Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I am unable to run any malware tools

Started by Shepparrd , Jul 05 2011 07:51 PM

  • This topic is locked This topic is locked

#1
Shepparrd
Posted 05 July 2011 - 07:51 PM

Shepparrd

    Member

  • Member
  • PipPip
  • 16 posts
Here is what has been done thus far:
http://www.geekstogo...42#entry2033042

I can't run the OTL quick scan. Malwarebytes' Anti-Malware will scan but will not pick up anything that fixes any problems. I used exehelper.exe and it didn't help anything. VipreRescue will scan and such but then it comes to "Scanning files... \\.\PhysicalDrive0" and nothing else happens. I figured it was finished or something but it won't let me type anything to exit. SuperAntiSpyware freezes when I hit "Scan." On top of that (as you can see if you read the previous topic) my Windows Media Player freezes at startup. The player will appear but nothing on it can be clicked. My Ad-Aware program will start scanning until it hits 3 files and will keep saying it's scanning but the number does not go up, same with AVG, it goes to around 481 and then the number stops going up. On top of THAT my computer will hang at the shutdown screen. It will say it's shutting down but never does (even after I left it for two hours).

Help would be loverly.

Edited by Shepparrd, 05 July 2011 - 07:52 PM.

  • 0

Advertisements

#2
maliprog
Posted 05 July 2011 - 11:40 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Shepparrd and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 4

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
Shepparrd
Posted 06 July 2011 - 02:46 PM

Shepparrd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Okay so I managed to get the first two scans and logs, however OTL, as I mentioned before, will not work. I press quick scan and the program freezes. Here are the first two logs.

2011/07/06 07:30:33.0239 0700 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/06 07:30:33.0567 0700 ================================================================================
2011/07/06 07:30:33.0567 0700 SystemInfo:
2011/07/06 07:30:33.0567 0700
2011/07/06 07:30:33.0567 0700 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/06 07:30:33.0567 0700 Product type: Workstation
2011/07/06 07:30:33.0567 0700 ComputerName: DONNIE
2011/07/06 07:30:33.0567 0700 UserName: penylane
2011/07/06 07:30:33.0567 0700 Windows directory: C:\Windows
2011/07/06 07:30:33.0567 0700 System windows directory: C:\Windows
2011/07/06 07:30:33.0567 0700 Running under WOW64
2011/07/06 07:30:33.0567 0700 Processor architecture: Intel x64
2011/07/06 07:30:33.0567 0700 Number of processors: 3
2011/07/06 07:30:33.0567 0700 Page size: 0x1000
2011/07/06 07:30:33.0567 0700 Boot type: Normal boot
2011/07/06 07:30:33.0567 0700 ================================================================================
2011/07/06 07:30:34.0752 0700 Initialize success
2011/07/06 07:30:36.0016 2104 ================================================================================
2011/07/06 07:30:36.0016 2104 Scan started
2011/07/06 07:30:36.0016 2104 Mode: Manual;
2011/07/06 07:30:36.0016 2104 ================================================================================
2011/07/06 07:30:36.0765 2104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/06 07:30:36.0843 2104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/06 07:30:36.0936 2104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/06 07:30:36.0983 2104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/07/06 07:30:37.0045 2104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/07/06 07:30:37.0077 2104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/07/06 07:30:37.0217 2104 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/06 07:30:37.0264 2104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/06 07:30:37.0357 2104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/06 07:30:37.0389 2104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/06 07:30:37.0420 2104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/07/06 07:30:37.0451 2104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/06 07:30:37.0529 2104 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/07/06 07:30:37.0591 2104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/07/06 07:30:37.0623 2104 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/07/06 07:30:37.0747 2104 ApfiltrService (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/06 07:30:37.0779 2104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/06 07:30:37.0950 2104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/07/06 07:30:37.0981 2104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/07/06 07:30:38.0028 2104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/06 07:30:38.0122 2104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/06 07:30:38.0184 2104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/07/06 07:30:38.0231 2104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/06 07:30:38.0325 2104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/06 07:30:38.0403 2104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/06 07:30:38.0449 2104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/06 07:30:38.0543 2104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/07/06 07:30:38.0559 2104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/07/06 07:30:38.0605 2104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/06 07:30:38.0621 2104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/06 07:30:38.0637 2104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/06 07:30:38.0668 2104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/06 07:30:38.0746 2104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/07/06 07:30:38.0824 2104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/06 07:30:38.0855 2104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/06 07:30:38.0886 2104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/07/06 07:30:38.0995 2104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/06 07:30:39.0089 2104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/07/06 07:30:39.0136 2104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/06 07:30:39.0229 2104 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/06 07:30:39.0307 2104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/07/06 07:30:39.0339 2104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/06 07:30:39.0370 2104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/07/06 07:30:39.0463 2104 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/07/06 07:30:39.0588 2104 Darusb_win7x (882fe32d6787c124d9d1f95473cf11cc) C:\Windows\system32\DRIVERS\Darusb_win7x.sys
2011/07/06 07:30:39.0713 2104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/06 07:30:39.0807 2104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/06 07:30:39.0838 2104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/07/06 07:30:39.0947 2104 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
2011/07/06 07:30:40.0041 2104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/06 07:30:40.0165 2104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/06 07:30:40.0290 2104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/07/06 07:30:40.0462 2104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/07/06 07:30:40.0509 2104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/06 07:30:40.0555 2104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/06 07:30:40.0665 2104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/06 07:30:40.0696 2104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/07/06 07:30:40.0743 2104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/06 07:30:40.0836 2104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/06 07:30:40.0852 2104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/07/06 07:30:40.0899 2104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/06 07:30:40.0945 2104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/06 07:30:41.0070 2104 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/06 07:30:41.0133 2104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/06 07:30:41.0179 2104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/06 07:30:41.0273 2104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/06 07:30:41.0320 2104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/06 07:30:41.0382 2104 Hardlock (091582da724f54830012e3faaf2f1d1a) C:\Windows\system32\drivers\hardlock.sys
2011/07/06 07:30:41.0491 2104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/06 07:30:41.0554 2104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/07/06 07:30:41.0585 2104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/06 07:30:41.0725 2104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/07/06 07:30:41.0850 2104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/07/06 07:30:41.0866 2104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/07/06 07:30:41.0897 2104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/06 07:30:41.0944 2104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/06 07:30:41.0975 2104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/06 07:30:42.0084 2104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/06 07:30:42.0100 2104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/06 07:30:42.0131 2104 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/07/06 07:30:42.0162 2104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/07/06 07:30:42.0256 2104 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/06 07:30:42.0365 2104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/06 07:30:42.0396 2104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
2011/07/06 07:30:42.0412 2104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/06 07:30:42.0443 2104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/06 07:30:42.0459 2104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/06 07:30:42.0490 2104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/06 07:30:42.0505 2104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/06 07:30:42.0537 2104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/06 07:30:42.0646 2104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/06 07:30:42.0661 2104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/06 07:30:42.0677 2104 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/06 07:30:42.0708 2104 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/06 07:30:42.0724 2104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/06 07:30:42.0817 2104 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2011/07/06 07:30:42.0942 2104 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
2011/07/06 07:30:43.0005 2104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/06 07:30:43.0051 2104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/06 07:30:43.0145 2104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/06 07:30:43.0161 2104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/07/06 07:30:43.0207 2104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/06 07:30:43.0301 2104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/06 07:30:43.0363 2104 mcdbus (c40efafa59bceab792167870e6522481) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/07/06 07:30:43.0426 2104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/07/06 07:30:43.0519 2104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/07/06 07:30:43.0551 2104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/06 07:30:43.0613 2104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/06 07:30:43.0691 2104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/06 07:30:43.0722 2104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/06 07:30:43.0738 2104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/06 07:30:43.0785 2104 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/06 07:30:43.0831 2104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/06 07:30:43.0956 2104 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/06 07:30:43.0987 2104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/06 07:30:44.0019 2104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/06 07:30:44.0128 2104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/06 07:30:44.0159 2104 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/06 07:30:44.0284 2104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/06 07:30:44.0331 2104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/06 07:30:44.0362 2104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/06 07:30:44.0455 2104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/06 07:30:44.0487 2104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/06 07:30:44.0533 2104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/06 07:30:44.0580 2104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/06 07:30:44.0658 2104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/06 07:30:44.0674 2104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/06 07:30:44.0721 2104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/06 07:30:44.0767 2104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/06 07:30:44.0799 2104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/06 07:30:44.0861 2104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/07/06 07:30:44.0892 2104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/06 07:30:44.0923 2104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/06 07:30:44.0970 2104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/06 07:30:45.0064 2104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/06 07:30:45.0095 2104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/06 07:30:45.0126 2104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/06 07:30:45.0173 2104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/06 07:30:45.0189 2104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/06 07:30:45.0220 2104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/06 07:30:45.0313 2104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/06 07:30:45.0376 2104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/07/06 07:30:45.0485 2104 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/06 07:30:45.0501 2104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/06 07:30:45.0532 2104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/06 07:30:45.0594 2104 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/07/06 07:30:45.0750 2104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/06 07:30:45.0813 2104 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/07/06 07:30:46.0140 2104 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/06 07:30:46.0312 2104 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/07/06 07:30:46.0405 2104 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/07/06 07:30:46.0421 2104 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/07/06 07:30:46.0483 2104 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/07/06 07:30:46.0530 2104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/06 07:30:46.0608 2104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/06 07:30:46.0655 2104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/07/06 07:30:46.0671 2104 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/06 07:30:46.0717 2104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/06 07:30:46.0842 2104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/06 07:30:47.0014 2104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/07/06 07:30:47.0029 2104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/06 07:30:47.0076 2104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/06 07:30:47.0248 2104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/06 07:30:47.0279 2104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/07/06 07:30:47.0310 2104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/06 07:30:47.0341 2104 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/06 07:30:47.0482 2104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/07/06 07:30:47.0513 2104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/07/06 07:30:47.0622 2104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/06 07:30:47.0638 2104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/06 07:30:47.0669 2104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/06 07:30:47.0700 2104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/06 07:30:47.0731 2104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/06 07:30:47.0747 2104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/06 07:30:47.0856 2104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/06 07:30:47.0887 2104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/06 07:30:47.0919 2104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/06 07:30:48.0028 2104 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/07/06 07:30:48.0075 2104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/06 07:30:48.0121 2104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/06 07:30:48.0168 2104 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/07/06 07:30:48.0262 2104 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/06 07:30:48.0293 2104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/06 07:30:48.0324 2104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/06 07:30:48.0355 2104 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/07/06 07:30:48.0480 2104 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/07/06 07:30:48.0511 2104 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/07/06 07:30:48.0621 2104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/06 07:30:48.0683 2104 SBRE (7e07d2a5b910c71d6474e9aa0eaa1825) C:\Windows\system32\drivers\SBREdrv.sys
2011/07/06 07:30:48.0792 2104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/06 07:30:48.0839 2104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/06 07:30:48.0870 2104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/07/06 07:30:48.0901 2104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/07/06 07:30:48.0979 2104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/07/06 07:30:49.0026 2104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/06 07:30:49.0042 2104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/06 07:30:49.0057 2104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/06 07:30:49.0073 2104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/07/06 07:30:49.0120 2104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/07/06 07:30:49.0120 2104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/07/06 07:30:49.0151 2104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/06 07:30:49.0213 2104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/06 07:30:49.0323 2104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/06 07:30:49.0354 2104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/06 07:30:49.0416 2104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/06 07:30:49.0510 2104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/07/06 07:30:49.0541 2104 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/06 07:30:49.0635 2104 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/07/06 07:30:49.0666 2104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/06 07:30:49.0806 2104 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
2011/07/06 07:30:49.0931 2104 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/06 07:30:50.0087 2104 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/06 07:30:50.0227 2104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/06 07:30:50.0259 2104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/06 07:30:50.0274 2104 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/06 07:30:50.0337 2104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/06 07:30:50.0446 2104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/06 07:30:50.0477 2104 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
2011/07/06 07:30:50.0617 2104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/06 07:30:50.0633 2104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/06 07:30:50.0649 2104 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
2011/07/06 07:30:50.0695 2104 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
2011/07/06 07:30:50.0805 2104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/06 07:30:50.0836 2104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/07/06 07:30:50.0851 2104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/06 07:30:50.0883 2104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/06 07:30:50.0992 2104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/06 07:30:51.0007 2104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/07/06 07:30:51.0054 2104 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/07/06 07:30:51.0070 2104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/06 07:30:51.0179 2104 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/06 07:30:51.0195 2104 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/06 07:30:51.0226 2104 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/06 07:30:51.0241 2104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2011/07/06 07:30:51.0351 2104 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/06 07:30:51.0366 2104 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/07/06 07:30:51.0507 2104 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/07/06 07:30:51.0553 2104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/06 07:30:51.0585 2104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/06 07:30:51.0600 2104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/06 07:30:51.0709 2104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/06 07:30:51.0741 2104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/06 07:30:51.0850 2104 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/07/06 07:30:51.0897 2104 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/06 07:30:51.0928 2104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/06 07:30:52.0006 2104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/06 07:30:52.0037 2104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/06 07:30:52.0099 2104 vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\drivers\vsdatant.sys
2011/07/06 07:30:52.0209 2104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/07/06 07:30:52.0271 2104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/07/06 07:30:52.0318 2104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/06 07:30:52.0443 2104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/07/06 07:30:52.0474 2104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 07:30:52.0489 2104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 07:30:52.0521 2104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/07/06 07:30:52.0567 2104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/06 07:30:52.0692 2104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/06 07:30:52.0723 2104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/06 07:30:52.0895 2104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/06 07:30:52.0942 2104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/06 07:30:52.0989 2104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/06 07:30:53.0004 2104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/06 07:30:53.0051 2104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/06 07:30:53.0067 2104 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/07/06 07:30:53.0082 2104 Boot (0x1200) (05c0b01fa0ea57320be9179a5c71a739) \Device\Harddisk0\DR0\Partition0
2011/07/06 07:30:53.0113 2104 Boot (0x1200) (14b6c782346b490d2ec3cc3f48f5453d) \Device\Harddisk0\DR0\Partition1
2011/07/06 07:30:53.0113 2104 ================================================================================
2011/07/06 07:30:53.0113 2104 Scan finished
2011/07/06 07:30:53.0113 2104 ================================================================================
2011/07/06 07:30:53.0129 2460 Detected object count: 0
2011/07/06 07:30:53.0129 2460 Actual detected object count: 0

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-06 07:32:17
-----------------------------
07:32:17.790 OS Version: Windows x64 6.1.7601 Service Pack 1
07:32:17.790 Number of processors: 3 586 0x202
07:32:17.790 ComputerName: DONNIE UserName:
07:32:18.773 Initialize success
07:32:19.615 AVAST engine defs: 11062900
07:32:28.788 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
07:32:28.788 Disk 0 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 8
07:32:28.788 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000062
07:32:28.804 Disk 1 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 8
07:32:30.847 Disk 0 MBR read successfully
07:32:30.847 Disk 0 MBR scan
07:32:31.128 Disk 0 Windows 7 default MBR code
07:32:31.128 Service scanning
07:32:32.142 Disk 0 trace - called modules:
07:32:32.158 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
07:32:32.158 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030b2060]
07:32:32.158 3 CLASSPNP.SYS[fffff880019a443f] -> nt!IofCallDriver -> [0xfffffa80024254d0]
07:32:32.158 5 ACPI.sys[fffff88000f6c7a1] -> nt!IofCallDriver -> \Device\00000061[0xfffffa80024209c0]
07:32:32.969 AVAST engine scan C:\Windows
07:36:36.407 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
07:36:36.735 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
07:36:36.859 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
07:36:36.937 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
07:36:37.062 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
07:36:37.156 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
07:36:44.660 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
07:55:49.072 AVAST engine scan C:\Users\penylane
08:06:34.694 AVAST engine scan C:\ProgramData
08:14:50.540 Scan finished successfully
16:23:29.769 Disk 0 MBR has been saved successfully to "C:\Users\penylane\Desktop\MBR.dat"
16:23:29.847 The log file has been saved successfully to "C:\Users\penylane\Desktop\aswMBR.txt"

Attached Files

  • Attached File  1.txt   33.3KB   99 downloads
  • Attached File  aswMBR.txt   2.19KB   110 downloads

  • 0

#4
Shepparrd
Posted 06 July 2011 - 02:51 PM

Shepparrd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
By the way I wanted to thank you, regardless of whether or not my computer is fixed. I think it's awesome that you guys are taking the time to help people! I'm very grateful.

Edited by Shepparrd, 06 July 2011 - 02:52 PM.

  • 0

#5
maliprog
Posted 06 July 2011 - 11:16 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We'll give our best shot to fix this. We usually make it work :)

Try to do AVP scan and after it try OTL scan. If you fail then try to run both scans from safe mode.

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Step 1

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Confirm deletion to all infection AVP finds
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
  • 0

#6
Shepparrd
Posted 07 July 2011 - 12:00 PM

Shepparrd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
The AVP tool has also decided to join the league of programs that don't scan past a certain amount. This one stops at 1025 files, apparently stopping on "Object: C:" I left it for an hour hoping it was just a rather large file, yet it is stuck at 1% and has not gone anywhere... Even in safe mode. :/
  • 0

#7
maliprog
Posted 07 July 2011 - 12:16 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We'll get to the bottom of this. Just temporally we will install free AVAST and try his feature that can help us here.

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.
  • 0

#8
Shepparrd
Posted 07 July 2011 - 06:34 PM

Shepparrd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I did that, however it didn't take overnight, just about 2 hours. Didn't ask me for anything, just finished and continued starting the computer. I tried running AVPTool again and it's still stopping after a certain amount.

Edited by Shepparrd, 07 July 2011 - 06:36 PM.

  • 0

#9
maliprog
Posted 07 July 2011 - 11:11 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Shepparrd,

OK. Avast didn't find anything. Don't run AVPTool for now. Let's try some heavy tools :)

Step 1

If you fail to run Combofix in Normal mode, try to run it in Safe Mode. Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.

Step 2

Try to run OTL scan now and let me know the results.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • Hopefully OTL log :unsure:
It would be helpful if you could post each log in separate post
  • 0

#10
Shepparrd
Posted 08 July 2011 - 12:13 AM

Shepparrd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OK, so I did that scan and got the log. But to no avail for the OTL program. It still freezes (says "Not Responding").

Attached Files


  • 0

Advertisements

#11
maliprog
Posted 08 July 2011 - 03:21 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. There is one bad file and we'll remove it now with Combofix

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\SysWow64\drivers\thjbgccm.sys

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

After this try OTL scan but this time you will write down location where it hangs. After it stop responding you will see location on the lover left corner and you'll write it here for me.

scan.PNG

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • OTL log or scan location where it hangs
It would be helpful if you could post each log in separate post
  • 0

#12
Shepparrd
Posted 08 July 2011 - 09:31 AM

Shepparrd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I attached the log from ComboFix, and OTL still freezes, the bottom says "Getting Drive Info..."

Did you want me to paste the entire log onto a reply or just attach like I have been?

Attached Files

  • Attached File  log.txt   28.71KB   100 downloads

  • 0

#13
Shepparrd
Posted 09 July 2011 - 09:35 AM

Shepparrd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Anymore assistance?
  • 0

#14
maliprog
Posted 10 July 2011 - 04:16 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Sory for delay. I had some work do to...

We will try something new. Please print these instruction out so that you know what you are doing.

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\\OTL.txt file in your reply.

  • 0

#15
Shepparrd
Posted 11 July 2011 - 10:23 AM

Shepparrd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Well neither of the computers are cooperating with the whole burning disc part, so once I have access to a computer that will work I can burn it and get back to you! It may be a few days though. So thanks thus far! I'll be back when I can get it burned...

One of my computers does not recognize the disc burner, and then the other says it's "Searching for SCSI/ATAPI devices"

So yeah. :/
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP