Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Link Redirection Virus!


  • Please log in to reply
16 replies to this topic

#1 Kustumb

Kustumb

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 27 July 2011 - 09:30 PM

Hello Fellow Members,

As it seems I have the raging google redirection virus. I have no idea what to do as from what I have researched it seems to be very elusive and in most cases required an expert 'specialists' attention to fix this issue.

Obviously;
my google links are being redirected to random websites.
my antivirus and antimalware programs cannot communicate through the internet (thus receieve updates)
AND I can't even perform a full scan through Spybot or AVG, I think its interfering with that as well.

If anyone has any experience with this virus and how to rid my system of it, I'd be forever grateful.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:28 PM

Posted 27 July 2011 - 09:48 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Kustumb

Kustumb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 27 July 2011 - 09:53 PM

Hey! Thanks for helping!
Security Check Result -

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
CCleaner
Java Platform, Enterprise Edition 5 SDK
Java™ 6 Update 24
Java™ SE Runtime Environment 6
Java™ SE Development Kit 6
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Posting results as I go.

#4 Kustumb

Kustumb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 27 July 2011 - 09:57 PM

During the MiniToolBox scanning I got a nslookup.exe (Ordinal Not Found) error. Dynamic Link library WSOCK32.dll, ordinal 1108. After I pressed okay I receieved another box saying that nslookup has stopped working. I pressed OK through it.

MiniToolBox Results -

MiniToolBox by Farbar
Ran by Omer Baturay (administrator) on 27-07-2011 at 19:53:40
Windows Vista ™ Ultimate Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com

There are 14957 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : OmerBaturay-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gv.shawcable.net

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : gv.shawcable.net
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2
Physical Address. . . . . . . . . : 00-22-15-06-29-6A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::94c5:ac6f:baa8:3cd0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, July 27, 2011 7:07:47 PM
Lease Expires . . . . . . . . . . : Wednesday, August 03, 2011 7:22:54 PM
Default Gateway . . . . . . . . . : fe80::226:5aff:fefa:107e%11
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-29-32-F6-06
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.149.77.97(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Wednesday, July 27, 2011 7:07:47 PM
Lease Expires . . . . . . . . . . : Wednesday, July 27, 2011 7:58:35 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{390E06EE-EFDF-491B-B891-E7D59D2FB7CD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gv.shawcable.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{390E06EE-EFDF-491B-B891-E7D59D2FB7CD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gv.shawcable.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gv.shawcable.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gv.shawcable.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gv.shawcable.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gv.shawcable.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{29E995D4-5A2B-46F0-83B8-6DB270B5CE79}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gv.shawcable.net
Description . . . . . . . . . . . : isatap.gv.shawcable.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:595:4d61::595:4d61(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
NetBIOS over Tcpip. . . . . . . . : Disabled


Pinging google.com [74.125.127.104] with 32 bytes of data:

Reply from 74.125.127.104: bytes=32 time=24ms TTL=52

Reply from 74.125.127.104: bytes=32 time=37ms TTL=52



Ping statistics for 74.125.127.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 37ms, Average = 30ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=86ms TTL=51

Reply from 209.191.122.70: bytes=32 time=84ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 84ms, Maximum = 86ms, Average = 85ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 22 15 06 29 6a ...... NVIDIA nForce Networking Controller #2
25 ...7a 79 29 32 f6 06 ...... Hamachi Network Interface
1 ........................... Software Loopback Interface 1
17 ...00 00 00 00 00 00 00 e0 isatap.{390E06EE-EFDF-491B-B891-E7D59D2FB7CD}
19 ...00 00 00 00 00 00 00 e0 isatap.gv.shawcable.net
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
18 ...00 00 00 00 00 00 00 e0 isatap.{390E06EE-EFDF-491B-B891-E7D59D2FB7CD}
23 ...00 00 00 00 00 00 00 e0 isatap.gv.shawcable.net
20 ...00 00 00 00 00 00 00 e0 isatap.gv.shawcable.net
21 ...00 00 00 00 00 00 00 e0 isatap.gv.shawcable.net
22 ...00 00 00 00 00 00 00 e0 isatap.gv.shawcable.net
24 ...00 00 00 00 00 00 00 e0 isatap.gv.shawcable.net
27 ...00 00 00 00 00 00 00 e0 isatap.{29E995D4-5A2B-46F0-83B8-6DB270B5CE79}
29 ...00 00 00 00 00 00 00 e0 isatap.gv.shawcable.net
28 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.149.77.97 9256
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
5.0.0.0 255.0.0.0 On-link 5.149.77.97 9256
5.149.77.97 255.255.255.255 On-link 5.149.77.97 9256
5.255.255.255 255.255.255.255 On-link 5.149.77.97 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.100 276
192.168.0.100 255.255.255.255 On-link 192.168.0.100 276
192.168.0.255 255.255.255.255 On-link 192.168.0.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.149.77.97 9256
224.0.0.0 240.0.0.0 On-link 192.168.0.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.149.77.97 9256
255.255.255.255 255.255.255.255 On-link 192.168.0.100 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 276 ::/0 fe80::226:5aff:fefa:107e
28 Inf ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
28 1010 2002::/16 On-link
28 266 2002:595:4d61::595:4d61/128
On-link
11 276 fe80::/64 On-link
11 276 fe80::94c5:ac6f:baa8:3cd0/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/27/2011 07:56:54 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x15a0, application start time 0xnslookup.exe0.

Error: (07/27/2011 07:56:28 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0xc68, application start time 0xnslookup.exe0.

Error: (07/27/2011 07:51:19 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\OMER BATURAY\DESKTOP\MINITOOLBOX.EXE.CRDOWNLOAD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2011 07:26:28 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\OMER BATURAY\DESKTOP\COMBOFIX.EXE.CRDOWNLOAD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2011 07:17:28 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\OMER BATURAY\DESKTOP\K57PR3HU.EXE.CRDOWNLOAD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/27/2011 07:09:00 PM) (Source: Application Error) (User: )
Description: Faulting application iPodService.exe, version 10.4.0.80, time stamp 0x4e262608, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0043883e,
process id 0xd5c, application start time 0xiPodService.exe0.

Error: (07/27/2011 07:08:45 PM) (Source: Application Error) (User: )
Description: Faulting application SDHookSvc.exe, version 2.0.4.1, time stamp 0x4df780b1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0040318a,
process id 0xfc4, application start time 0xSDHookSvc.exe0.

Error: (07/27/2011 07:08:31 PM) (Source: Application Error) (User: )
Description: Faulting application mDNSResponder.exe, version 3.0.0.2, time stamp 0x4e1c8f26, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0043ba38,
process id 0xd44, application start time 0xmDNSResponder.exe0.

Error: (07/27/2011 07:08:01 PM) (Source: Application Error) (User: )
Description: Faulting application AppleMobileDeviceService.exe, version 17.66.0.47, time stamp 0x4d4d9ef9, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00403d54,
process id 0x9f4, application start time 0xAppleMobileDeviceService.exe0.

Error: (07/27/2011 01:24:28 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\OMER BATURAY\DESKTOP\SETPOINT630_SMART.EXE.CRDOWNLOAD> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (07/27/2011 07:09:03 PM) (Source: Service Control Manager) (User: )
Description: iPod Service%%1053

Error: (07/27/2011 07:09:03 PM) (Source: Service Control Manager) (User: )
Description: 30000iPod Service

Error: (07/27/2011 07:09:03 PM) (Source: DCOM) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (07/27/2011 07:08:57 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent%%5

Error: (07/27/2011 07:08:57 PM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Security Center Service%%193

Error: (07/27/2011 07:08:57 PM) (Source: Service Control Manager) (User: )
Description: TabletServicePen%%2

Error: (07/27/2011 07:08:57 PM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Hooks Service%%1053

Error: (07/27/2011 07:08:57 PM) (Source: Service Control Manager) (User: )
Description: 30000Spybot-S&D 2 Hooks Service

Error: (07/27/2011 07:08:57 PM) (Source: Service Control Manager) (User: )
Description: Printer Control%%2

Error: (07/27/2011 07:08:57 PM) (Source: Service Control Manager) (User: )
Description: PnkBstrA%%2


Microsoft Office Sessions:
=========================
Error: (10/18/2010 05:07:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 96 seconds with 60 seconds of active time. This session ended with a crash.


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3325.82 MB
Available physical RAM: 1667.8 MB
Total Pagefile: 6866.88 MB
Available Pagefile: 5225.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.5 MB

========================= Partitions: =====================================

1 Drive c: (Hard Drive) (Fixed) (Total:232.88 GB) (Free:34.05 GB) NTFS
2 Drive d: (100115_1748) (CDROM) (Total:4.29 GB) (Free:0 GB) UDF
4 Drive f: (Soft Drive) (Fixed) (Total:372.61 GB) (Free:62.16 GB) NTFS

========================= Users: ========================================

User accounts for \\OMERBATURAY-PC

Administrator Guest Mcx1
Omer Baturay UpdatusUser


== End of log ==

#5 Kustumb

Kustumb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 27 July 2011 - 10:06 PM

Regarding the MalwareBytes, after I clicked 'Start Scan' the window just show off, as well as the taskbar icon. When I tried to relaunch the program it said that I didn't have the system priviladges. I tried a restart to get around this, but no good.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:28 PM

Posted 27 July 2011 - 10:09 PM

Proceed with GMER for now.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Kustumb

Kustumb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 27 July 2011 - 10:11 PM

I also found out that when I restarted my AVG Anti Virus it said it has NO ACTIVE COMPONENTS.

GMER Results -


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-07-27 20:09:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000073 ST325041 rev.4.AA
Running: 1vsxo1n8.exe; Driver: C:\Users\OMERBA~1\AppData\Local\Temp\kwlcikod.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 859B31F8
Device \Driver\atapi \Device\Ide\IdePort1 859B31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 859B31F8
Device \FileSystem\Ntfs \Ntfs 859B61F8
Device \FileSystem\fastfat \Fat 88933500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Threads - GMER 1.0.15 ----

Thread System [4:516] 92E30D20
Thread System [4:520] 92E30D20
Thread System [4:524] 92DA8985
Thread System [4:528] 92DA8985

---- EOF - GMER 1.0.15 ----

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:28 PM

Posted 27 July 2011 - 10:13 PM

Yeah, possible rootkit activity.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Kustumb

Kustumb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 27 July 2011 - 10:15 PM

TDSKILLER Results -


2011/07/27 20:14:44.0884 4584 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/27 20:14:45.0360 4584 ================================================================================
2011/07/27 20:14:45.0360 4584 SystemInfo:
2011/07/27 20:14:45.0360 4584
2011/07/27 20:14:45.0360 4584 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/27 20:14:45.0360 4584 Product type: Workstation
2011/07/27 20:14:45.0360 4584 ComputerName: OMERBATURAY-PC
2011/07/27 20:14:45.0360 4584 UserName: Omer Baturay
2011/07/27 20:14:45.0360 4584 Windows directory: C:\Windows
2011/07/27 20:14:45.0360 4584 System windows directory: C:\Windows
2011/07/27 20:14:45.0360 4584 Processor architecture: Intel x86
2011/07/27 20:14:45.0360 4584 Number of processors: 2
2011/07/27 20:14:45.0360 4584 Page size: 0x1000
2011/07/27 20:14:45.0360 4584 Boot type: Normal boot
2011/07/27 20:14:45.0360 4584 ================================================================================
2011/07/27 20:14:46.0196 4584 Initialize success
2011/07/27 20:14:51.0341 2468 ================================================================================
2011/07/27 20:14:51.0341 2468 Scan started
2011/07/27 20:14:51.0341 2468 Mode: Manual;
2011/07/27 20:14:51.0341 2468 ================================================================================
2011/07/27 20:14:52.0551 2468 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/27 20:14:52.0600 2468 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/07/27 20:14:52.0730 2468 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/27 20:14:52.0770 2468 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/27 20:14:52.0809 2468 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/27 20:14:52.0831 2468 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/27 20:14:52.0944 2468 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/27 20:14:52.0978 2468 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/27 20:14:53.0006 2468 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/27 20:14:53.0101 2468 aksfridge (45f65f2f7ae28e5e56ab64e3ac61bd52) C:\Windows\system32\drivers\aksfridge.sys
2011/07/27 20:14:53.0140 2468 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/27 20:14:53.0180 2468 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/27 20:14:53.0208 2468 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/27 20:14:53.0246 2468 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/27 20:14:53.0270 2468 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/27 20:14:53.0335 2468 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/27 20:14:53.0370 2468 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/27 20:14:53.0411 2468 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
2011/07/27 20:14:53.0455 2468 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/27 20:14:53.0482 2468 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/27 20:14:53.0555 2468 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/07/27 20:14:53.0586 2468 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/07/27 20:14:53.0624 2468 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/07/27 20:14:53.0661 2468 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/07/27 20:14:53.0708 2468 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/07/27 20:14:53.0742 2468 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/07/27 20:14:53.0775 2468 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/07/27 20:14:53.0816 2468 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/07/27 20:14:53.0881 2468 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/27 20:14:53.0921 2468 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/27 20:14:53.0997 2468 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/27 20:14:54.0021 2468 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/27 20:14:54.0048 2468 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/27 20:14:54.0085 2468 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/27 20:14:54.0117 2468 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/27 20:14:54.0147 2468 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/27 20:14:54.0176 2468 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/27 20:14:54.0202 2468 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/27 20:14:54.0238 2468 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/27 20:14:54.0274 2468 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/27 20:14:54.0307 2468 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/27 20:14:54.0348 2468 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/27 20:14:54.0398 2468 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/27 20:14:54.0422 2468 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/07/27 20:14:54.0509 2468 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\Windows\system32\drivers\cpuz132_x32.sys
2011/07/27 20:14:54.0594 2468 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/07/27 20:14:54.0624 2468 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/27 20:14:54.0652 2468 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/27 20:14:54.0716 2468 CSC (a5c842aef0a0c4b42a3121de72d77ff8) C:\Windows\system32\drivers\csc.sys
2011/07/27 20:14:54.0717 2468 Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: a5c842aef0a0c4b42a3121de72d77ff8, Fake md5: 9bdb2e89be8d0ef37b1f25c3d3fc192c
2011/07/27 20:14:54.0723 2468 CSC - detected ForgedFile.Multi.Generic (1)
2011/07/27 20:14:54.0782 2468 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/27 20:14:54.0840 2468 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/27 20:14:54.0886 2468 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/27 20:14:54.0910 2468 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/07/27 20:14:54.0932 2468 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/27 20:14:54.0978 2468 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/27 20:14:55.0052 2468 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/07/27 20:14:55.0130 2468 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/27 20:14:55.0173 2468 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/27 20:14:55.0226 2468 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/27 20:14:55.0276 2468 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/27 20:14:55.0317 2468 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/27 20:14:55.0367 2468 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/27 20:14:55.0390 2468 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/27 20:14:55.0425 2468 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/27 20:14:55.0468 2468 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/27 20:14:55.0501 2468 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/27 20:14:55.0547 2468 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/27 20:14:55.0587 2468 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/27 20:14:55.0634 2468 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/27 20:14:55.0654 2468 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/27 20:14:55.0682 2468 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/27 20:14:55.0723 2468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/27 20:14:55.0798 2468 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/27 20:14:55.0858 2468 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys
2011/07/27 20:14:55.0916 2468 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/27 20:14:55.0967 2468 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/27 20:14:56.0002 2468 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/27 20:14:56.0028 2468 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/27 20:14:56.0074 2468 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/27 20:14:56.0102 2468 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/27 20:14:56.0156 2468 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/27 20:14:56.0190 2468 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/27 20:14:56.0232 2468 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/27 20:14:56.0267 2468 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/27 20:14:56.0316 2468 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/27 20:14:56.0360 2468 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/27 20:14:56.0391 2468 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/27 20:14:56.0459 2468 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/27 20:14:56.0536 2468 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/27 20:14:56.0568 2468 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/27 20:14:56.0611 2468 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/27 20:14:56.0637 2468 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/27 20:14:56.0678 2468 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/27 20:14:56.0708 2468 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/27 20:14:56.0735 2468 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/27 20:14:56.0758 2468 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/27 20:14:56.0774 2468 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/27 20:14:56.0815 2468 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/27 20:14:56.0915 2468 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\Windows\system32\Drivers\LEqdUsb.Sys
2011/07/27 20:14:56.0944 2468 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\Windows\system32\Drivers\LHidEqd.Sys
2011/07/27 20:14:56.0985 2468 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/27 20:14:57.0014 2468 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/27 20:14:57.0050 2468 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/27 20:14:57.0083 2468 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/27 20:14:57.0117 2468 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/27 20:14:57.0151 2468 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/27 20:14:57.0180 2468 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/27 20:14:57.0226 2468 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/07/27 20:14:57.0273 2468 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/07/27 20:14:57.0320 2468 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/27 20:14:57.0371 2468 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/27 20:14:57.0519 2468 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/27 20:14:57.0549 2468 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/27 20:14:57.0574 2468 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/27 20:14:57.0596 2468 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/27 20:14:57.0617 2468 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/27 20:14:57.0655 2468 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/27 20:14:57.0689 2468 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/27 20:14:57.0732 2468 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/27 20:14:57.0773 2468 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/27 20:14:57.0849 2468 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/27 20:14:57.0890 2468 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/27 20:14:57.0911 2468 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/27 20:14:57.0949 2468 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/27 20:14:57.0994 2468 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/27 20:14:58.0037 2468 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/27 20:14:58.0097 2468 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/27 20:14:58.0147 2468 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/27 20:14:58.0221 2468 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/27 20:14:58.0261 2468 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/27 20:14:58.0299 2468 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/27 20:14:58.0331 2468 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/27 20:14:58.0360 2468 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/27 20:14:58.0417 2468 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/27 20:14:58.0454 2468 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/27 20:14:58.0495 2468 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/27 20:14:58.0547 2468 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/27 20:14:58.0575 2468 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/27 20:14:58.0602 2468 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/27 20:14:58.0652 2468 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/27 20:14:58.0677 2468 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/27 20:14:58.0707 2468 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/27 20:14:58.0744 2468 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/27 20:14:58.0797 2468 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/27 20:14:58.0826 2468 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/27 20:14:58.0882 2468 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/27 20:14:58.0943 2468 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/27 20:14:59.0056 2468 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/27 20:14:59.0070 2468 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/27 20:14:59.0118 2468 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/07/27 20:14:59.0215 2468 NVHDA (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys
2011/07/27 20:14:59.0496 2468 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/27 20:14:59.0705 2468 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/07/27 20:14:59.0772 2468 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/07/27 20:14:59.0885 2468 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/27 20:14:59.0970 2468 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/27 20:15:00.0028 2468 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/27 20:15:00.0098 2468 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/27 20:15:00.0150 2468 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/27 20:15:00.0192 2468 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/27 20:15:00.0238 2468 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/27 20:15:00.0264 2468 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/27 20:15:00.0327 2468 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/27 20:15:00.0437 2468 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/27 20:15:00.0467 2468 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/27 20:15:00.0499 2468 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/27 20:15:00.0666 2468 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/27 20:15:00.0724 2468 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/27 20:15:00.0755 2468 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/27 20:15:00.0792 2468 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/27 20:15:00.0825 2468 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/27 20:15:00.0870 2468 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/27 20:15:00.0918 2468 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/27 20:15:00.0961 2468 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/27 20:15:00.0995 2468 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/27 20:15:01.0026 2468 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/07/27 20:15:01.0043 2468 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/27 20:15:01.0106 2468 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/27 20:15:01.0149 2468 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/27 20:15:01.0183 2468 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/27 20:15:01.0230 2468 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
2011/07/27 20:15:01.0295 2468 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/27 20:15:01.0333 2468 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/27 20:15:01.0362 2468 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/27 20:15:01.0399 2468 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/27 20:15:01.0447 2468 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/27 20:15:01.0477 2468 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/27 20:15:01.0502 2468 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/27 20:15:01.0521 2468 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/27 20:15:01.0558 2468 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/27 20:15:01.0595 2468 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/27 20:15:01.0620 2468 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/27 20:15:01.0671 2468 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/27 20:15:01.0706 2468 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/27 20:15:01.0765 2468 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/07/27 20:15:01.0765 2468 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/07/27 20:15:01.0771 2468 sptd - detected LockedFile.Multi.Generic (1)
2011/07/27 20:15:01.0838 2468 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/27 20:15:01.0892 2468 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/27 20:15:01.0978 2468 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/27 20:15:02.0069 2468 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/27 20:15:02.0114 2468 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/27 20:15:02.0141 2468 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/27 20:15:02.0167 2468 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/27 20:15:02.0280 2468 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/27 20:15:02.0354 2468 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/27 20:15:02.0387 2468 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/27 20:15:02.0412 2468 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/27 20:15:02.0435 2468 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/27 20:15:02.0477 2468 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/27 20:15:02.0546 2468 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/27 20:15:02.0624 2468 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/27 20:15:02.0666 2468 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/27 20:15:02.0728 2468 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/27 20:15:02.0782 2468 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/27 20:15:02.0843 2468 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/27 20:15:02.0885 2468 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/27 20:15:02.0933 2468 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/27 20:15:02.0984 2468 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/27 20:15:03.0065 2468 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/27 20:15:03.0102 2468 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/27 20:15:03.0176 2468 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/27 20:15:03.0222 2468 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/27 20:15:03.0253 2468 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/27 20:15:03.0291 2468 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/27 20:15:03.0332 2468 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/27 20:15:03.0369 2468 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/27 20:15:03.0402 2468 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/27 20:15:03.0447 2468 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/27 20:15:03.0484 2468 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/27 20:15:03.0513 2468 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/27 20:15:03.0556 2468 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/27 20:15:03.0608 2468 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/07/27 20:15:03.0647 2468 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/27 20:15:03.0673 2468 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/27 20:15:03.0702 2468 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/27 20:15:03.0732 2468 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/27 20:15:03.0761 2468 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/27 20:15:03.0808 2468 vmm (e41fef9e3056fe88c71e411f705be41e) C:\Windows\system32\Drivers\vmm.sys
2011/07/27 20:15:03.0831 2468 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/27 20:15:03.0878 2468 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/27 20:15:03.0915 2468 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/27 20:15:03.0959 2468 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\Windows\system32\DRIVERS\VMNetSrv.sys
2011/07/27 20:15:03.0996 2468 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/27 20:15:04.0091 2468 VX3000 (13acfed0e6adca97440169dfd127ebcf) C:\Windows\system32\DRIVERS\VX3000.sys
2011/07/27 20:15:04.0219 2468 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/07/27 20:15:04.0257 2468 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/07/27 20:15:04.0295 2468 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/27 20:15:04.0360 2468 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/07/27 20:15:04.0410 2468 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 20:15:04.0435 2468 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/27 20:15:04.0474 2468 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/27 20:15:04.0513 2468 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/27 20:15:04.0617 2468 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/27 20:15:04.0674 2468 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/27 20:15:04.0708 2468 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/27 20:15:04.0768 2468 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/27 20:15:04.0851 2468 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2011/07/27 20:15:04.0898 2468 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\Windows\system32\DRIVERS\xusb21.sys
2011/07/27 20:15:04.0952 2468 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/27 20:15:04.0974 2468 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/07/27 20:15:04.0993 2468 Boot (0x1200) (226f7b6723b85e0659fa7d997cd0ff27) \Device\Harddisk0\DR0\Partition0
2011/07/27 20:15:05.0001 2468 Boot (0x1200) (2a5beaaee065c64beff4af979323f642) \Device\Harddisk1\DR1\Partition0
2011/07/27 20:15:05.0009 2468 ================================================================================
2011/07/27 20:15:05.0009 2468 Scan finished
2011/07/27 20:15:05.0009 2468 ================================================================================
2011/07/27 20:15:05.0019 5728 Detected object count: 2
2011/07/27 20:15:05.0020 5728 Actual detected object count: 2
2011/07/27 20:15:12.0408 5728 ForgedFile.Multi.Generic(CSC) - User select action: Skip
2011/07/27 20:15:12.0409 5728 LockedFile.Multi.Generic(sptd) - User select action: Skip

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:28 PM

Posted 27 July 2011 - 10:19 PM

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 kathy1214

kathy1214

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 27 July 2011 - 10:31 PM

Not sure I'm in correct forum but . . somoto - got it, hate it, cant find it but must make it go away. Anyone?

#12 Kustumb

Kustumb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 27 July 2011 - 10:48 PM

First off I got a box asking if i should download latest virus definitions from Avast! I said yes and it seemingly downloaded the definitions successfully.

Additionally within the command box i had on my computer there was one difference between your pictures. That was a box with "Trace Disk IO Calls" beside it. Originally it was ticked so i left it that way.

And yes I'm still here scanning. Takes a while I guess.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:28 PM

Posted 27 July 2011 - 10:52 PM

OK.....

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 Kustumb

Kustumb
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 27 July 2011 - 11:03 PM

aswMBR Results -

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-27 20:21:15
-----------------------------
20:21:15.200 OS Version: Windows 6.0.6002 Service Pack 2
20:21:15.200 Number of processors: 2 586 0x170A
20:21:15.201 ComputerName: OMERBATURAY-PC UserName: Omer Baturay
20:21:15.996 Initialize success
20:22:40.063 AVAST engine defs: 11072701
20:22:54.869 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
20:22:54.870 Disk 0 Vendor: ST325041 4.AA Size: 238475MB BusType: 3
20:22:54.872 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000074
20:22:54.874 Disk 1 Vendor: WDC_WD40 59.0 Size: 381554MB BusType: 3
20:22:54.881 Disk 0 MBR read successfully
20:22:54.882 Disk 0 MBR scan
20:22:54.886 Disk 0 Windows VISTA default MBR code
20:22:54.890 Disk 0 scanning sectors +488394752
20:22:54.965 Disk 0 scanning C:\Windows\system32\drivers
20:22:59.843 File: C:\Windows\system32\drivers\csc.sys **INFECTED** Win32:Sirefef-F [Drp]
20:23:06.971 Service scanning
20:23:07.610 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:23:08.156 Modules scanning
20:23:11.065 Module: C:\Windows\system32\drivers\csc.sys **SUSPICIOUS**
20:23:57.678 Disk 0 trace - called modules:
20:23:57.695 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x92da7f00]<<
20:23:58.021 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870cba38]
20:23:58.025 3 CLASSPNP.SYS[8b6d58b3] -> nt!IofCallDriver -> [0x87eb6638]
20:23:58.029 \Driver\00000909[0x87eee3c0] -> IRP_MJ_CREATE -> 0x92da7f00
20:23:58.644 AVAST engine scan C:\Windows
20:24:01.960 AVAST engine scan C:\Windows\system32
20:26:24.850 AVAST engine scan C:\Windows\system32\drivers
20:26:29.789 File: C:\Windows\system32\drivers\csc.sys **INFECTED** Win32:Sirefef-F [Drp]
20:26:37.245 AVAST engine scan C:\Users\Omer Baturay
20:51:16.643 AVAST engine scan C:\ProgramData
21:02:34.961 Scan finished successfully
21:03:13.804 Disk 0 MBR has been saved successfully to "C:\Users\Omer Baturay\Desktop\MBR.dat"
21:03:13.808 The log file has been saved successfully to "C:\Users\Omer Baturay\Desktop\aswMBR.txt"

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:28 PM

Posted 27 July 2011 - 11:23 PM

Your infection will require more advanced tools to be uesd.

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users