26:49.0575 1836 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
2011/07/20 16:26:49.0668 1836 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
2011/07/20 16:26:49.0731 1836 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/20 16:26:49.0809 1836 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/20 16:26:49.0871 1836 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/20 16:26:49.0918 1836 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/20 16:26:49.0980 1836 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/20 16:26:50.0027 1836 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/20 16:26:50.0074 1836 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/20 16:26:50.0121 1836 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/20 16:26:50.0167 1836 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/20 16:26:50.0214 1836 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/07/20 16:26:50.0277 1836 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/20 16:26:50.0323 1836 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/20 16:26:50.0448 1836 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/07/20 16:26:50.0511 1836 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/20 16:26:50.0557 1836 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/20 16:26:50.0729 1836 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/20 16:26:50.0776 1836 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/07/20 16:26:50.0854 1836 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/20 16:26:50.0901 1836 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/20 16:26:51.0010 1836 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/20 16:26:51.0119 1836 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/20 16:26:51.0166 1836 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/20 16:26:51.0228 1836 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
2011/07/20 16:26:51.0322 1836 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/20 16:26:51.0369 1836 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/20 16:26:51.0400 1836 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/20 16:26:51.0447 1836 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
2011/07/20 16:26:51.0525 1836 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/20 16:26:51.0618 1836 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
2011/07/20 16:26:51.0681 1836 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
2011/07/20 16:26:51.0727 1836 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/20 16:26:51.0790 1836 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/20 16:26:51.0883 1836 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/20 16:26:51.0930 1836 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/20 16:26:51.0993 1836 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/20 16:26:52.0055 1836 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/20 16:26:52.0133 1836 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/20 16:26:52.0211 1836 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/20 16:26:52.0305 1836 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
2011/07/20 16:26:52.0367 1836 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/07/20 16:26:52.0461 1836 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/20 16:26:52.0539 1836 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/07/20 16:26:52.0632 1836 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/20 16:26:52.0726 1836 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\Synth3dVsc.sys
2011/07/20 16:26:52.0851 1836 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/20 16:26:52.0975 1836 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/20 16:26:53.0069 1836 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/20 16:26:53.0147 1836 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/20 16:26:53.0194 1836 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/20 16:26:53.0256 1836 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/20 16:26:53.0303 1836 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/20 16:26:53.0350 1836 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
2011/07/20 16:26:53.0490 1836 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/20 16:26:53.0568 1836 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/20 16:26:53.0615 1836 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
2011/07/20 16:26:53.0662 1836 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
2011/07/20 16:26:53.0724 1836 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/20 16:26:53.0771 1836 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
2011/07/20 16:26:53.0818 1836 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/20 16:26:53.0896 1836 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/20 16:26:53.0974 1836 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/20 16:26:54.0036 1836 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
2011/07/20 16:26:54.0114 1836 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/20 16:26:54.0161 1836 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
2011/07/20 16:26:54.0223 1836 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/20 16:26:54.0270 1836 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/20 16:26:54.0333 1836 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/20 16:26:54.0395 1836 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/07/20 16:26:54.0457 1836 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
2011/07/20 16:26:54.0489 1836 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/20 16:26:54.0551 1836 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/20 16:26:54.0613 1836 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/20 16:26:54.0676 1836 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/20 16:26:54.0707 1836 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/20 16:26:54.0816 1836 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/20 16:26:54.0894 1836 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/20 16:26:54.0941 1836 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
2011/07/20 16:26:54.0988 1836 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/20 16:26:55.0035 1836 vm3dmp (e2d93ecd5a0f3bfba99d023074c73f6a) C:\Windows\system32\DRIVERS\vm3dmp.sys
2011/07/20 16:26:55.0144 1836 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/07/20 16:26:55.0206 1836 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/20 16:26:55.0284 1836 vmmouse (17cd671136032e3a202b4a9c6c4c9dba) C:\Windows\system32\DRIVERS\vmmouse.sys
2011/07/20 16:26:55.0331 1836 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/20 16:26:55.0393 1836 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/20 16:26:55.0471 1836 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/20 16:26:55.0534 1836 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
2011/07/20 16:26:55.0596 1836 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/20 16:26:55.0737 1836 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
2011/07/20 16:26:55.0799 1836 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/20 16:26:55.0815 1836 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/20 16:26:55.0971 1836 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
2011/07/20 16:26:56.0017 1836 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/20 16:26:56.0142 1836 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/20 16:26:56.0205 1836 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/20 16:26:56.0345 1836 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/07/20 16:26:56.0423 1836 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/20 16:26:56.0548 1836 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/20 16:26:56.0641 1836 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/20 16:26:56.0704 1836 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/20 16:26:56.0766 1836 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/20 16:26:56.0797 1836 Boot (0x1200) (ec9f06a857e2cfca65027df88f152206) \Device\Harddisk0\DR0\Partition0
2011/07/20 16:26:56.0813 1836 ================================================================================
2011/07/20 16:26:56.0813 1836 Scan finished
2011/07/20 16:26:56.0813 1836 ================================================================================
2011/07/20 16:26:56.0844 1748 Detected object count: 1
2011/07/20 16:26:56.0844 1748 Actual detected object count: 1
2011/07/20 16:27:15.0549 1748 LockedFile.Multi.Generic(1265917749) - User select action: Skip

mufi02

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-07-19
Operating System : windows 7

View user profile

Back to top Go down

Re: Unknown Malware/Spware. Need Help!!

Post by mufi02 on Thu 21 Jul 2011, 7:38 am

This is the new log from ASWMBR

aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-20 16:34:01
-----------------------------
16:34:01.040 OS Version: Windows 6.1.7601 Service Pack 1
16:34:01.040 Number of processors: 2 586 0xF0A
16:34:01.040 ComputerName: MUSTAFA-PC UserName:
16:34:08.559 Initialize success
16:34:09.136 AVAST engine defs: 11072001
16:34:11.554 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:34:11.554 Disk 0 Vendor: ST912082 3.AD Size: 114473MB BusType: 3
16:34:11.570 Disk 0 MBR read successfully
16:34:11.570 Disk 0 MBR scan
16:34:11.866 Disk 0 Windows 7 default MBR code
16:34:11.882 Disk 0 scanning sectors +234438656
16:34:12.599 Disk 0 scanning C:\Windows\system32\drivers
16:34:13.660 File: C:\Windows\system32\drivers\1265917749.sys **INFECTED** Win32:Alureon-AGH [Rtk]
16:34:16.765 File: C:\Windows\system32\drivers\csc.sys **INFECTED** Win32:Alureon-AGH [Rtk]
16:34:24.611 Service scanning
16:34:25.891 Disk 0 trace - called modules:
16:34:25.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:34:25.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85554650]
16:34:25.953 3 CLASSPNP.SYS[8859e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84779028]
16:34:26.312 AVAST engine scan C:\Windows
16:34:28.293 AVAST engine scan C:\Windows\system32
16:35:32.378 AVAST engine scan C:\Windows\system32\drivers
16:35:32.487 File: C:\Windows\system32\drivers\1265917749.sys **INFECTED** Win32:Alureon-AGH [Rtk]
16:35:33.642 File: C:\Windows\system32\drivers\csc.sys **INFECTED** Win32:Alureon-AGH [Rtk]
16:35:39.024 AVAST engine scan C:\Users\Administrator
16:36:13.453 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
16:36:13.468 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-20 16:34:01
-----------------------------
16:34:01.040 OS Version: Windows 6.1.7601 Service Pack 1
16:34:01.040 Number of processors: 2 586 0xF0A
16:34:01.040 ComputerName: MUSTAFA-PC UserName:
16:34:08.559 Initialize success
16:34:09.136 AVAST engine defs: 11072001
16:34:11.554 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:34:11.554 Disk 0 Vendor: ST912082 3.AD Size: 114473MB BusType: 3
16:34:11.570 Disk 0 MBR read successfully
16:34:11.570 Disk 0 MBR scan
16:34:11.866 Disk 0 Windows 7 default MBR code
16:34:11.882 Disk 0 scanning sectors +234438656
16:34:12.599 Disk 0 scanning C:\Windows\system32\drivers
16:34:13.660 File: C:\Windows\system32\drivers\1265917749.sys **INFECTED** Win32:Alureon-AGH [Rtk]
16:34:16.765 File: C:\Windows\system32\drivers\csc.sys **INFECTED** Win32:Alureon-AGH [Rtk]
16:34:24.611 Service scanning
16:34:25.891 Disk 0 trace - called modules:
16:34:25.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:34:25.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85554650]
16:34:25.953 3 CLASSPNP.SYS[8859e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84779028]
16:34:26.312 AVAST engine scan C:\Windows
16:34:28.293 AVAST engine scan C:\Windows\system32
16:35:32.378 AVAST engine scan C:\Windows\system32\drivers
16:35:32.487 File: C:\Windows\system32\drivers\1265917749.sys **INFECTED** Win32:Alureon-AGH [Rtk]
16:35:33.642 File: C:\Windows\system32\drivers\csc.sys **INFECTED** Win32:Alureon-AGH [Rtk]
16:35:39.024 AVAST engine scan C:\Users\Administrator
16:36:13.453 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
16:36:13.468 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
16:37:07.086 AVAST engine scan C:\ProgramData
16:37:38.769 Scan finished successfully
16:37:53.090 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
16:37:53.106 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"



mufi02

Newbie Surfer
Newbie Surfer

Posts : 5
Joined : 2011-07-19
Operating System : windows 7

View user profile

Back to top Go down

Re: Unknown Malware/Spware. Need Help!!

Post by Gabethebabe on Thu 21 Jul 2011, 5:53 pm

Ok we killed one part of the infection, but we are not quite there yet.

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop, but do not run it yet.

====================

  • Please create a new text file in Notepad with the following contents:
    Code:
    KILLALL::
    File::
    C:\Windows\system32\drivers\1265917749.sys

    Driver::
    1265917749
  • Save that file as CFScript.txt on your desktop
  • Drag and drop the CFScript.txt onto the ComboFix icon, as shown in the animation below.

  • If done correctly, ComboFix will start and perform cleaning instructions
  • In doing so, ComboFix may request a reboot
  • Please post the contents of Combofix.txt in your next reply



Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Unknown Malware/Spware. Need Help!!

Post by Sponsored content Today at 9:44 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum