Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dr. Web found problems - DLOADER.Trojan and others.


  • This topic is locked This topic is locked
11 replies to this topic

#1 Haviland Tuf

Haviland Tuf

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:11:23 PM

Posted 30 August 2010 - 05:30 PM

Hi Guys,

My wife's Dell Inspiron, XP sp3, 1.6ghz 1g ram started to get slow and buggy. I noticed when I tried to clean it using cleanmgr it went to 100% cpu usage. It eventually recovers (after about 30-40 seconds) but this happens with a few other things also. So I read around in here and followed the step by step guide here;
http://www.bleepingcomputer.com/forums/ind...p;#entry1620993

So I ran all of the checks as described;

Malwarebytes, TFC by Old Timer, SUPERAntiSpyware Free (in safe mode), Dr.Web CureIt (safe mode) quick and full.

Dr. web found 8 items;

gtdownde_110.ocx;C:\WINDOWS\system32;Probably DLOADER.Trojan;Incurable.Moved.;
SonEditXControl.ocx;C:\WINDOWS\system32;Trojan.AdSubscribe.20;Deleted.;
GTDownDE_87.ocx;C:\i386;Adware.Gdown;Incurable.Moved.;
Desktop_.ini;C:\Program Files\AMV 2.0;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\AMV 2.0\skin;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\AMV 2.0\skin\classic;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\AMV 2.0\skin\ocean;Win32.HLLW.Gavir.ini;Deleted.;
A0128768.ocx;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP771;Trojan.AdSubscribe.20;Deleted.;


I have run ccleaner since and created a new restore point (and deleted all others). Avast is installed and up to date. Windows defender and firewall are also enabled.

Am I clean now or should I do anything else? I noticed when I tried cleanmgr again after all of this that it still kicks the cpu to 100%. Perhaps this is not a malware issue and I need to check some more (it does this in safe mode too).

Any advice would be welcome. With thanks,

Haviland
Don't Look Back

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:23 PM

Posted 03 September 2010 - 01:21 AM

Can you update Malwarebytes and other security tools you used, and then post the logs here.

#3 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:11:23 PM

Posted 05 September 2010 - 04:08 AM

Hi Cryptodan,

Sorry for the delay, I was away for a couple of days. I will try to get the scans and their logs for you but my wife still has to use her laptop for work so it might take a day or two. Dr. Web's full scan took almost 12 hours. I will post here when I get them,

Thanks,

H
Don't Look Back

#4 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:11:23 PM

Posted 05 September 2010 - 04:59 AM

Here is the log from Dr. Web

gtdownde_110.ocx;C:\WINDOWS\system32;Probably DLOADER.Trojan;Incurable.Moved.;
SonEditXControl.ocx;C:\WINDOWS\system32;Trojan.AdSubscribe.20;Deleted.;
GTDownDE_87.ocx;C:\i386;Adware.Gdown;Incurable.Moved.;
Desktop_.ini;C:\Program Files\AMV 2.0;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\AMV 2.0\skin;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\AMV 2.0\skin\classic;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\AMV 2.0\skin\ocean;Win32.HLLW.Gavir.ini;Deleted.;
A0128768.ocx;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP771;Trojan.AdSubscribe.20;Deleted.;


And this is from SUPERanti-spyware
Date,Filename,Virus Name,Virus Type,Action Taken,Computer,User,Original Location,Status,Current Location,Primary Action,Secondary Action,Scan Type
7/23/2008 1:00:36 PM,FixCamera.exe,Trojan Horse,File,Left alone,LAP,SYSTEM,C:\WINDOWS\,Infected,C:\WINDOWS\,Clean virus from file,Quarantine infected file,Realtime scan

The other scans, including Malwarebytes found nothing.
Don't Look Back

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:23 PM

Posted 05 September 2010 - 05:22 AM

Can you post the full logs.

#6 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:11:23 PM

Posted 05 September 2010 - 07:14 AM

They were the only logs auto-saved by the programs. I can try run them again but given the time they take it will have to be done over night. Also, now that Dr. Web has found and removed 8 items I presume they will not show up again when I re-run the scans. I will do the scans over the coming nights and post them asap. Thanks for the replies.
Don't Look Back

#7 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:11:23 PM

Posted 07 September 2010 - 04:39 AM

I tries running Malware bytes yesterday but it failed to finish (MB has encountered a problem and needs to shut down - message). I tried it in Normal mode both quick scan and full and again both scans in safe mode. Today I will uninstall it and reinstall and see if it fixes this. Last week it ran fine.

Over night I ran Superantispyware in safe mode, full scan (having updated first). Here is the log;

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/07/2010 at 02:41 AM

Application Version : 4.15.1000

Core Rules Database Version : 5424
Trace Rules Database Version: 3238

Scan type : Complete Scan
Total Scan Time : 04:37:52

Memory items scanned : 170
Memory threats detected : 0
Registry items scanned : 6616
Registry threats detected : 0
File items scanned : 93687
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\colum\Cookies\colum@doubleclick[1].txt


Thanks again,
Haviland
Don't Look Back

#8 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:11:23 PM

Posted 07 September 2010 - 10:48 AM

I still cannot get malwarebytes to run, It starts a scan and after a short period gives the error message, MB has encoountered and error and needs to close.

It could be malware causing this. Any advice?
Don't Look Back

#9 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:11:23 PM

Posted 07 September 2010 - 11:06 AM

I also ran this TDSS rootkit removing tool to see if it could find something that was blocking malwarebytes. It found 2 items which I quarantined. Any ideas?

2010/09/07 16:58:12.0546 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/07 16:58:12.0546 ================================================================================
2010/09/07 16:58:12.0546 SystemInfo:
2010/09/07 16:58:12.0546
2010/09/07 16:58:12.0546 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/07 16:58:12.0546 Product type: Workstation
2010/09/07 16:58:12.0546 ComputerName: KAORI
2010/09/07 16:58:12.0546 UserName: colum
2010/09/07 16:58:12.0546 Windows directory: C:\WINDOWS
2010/09/07 16:58:12.0546 System windows directory: C:\WINDOWS
2010/09/07 16:58:12.0546 Processor architecture: Intel x86
2010/09/07 16:58:12.0546 Number of processors: 1
2010/09/07 16:58:12.0546 Page size: 0x1000
2010/09/07 16:58:12.0546 Boot type: Normal boot
2010/09/07 16:58:12.0546 ================================================================================
2010/09/07 16:58:13.0937 Initialize success
2010/09/07 16:58:18.0281 ================================================================================
2010/09/07 16:58:18.0281 Scan started
2010/09/07 16:58:18.0281 Mode: Manual;
2010/09/07 16:58:18.0281 ================================================================================
2010/09/07 16:58:20.0781 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/07 16:58:20.0921 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/07 16:58:21.0000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/07 16:58:21.0078 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/07 16:58:21.0140 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/07 16:58:21.0218 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/07 16:58:21.0296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/07 16:58:21.0375 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/07 16:58:21.0453 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/07 16:58:21.0515 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/07 16:58:21.0578 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/07 16:58:21.0625 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/07 16:58:21.0703 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/07 16:58:21.0796 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/07 16:58:21.0875 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/07 16:58:21.0921 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/07 16:58:22.0000 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/09/07 16:58:22.0218 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/07 16:58:22.0312 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/07 16:58:22.0359 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/07 16:58:22.0468 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/09/07 16:58:22.0531 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/07 16:58:22.0562 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/07 16:58:22.0640 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/07 16:58:22.0718 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/07 16:58:22.0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/07 16:58:22.0843 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/07 16:58:22.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/07 16:58:23.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/07 16:58:23.0187 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/09/07 16:58:23.0281 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/09/07 16:58:23.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/07 16:58:23.0453 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/09/07 16:58:23.0531 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/09/07 16:58:23.0640 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/09/07 16:58:23.0859 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/09/07 16:58:23.0984 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/09/07 16:58:24.0078 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/07 16:58:24.0109 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/07 16:58:24.0203 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/07 16:58:24.0250 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/07 16:58:24.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/07 16:58:24.0390 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/07 16:58:24.0453 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/07 16:58:24.0578 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/07 16:58:24.0640 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/07 16:58:24.0750 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/07 16:58:24.0828 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/07 16:58:24.0921 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/07 16:58:24.0968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/07 16:58:25.0062 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/07 16:58:25.0171 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/07 16:58:25.0296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/07 16:58:25.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/07 16:58:25.0437 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/07 16:58:25.0640 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/07 16:58:25.0765 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/07 16:58:25.0828 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/07 16:58:25.0968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/07 16:58:26.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/07 16:58:26.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/07 16:58:26.0203 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/07 16:58:26.0281 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/07 16:58:26.0375 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2010/09/07 16:58:26.0421 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/07 16:58:26.0515 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/07 16:58:26.0578 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/07 16:58:26.0671 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/07 16:58:26.0765 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/07 16:58:26.0859 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/07 16:58:26.0953 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/07 16:58:27.0046 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/09/07 16:58:27.0265 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/09/07 16:58:27.0406 HssDrv (0d6b32306c362750ec6576f1d90c52f7) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
2010/09/07 16:58:27.0515 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/07 16:58:27.0609 hwdatacard (200ab8daf659c7324601fcc824d7f910) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/09/07 16:58:27.0703 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/07 16:58:27.0796 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/07 16:58:27.0859 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/07 16:58:28.0015 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/09/07 16:58:28.0156 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/07 16:58:28.0250 InCDfs (d075ec26f410e5fe1cc3688bcf78609f) C:\WINDOWS\system32\drivers\InCDfs.sys
2010/09/07 16:58:28.0406 InCDPass (1267811f30ceccb72e97dc33742abea2) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2010/09/07 16:58:28.0468 InCDrec (bb4e2c719b745e27e55edbcb1230c205) C:\WINDOWS\system32\drivers\InCDrec.sys
2010/09/07 16:58:28.0515 incdrm (9589d693b003d2a4d044a2476a827e11) C:\WINDOWS\system32\drivers\incdrm.sys
2010/09/07 16:58:28.0625 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/07 16:58:28.0718 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/07 16:58:28.0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/07 16:58:28.0875 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/07 16:58:28.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/07 16:58:29.0031 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/07 16:58:29.0093 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/07 16:58:29.0171 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/07 16:58:29.0250 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/07 16:58:29.0328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/07 16:58:29.0390 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/07 16:58:29.0453 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/07 16:58:29.0515 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/07 16:58:29.0671 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/09/07 16:58:29.0765 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/07 16:58:29.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/07 16:58:30.0015 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/07 16:58:30.0062 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/07 16:58:30.0140 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/07 16:58:30.0203 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/07 16:58:30.0281 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/07 16:58:30.0375 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/07 16:58:30.0484 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/07 16:58:30.0593 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/07 16:58:30.0734 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/07 16:58:30.0812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/07 16:58:30.0859 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/07 16:58:30.0906 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/07 16:58:30.0968 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/07 16:58:31.0015 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/07 16:58:31.0109 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/07 16:58:31.0187 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/07 16:58:31.0250 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/07 16:58:31.0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/07 16:58:31.0390 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/07 16:58:31.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/07 16:58:31.0500 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/07 16:58:31.0578 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/07 16:58:31.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/07 16:58:31.0921 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/07 16:58:32.0015 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/07 16:58:32.0125 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/07 16:58:32.0265 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/07 16:58:32.0437 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/07 16:58:32.0468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/07 16:58:32.0546 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/09/07 16:58:32.0609 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/09/07 16:58:32.0687 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/09/07 16:58:32.0796 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2010/09/07 16:58:32.0843 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/07 16:58:32.0906 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/07 16:58:32.0968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/07 16:58:33.0046 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/07 16:58:33.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/07 16:58:33.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/07 16:58:33.0515 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/07 16:58:33.0562 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/07 16:58:33.0671 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/07 16:58:33.0734 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/07 16:58:33.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/07 16:58:33.0890 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/07 16:58:33.0968 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/07 16:58:34.0046 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/07 16:58:34.0109 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/07 16:58:34.0171 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/07 16:58:34.0218 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/07 16:58:34.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/07 16:58:34.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/07 16:58:34.0375 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/07 16:58:34.0406 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/07 16:58:34.0468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/07 16:58:34.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/07 16:58:34.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/07 16:58:34.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/07 16:58:34.0890 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/07 16:58:34.0984 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/09/07 16:58:35.0031 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/07 16:58:35.0171 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/07 16:58:35.0218 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/09/07 16:58:35.0250 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/09/07 16:58:35.0390 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/07 16:58:35.0484 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/07 16:58:35.0562 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/07 16:58:35.0656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/07 16:58:35.0750 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/07 16:58:35.0843 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/07 16:58:36.0390 SNPSTD3 (c01003694bec5273da99aa57053f2319) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
2010/09/07 16:58:36.0968 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/07 16:58:37.0046 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/07 16:58:37.0156 sptd (415c3adad45a94dab392cbfabbef00bb) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/07 16:58:37.0156 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 415c3adad45a94dab392cbfabbef00bb
2010/09/07 16:58:37.0171 sptd - detected Locked file (1)
2010/09/07 16:58:37.0234 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/07 16:58:37.0312 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/07 16:58:37.0421 STHDA (0467a93b1e7fda167e01fdec79783154) C:\WINDOWS\system32\drivers\sthda.sys
2010/09/07 16:58:37.0593 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/07 16:58:37.0703 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/07 16:58:37.0750 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/07 16:58:37.0843 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/07 16:58:37.0890 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/07 16:58:37.0937 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/07 16:58:37.0984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/07 16:58:38.0062 SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/07 16:58:38.0218 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/07 16:58:38.0312 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2010/09/07 16:58:38.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/07 16:58:38.0484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/07 16:58:38.0531 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/07 16:58:38.0593 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/07 16:58:38.0687 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/09/07 16:58:38.0812 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/07 16:58:38.0906 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/07 16:58:38.0968 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/07 16:58:39.0062 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/07 16:58:39.0218 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/07 16:58:39.0265 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/07 16:58:39.0453 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/07 16:58:39.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/07 16:58:39.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/07 16:58:39.0765 USBMULCD (8cfbdad46b08007b7cda37b39a93a367) C:\WINDOWS\system32\drivers\CM106.sys
2010/09/07 16:58:39.0906 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/07 16:58:39.0984 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/07 16:58:40.0109 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/07 16:58:40.0156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/07 16:58:40.0234 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2010/09/07 16:58:40.0234 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
2010/09/07 16:58:40.0250 vaxscsi - detected Locked file (1)
2010/09/07 16:58:40.0296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/07 16:58:40.0343 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/07 16:58:40.0421 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/07 16:58:40.0515 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/07 16:58:40.0609 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/07 16:58:40.0828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/07 16:58:40.0937 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/07 16:58:41.0156 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/07 16:58:41.0234 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/07 16:58:41.0328 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/07 16:58:41.0421 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/07 16:58:41.0546 ================================================================================
2010/09/07 16:58:41.0546 Scan finished
2010/09/07 16:58:41.0546 ================================================================================
2010/09/07 16:58:41.0578 Detected object count: 2
2010/09/07 16:59:23.0515 sptd (415c3adad45a94dab392cbfabbef00bb) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/07 16:59:23.0515 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 415c3adad45a94dab392cbfabbef00bb
2010/09/07 16:59:23.0546 C:\WINDOWS\system32\Drivers\sptd.sys - quarantined
2010/09/07 16:59:23.0546 Locked file(sptd) - User select action: Quarantine
2010/09/07 16:59:23.0625 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2010/09/07 16:59:23.0625 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
2010/09/07 16:59:23.0750 C:\WINDOWS\System32\Drivers\vaxscsi.sys - quarantined
2010/09/07 16:59:23.0750 Locked file(vaxscsi) - User select action: Quarantine
Don't Look Back

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:23 PM

Posted 07 September 2010 - 12:44 PM

I also ran this TDSS rootkit removing tool to see if it could find something that was blocking malwarebytes. It found 2 items which I quarantined. Any ideas?

2010/09/07 16:58:41.0546 Scan finished
2010/09/07 16:58:41.0546 ================================================================================
2010/09/07 16:58:41.0578 Detected object count: 2
2010/09/07 16:59:23.0515 sptd (415c3adad45a94dab392cbfabbef00bb) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/07 16:59:23.0515 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 415c3adad45a94dab392cbfabbef00bb
2010/09/07 16:59:23.0546 C:\WINDOWS\system32\Drivers\sptd.sys - quarantined
2010/09/07 16:59:23.0546 Locked file(sptd) - User select action: Quarantine
2010/09/07 16:59:23.0625 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2010/09/07 16:59:23.0625 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
2010/09/07 16:59:23.0750 C:\WINDOWS\System32\Drivers\vaxscsi.sys - quarantined
2010/09/07 16:59:23.0750 Locked file(vaxscsi) - User select action: Quarantine


Based upon the above please do the following:

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#11 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:11:23 PM

Posted 09 September 2010 - 06:22 AM

Hi Cryptodan, I followed your instuctions and followed the instuctions of the link given. Here is the new topic link;
http://www.bleepingcomputer.com/forums/topic346223.html

Thanks again.

Haviland

Edited by Haviland Tuf, 09 September 2010 - 06:23 AM.

Don't Look Back

#12 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:23 PM

Posted 09 September 2010 - 07:09 AM

Hello,
http://www.bleepingcomputer.com/forums/topic346223.html
Now that you have posted a log here: **insert topic link** you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users