Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! I can't get rid of Rootkit.Agent/Gen-TDSS


  • Please log in to reply
11 replies to this topic

#1 Camilleflower

Camilleflower

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 10 September 2010 - 07:06 PM

Hello everyone! My computer got slow, so I scanned with Superantispyware and Avira. Superantispyware found Rootkit.Agent/Gen-TDSS and adware cookies, when it was done scanning it was unable to remove objects: f1.vnbmedia.com and ftcbbqm.sys. Avira detected TR/Rootkit.Gen2, unable to remove object ftcbbqm.sys (same as Superantispyware). I scanned, then re-scanned, and same thing... What do I do? Any help would be very much appreciated! :thumbsup:

Edited by hamluis, 10 September 2010 - 07:32 PM.
Moved from XP forum to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:24 AM

Posted 11 September 2010 - 06:42 AM

Please perform a scan with Malwarebytes Anti-Malware and follow these instructions for doing a Quick Scan in normal mode.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
-- If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware.

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious', get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Camilleflower

Camilleflower
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 13 September 2010 - 06:32 PM

Hello Bleepingjanitor

Thank you very much for your help, it took a while, but I think it worked. First I scanned with MBAM, and all found malware was removed, except for that rootkit. After reboot the object remained. The tutorial said to reboot if prompted, then once logged on, to "continue with the rest of the steps", but no windows popped open with no "further steps"...? I then scanned with TDSSKiller.exe (re-named), and when it detected the rootkit, no option to select "Cure" "as instructed?) came up, only Skip, Quarantine, and Delete. First, I selected Quarantine, but Rootkit remained, until I re-scanned and chose Delete option. I was then prompted to Re-boot, and after logging on I got a clean scan from both MBAM and TDSS Killer. Attached are the logs for which you asked. But before I go, I have a couple of questions. Can I have both MBAM and SuperAntiSpyware running simultanously? And when I log on, do I need to activate MBAM manually to be protected, or is it automatic?

Once again, thank you very much! :thumbsup:
CHEERS!




MBAM SCAN 1:



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4610

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

13/09/2010 1:43:25 PM
mbam-log-2010-09-13 (13-43-25).txt

Scan type: Full scan (C:\|D:\|H:\|)
Objects scanned: 252155
Time elapsed: 1 hour(s), 35 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wyyo (Adware.Zwangi) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VRZJ8K91NT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wyyo (Adware.Wyyo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wyyo Service (Adware.Wyyo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28a3bd72-61b7-4175-bdca-c42b9962c0f1} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{28a3bd72-61b7-4175-bdca-c42b9962c0f1} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Owner\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Wyyo (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\Wyyo (Adware.Zwangi) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\ftcbbqm.sys (Rootkit.Bubnix) -> Delete on reboot.
C:\Documents and Settings\Owner\Application Data\SystemProc\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Wyyo\readme.html (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\Wyyo\uninstall.exe (Adware.Zwangi) -> Quarantined and deleted successfully.





MBAM SCAN 2:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4610

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

13/09/2010 2:59:17 PM
mbam-log-2010-09-13 (14-59-17).txt

Scan type: Quick scan
Objects scanned: 150957
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\ftcbbqm.sys (Rootkit.Bubnix) -> Delete on reboot.




TDSS KILLER SCAN 1:

2010/09/13 14:37:43.0171 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/13 14:37:43.0171 ================================================================================
2010/09/13 14:37:43.0171 SystemInfo:
2010/09/13 14:37:43.0171
2010/09/13 14:37:43.0171 OS Version: 5.1.2600 ServicePack: 2.0
2010/09/13 14:37:43.0171 Product type: Workstation
2010/09/13 14:37:43.0171 ComputerName: JUNK
2010/09/13 14:37:43.0171 UserName: Owner
2010/09/13 14:37:43.0171 Windows directory: C:\WINDOWS
2010/09/13 14:37:43.0171 System windows directory: C:\WINDOWS
2010/09/13 14:37:43.0171 Processor architecture: Intel x86
2010/09/13 14:37:43.0171 Number of processors: 2
2010/09/13 14:37:43.0171 Page size: 0x1000
2010/09/13 14:37:43.0171 Boot type: Normal boot
2010/09/13 14:37:43.0171 ================================================================================
2010/09/13 14:37:43.0390 Initialize success
2010/09/13 14:37:52.0015 ================================================================================
2010/09/13 14:37:52.0015 Scan started
2010/09/13 14:37:52.0015 Mode: Manual;
2010/09/13 14:37:52.0015 ================================================================================
2010/09/13 14:37:52.0468 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/13 14:37:52.0609 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/13 14:37:52.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/13 14:37:52.0890 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/13 14:37:53.0093 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/09/13 14:37:53.0250 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/09/13 14:37:53.0406 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/13 14:37:53.0546 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/13 14:37:53.0703 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/13 14:37:53.0859 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/13 14:37:54.0000 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/13 14:37:54.0187 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/13 14:37:54.0328 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/13 14:37:54.0515 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/09/13 14:37:54.0703 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/13 14:37:54.0859 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/13 14:37:55.0000 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/13 14:37:55.0062 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/13 14:37:55.0203 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/13 14:37:55.0343 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/13 14:37:55.0484 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/13 14:37:55.0656 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/13 14:37:55.0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/13 14:37:55.0921 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/09/13 14:37:56.0046 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/09/13 14:37:56.0203 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/09/13 14:37:56.0359 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/13 14:37:56.0500 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/13 14:37:56.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/13 14:37:56.0781 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/13 14:37:56.0921 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/13 14:37:57.0062 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/13 14:37:57.0218 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/13 14:37:57.0453 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/13 14:37:57.0609 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/13 14:37:57.0750 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/13 14:37:57.0890 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/13 14:37:58.0031 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/13 14:37:58.0265 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/13 14:37:58.0500 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/13 14:37:58.0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/13 14:37:58.0781 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/13 14:37:58.0937 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/13 14:37:59.0078 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/13 14:37:59.0234 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/13 14:37:59.0375 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/13 14:37:59.0515 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/13 14:37:59.0640 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/13 14:37:59.0781 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/13 14:37:59.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/13 14:37:59.0937 Suspicious service (NoAccess): ftcbbqm
2010/09/13 14:38:00.0062 ftcbbqm (393af7f675b74c5c664b8d2d9e24be7f) C:\WINDOWS\system32\drivers\ftcbbqm.sys
2010/09/13 14:38:00.0062 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\ftcbbqm.sys. md5: 393af7f675b74c5c664b8d2d9e24be7f
2010/09/13 14:38:00.0078 ftcbbqm - detected Locked service (1)
2010/09/13 14:38:00.0218 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/13 14:38:00.0359 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/13 14:38:00.0515 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/13 14:38:00.0656 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/13 14:38:00.0812 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/13 14:38:00.0968 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/13 14:38:01.0109 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/13 14:38:01.0250 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/13 14:38:01.0406 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/13 14:38:01.0562 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/13 14:38:01.0703 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/13 14:38:01.0843 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/13 14:38:02.0125 ialm (9369957485fa01f1b45318779207df6e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/09/13 14:38:02.0375 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/13 14:38:02.0531 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/13 14:38:02.0703 IntcAzAudAddService (512cc914475348d774d1bb9f866396a5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/13 14:38:02.0875 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/13 14:38:03.0015 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/13 14:38:03.0156 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/13 14:38:03.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/13 14:38:03.0421 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/13 14:38:03.0546 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/13 14:38:03.0703 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/13 14:38:03.0843 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/13 14:38:03.0968 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/13 14:38:04.0109 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/13 14:38:04.0250 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/13 14:38:04.0406 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/13 14:38:04.0562 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/13 14:38:04.0703 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2010/09/13 14:38:04.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/13 14:38:05.0062 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/13 14:38:05.0203 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/09/13 14:38:05.0406 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/13 14:38:05.0546 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/13 14:38:05.0656 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/13 14:38:05.0781 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/13 14:38:05.0921 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/09/13 14:38:05.0953 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/09/13 14:38:06.0093 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/13 14:38:06.0265 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/13 14:38:06.0421 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/13 14:38:06.0562 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/13 14:38:06.0687 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/13 14:38:06.0812 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/13 14:38:06.0953 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/13 14:38:07.0093 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/09/13 14:38:07.0234 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/13 14:38:07.0468 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/13 14:38:07.0609 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/13 14:38:07.0750 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/13 14:38:07.0890 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/13 14:38:08.0031 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/13 14:38:08.0171 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/13 14:38:08.0312 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/13 14:38:08.0468 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/13 14:38:08.0640 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/13 14:38:08.0812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/13 14:38:09.0093 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/13 14:38:09.0375 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/09/13 14:38:09.0515 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/09/13 14:38:09.0671 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2010/09/13 14:38:09.0812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/13 14:38:09.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/13 14:38:10.0078 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/09/13 14:38:10.0218 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/13 14:38:10.0359 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/13 14:38:10.0500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/13 14:38:10.0640 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/13 14:38:10.0906 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/13 14:38:11.0062 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/13 14:38:11.0437 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/13 14:38:11.0578 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/13 14:38:11.0750 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/13 14:38:11.0890 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/13 14:38:12.0031 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/13 14:38:12.0187 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/13 14:38:12.0328 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/13 14:38:12.0484 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/13 14:38:12.0625 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/13 14:38:12.0765 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/13 14:38:12.0890 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/13 14:38:13.0031 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/13 14:38:13.0171 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/13 14:38:13.0312 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/13 14:38:13.0453 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/13 14:38:13.0609 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/13 14:38:13.0781 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/13 14:38:13.0937 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/13 14:38:14.0062 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/13 14:38:14.0218 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/13 14:38:14.0359 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/13 14:38:14.0468 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/09/13 14:38:14.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/13 14:38:14.0750 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/13 14:38:14.0890 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/13 14:38:15.0046 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/13 14:38:15.0265 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/13 14:38:15.0406 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/13 14:38:15.0531 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/13 14:38:15.0687 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/13 14:38:15.0843 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/13 14:38:16.0000 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/09/13 14:38:16.0140 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/13 14:38:16.0281 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/13 14:38:16.0375 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/13 14:38:16.0515 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/13 14:38:16.0656 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/13 14:38:16.0796 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/13 14:38:16.0937 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/13 14:38:17.0093 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/13 14:38:17.0234 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/13 14:38:17.0359 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/13 14:38:17.0484 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/13 14:38:17.0640 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/13 14:38:17.0796 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/13 14:38:17.0937 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/13 14:38:18.0000 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/13 14:38:18.0140 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/13 14:38:18.0281 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/13 14:38:18.0421 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/13 14:38:18.0562 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/13 14:38:18.0703 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/13 14:38:18.0890 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/13 14:38:19.0031 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/13 14:38:19.0187 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/13 14:38:19.0328 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/09/13 14:38:19.0468 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/13 14:38:19.0609 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/13 14:38:19.0765 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/13 14:38:19.0921 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/13 14:38:20.0125 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/13 14:38:20.0296 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/13 14:38:20.0453 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/13 14:38:20.0609 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/13 14:38:20.0656 ================================================================================
2010/09/13 14:38:20.0656 Scan finished
2010/09/13 14:38:20.0656 ================================================================================
2010/09/13 14:38:20.0656 Detected object count: 1
2010/09/13 14:42:02.0750 ftcbbqm (393af7f675b74c5c664b8d2d9e24be7f) C:\WINDOWS\system32\drivers\ftcbbqm.sys
2010/09/13 14:42:02.0750 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\ftcbbqm.sys. md5: 393af7f675b74c5c664b8d2d9e24be7f
2010/09/13 14:42:02.0765 C:\WINDOWS\system32\drivers\ftcbbqm.sys - quarantined
2010/09/13 14:42:02.0765 Locked service(ftcbbqm) - User select action: Quarantine
2010/09/13 14:46:57.0000 Deinitialize success


TDSS KILLER SCAN 2:

2010/09/13 15:22:24.0625 Processor architecture: Intel x86
2010/09/13 15:22:24.0625 Number of processors: 2
2010/09/13 15:22:24.0625 Page size: 0x1000
2010/09/13 15:22:24.0625 Boot type: Normal boot
2010/09/13 15:22:24.0625 ================================================================================
2010/09/13 15:22:24.0859 Initialize success
2010/09/13 15:22:27.0125 ================================================================================
2010/09/13 15:22:27.0125 Scan started
2010/09/13 15:22:27.0125 Mode: Manual;
2010/09/13 15:22:27.0125 ================================================================================
2010/09/13 15:22:28.0656 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/13 15:22:28.0812 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/13 15:22:28.0968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/13 15:22:29.0125 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/13 15:22:29.0265 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/09/13 15:22:29.0453 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/09/13 15:22:29.0625 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/13 15:22:29.0765 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/13 15:22:29.0921 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/13 15:22:30.0093 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/13 15:22:30.0281 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/13 15:22:30.0421 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/13 15:22:30.0562 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/13 15:22:30.0765 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/09/13 15:22:31.0046 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/13 15:22:31.0203 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/13 15:22:31.0359 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/13 15:22:31.0500 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/13 15:22:31.0671 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/13 15:22:31.0812 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/13 15:22:31.0968 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/13 15:22:32.0203 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/13 15:22:32.0343 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/13 15:22:32.0453 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/09/13 15:22:32.0625 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/09/13 15:22:32.0781 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/09/13 15:22:32.0937 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/13 15:22:33.0109 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/13 15:22:33.0250 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/13 15:22:33.0390 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/13 15:22:33.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/13 15:22:33.0687 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/13 15:22:33.0859 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/13 15:22:34.0093 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/13 15:22:34.0250 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/13 15:22:34.0390 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/13 15:22:34.0578 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/13 15:22:34.0859 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/13 15:22:35.0062 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/13 15:22:35.0375 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/13 15:22:35.0531 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/13 15:22:35.0640 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/13 15:22:35.0812 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/13 15:22:35.0953 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/13 15:22:36.0109 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/13 15:22:36.0250 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/13 15:22:36.0390 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/13 15:22:36.0531 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/13 15:22:36.0671 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/13 15:22:36.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/13 15:22:37.0000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/13 15:22:37.0156 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/13 15:22:37.0312 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/13 15:22:37.0453 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/13 15:22:37.0609 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/13 15:22:37.0796 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/13 15:22:37.0937 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/13 15:22:38.0093 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/13 15:22:38.0250 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/13 15:22:38.0390 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/13 15:22:38.0531 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/13 15:22:38.0640 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/13 15:22:38.0890 ialm (9369957485fa01f1b45318779207df6e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/09/13 15:22:39.0203 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/13 15:22:39.0343 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/13 15:22:39.0609 IntcAzAudAddService (512cc914475348d774d1bb9f866396a5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/13 15:22:39.0765 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/13 15:22:39.0921 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/13 15:22:40.0062 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/13 15:22:40.0187 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/13 15:22:40.0328 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/13 15:22:40.0468 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/13 15:22:40.0625 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/13 15:22:40.0781 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/13 15:22:40.0921 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/13 15:22:41.0062 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/13 15:22:41.0218 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/13 15:22:41.0359 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/13 15:22:41.0515 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/13 15:22:41.0640 L1e (080cf8720a306a64f7a09d1226491791) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2010/09/13 15:22:41.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/13 15:22:42.0078 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/13 15:22:42.0218 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/09/13 15:22:42.0437 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/13 15:22:42.0578 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/13 15:22:42.0750 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/13 15:22:42.0906 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/13 15:22:43.0046 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/09/13 15:22:43.0187 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/09/13 15:22:43.0437 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/13 15:22:43.0609 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/13 15:22:43.0796 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/13 15:22:43.0953 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/13 15:22:44.0078 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/13 15:22:44.0187 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/13 15:22:44.0328 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/13 15:22:44.0484 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/09/13 15:22:44.0625 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/13 15:22:44.0906 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/13 15:22:45.0062 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/13 15:22:45.0203 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/13 15:22:45.0343 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/13 15:22:45.0484 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/13 15:22:45.0656 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/13 15:22:45.0828 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/13 15:22:46.0000 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/13 15:22:46.0156 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/13 15:22:46.0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/13 15:22:46.0609 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/13 15:22:47.0062 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/09/13 15:22:47.0218 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/09/13 15:22:47.0359 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2010/09/13 15:22:47.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/13 15:22:47.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/13 15:22:47.0843 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/09/13 15:22:47.0984 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/13 15:22:48.0156 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/13 15:22:48.0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/13 15:22:48.0500 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/13 15:22:48.0750 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/13 15:22:48.0968 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/13 15:22:49.0265 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/13 15:22:49.0390 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/13 15:22:49.0546 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/13 15:22:49.0687 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/13 15:22:49.0906 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/13 15:22:50.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/13 15:22:50.0281 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/13 15:22:50.0406 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/13 15:22:50.0593 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/13 15:22:50.0781 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/13 15:22:50.0968 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/13 15:22:51.0140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/13 15:22:51.0328 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/13 15:22:51.0515 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/13 15:22:51.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/13 15:22:51.0843 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/13 15:22:52.0046 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/13 15:22:52.0234 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/13 15:22:52.0421 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/13 15:22:52.0625 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/13 15:22:52.0765 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/13 15:22:52.0890 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/09/13 15:22:53.0062 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/13 15:22:53.0234 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/13 15:22:53.0406 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/13 15:22:53.0609 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/13 15:22:53.0875 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/13 15:22:54.0062 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/13 15:22:54.0234 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/13 15:22:54.0406 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/13 15:22:54.0593 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/13 15:22:54.0781 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/09/13 15:22:54.0968 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/13 15:22:55.0140 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/13 15:22:55.0312 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/13 15:22:55.0468 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/13 15:22:55.0671 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/13 15:22:55.0875 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/13 15:22:56.0046 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/13 15:22:56.0187 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/13 15:22:56.0375 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/13 15:22:56.0531 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/13 15:22:56.0671 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/13 15:22:56.0875 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/13 15:22:57.0062 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/13 15:22:57.0234 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/13 15:22:57.0421 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/13 15:22:57.0625 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/13 15:22:57.0828 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/13 15:22:58.0000 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/13 15:22:58.0171 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/13 15:22:58.0343 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/13 15:22:58.0515 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/13 15:22:58.0687 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/13 15:22:58.0875 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/13 15:22:59.0062 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/09/13 15:22:59.0281 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/13 15:22:59.0578 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/13 15:22:59.0812 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/13 15:23:00.0015 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/13 15:23:00.0234 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/13 15:23:00.0390 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/13 15:23:00.0578 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/13 15:23:00.0765 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/13 15:23:00.0843 ================================================================================
2010/09/13 15:23:00.0843 Scan finished
2010/09/13 15:23:00.0843 ================================================================================
2010/09/13 15:23:08.0843 Deinitialize success


MBAM SCAN 3:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4610

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

13/09/2010 3:35:30 PM
mbam-log-2010-09-13 (15-35-30).txt

Scan type: Quick scan
Objects scanned: 150898
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:24 AM

Posted 13 September 2010 - 08:22 PM

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts including:
    • Administrator.
    • All Users.
    • LocalService.
    • NetworkService.
    • and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.


Try doing an online scan to see if it finds anything else (i.e. remanants) that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

Can I have both MBAM and SuperAntiSpyware running simultanously? And when I log on, do I need to activate MBAM manually to be protected, or is it automatic?

As a general rule, using more than one anti-spyware program like Malwarebytes' Anti-Malware, SuperAntispyware, Spybot S&D, Ad-Aware, Spyware Terminator, etc. will not conflict with each other or your anti-virus if using only one of them for real-time protection and others as stand-alone scanners. In fact, doing so increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. The overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware. However, competing tools may provide redundant alerts which can be annoying and/or confusing as a result of the overlap in protection.

If using multiple real-time resident shields (TeaTimer, Ad-Watch, MBAM Protection Module, Spyware Terminator Shields, etc.) together at the same time, there can be conflicts when each application tries to compete for resources and exclusive rights to perform an action. They may identify the activity of each other as suspicious and produce alerts. Further, your anti-virus may detect suspicious activity while these programs are scanning (reading) files, especially if it uses a heuristic scanning engine, regardless if they are running in real-time or on demand. The anti-virus may even detect as threats, any malware removed by these programs and placed into quarantined areas. This can lead to a repetitive cycle of endless alerts or false alarms that continually warn a threat has been found if the contents of the quarantine folder are not removed before beginning a new security scan.

I recommend taking advantage of the Malwarebytes Anti-Malware Protection Module in the full version which uses advanced heuristic scanning technology to monitor your system and provide real-time protection that helps prevent the installation of most new malware. This technology runs at startup to monitor every process and stop malicious processes before they can infect your computer. The database that defines the heuristics is updated as often as there is something to add to it. Enabling the Protection Module feature requires registration and purchase of a license key that includes free lifetime upgrades and support. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. The Protection Module is not intrusive as it utilizes few system resources and should not conflict with other scanners or anti-virus programs. If you choose the free version, you can just use it as a stand-alone scanner.

Edited by quietman7, 13 September 2010 - 08:25 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Camilleflower

Camilleflower
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 13 September 2010 - 10:22 PM

I did the TFC scan, and all went well. I then ran the ESET Online scan with clear results. Below is the log.
Thank you again for all your help, and for answering my questions. Having real time protection from MBAM is tempting, it's definitely affordable, just what are some payment options other than credit card, or online? It's kinda scary for me to do any $ transfers online.
Cheers! :thumbsup:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9312d8de1d01f941b2c87510ab871608
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-09-14 03:06:09
# local_time=2010-09-13 08:06:09 (-0800, Pacific Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775125 100 93 0 43405430 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=78795
# found=0
# cleaned=0
# scan_time=2434

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:24 AM

Posted 14 September 2010 - 07:29 AM

You can inquire about payment options with the Malwarebytes Anti-Malware Support Team or E-mail the Malwarebytes Support Help Desk for individual assistance.


How is your computer running now? Are there any more signs of infection, strange audio ads, unwanted pop-ups, security alerts, or browser redirects?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Camilleflower

Camilleflower
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 14 September 2010 - 01:33 PM

Thank you, I'll check it out!
Just in case, this AM I ran quick scans with MBAM and Superantispyware, with clean results. Everything is working fine, the only thing that seemed odd, is Avira updating very slowly. Could it have been altered while my PC was infected, should I re-install it?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:24 AM

Posted 14 September 2010 - 01:58 PM

Avira updating very slowly

Could be the servers were busy or you did not have a good connection at the time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Camilleflower

Camilleflower
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 14 September 2010 - 08:21 PM

Oh, I see... Uhm, this afternoon Avira found 1 malware and quarantined it TR\Trash.Gen Trojan. I quickly scanned with Superantispyware and some adware cookies were found and quarantined, then the scan with MBAM was clear. The weird thing is that the computer was not even connected to the internet when the finding occured. Could it be residual? Or I'm being picked on, and Avira was slow to find it? I added the Avira log.
Thanks, and cheers!


Avira AntiVir Personal
Report file date: September 14, 2010 15:38

Scanning for 2844827 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JUNK

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 19:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 18:05:36
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 18:05:46
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 03:10:15
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 18:32:51
VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 18:32:51
VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 18:32:51
VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 18:32:52
VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 18:32:52
VBASE013.VDF : 7.10.11.138 2048 Bytes 9/13/2010 18:32:53
VBASE014.VDF : 7.10.11.139 2048 Bytes 9/13/2010 18:32:53
VBASE015.VDF : 7.10.11.140 2048 Bytes 9/13/2010 18:32:54
VBASE016.VDF : 7.10.11.141 2048 Bytes 9/13/2010 18:32:56
VBASE017.VDF : 7.10.11.142 2048 Bytes 9/13/2010 18:32:58
VBASE018.VDF : 7.10.11.143 2048 Bytes 9/13/2010 18:32:58
VBASE019.VDF : 7.10.11.144 2048 Bytes 9/13/2010 18:32:58
VBASE020.VDF : 7.10.11.145 2048 Bytes 9/13/2010 18:32:58
VBASE021.VDF : 7.10.11.146 2048 Bytes 9/13/2010 18:32:59
VBASE022.VDF : 7.10.11.147 2048 Bytes 9/13/2010 18:32:59
VBASE023.VDF : 7.10.11.148 2048 Bytes 9/13/2010 18:33:00
VBASE024.VDF : 7.10.11.149 2048 Bytes 9/13/2010 18:33:00
VBASE025.VDF : 7.10.11.150 2048 Bytes 9/13/2010 18:33:00
VBASE026.VDF : 7.10.11.151 2048 Bytes 9/13/2010 18:33:01
VBASE027.VDF : 7.10.11.152 2048 Bytes 9/13/2010 18:33:01
VBASE028.VDF : 7.10.11.153 2048 Bytes 9/13/2010 18:33:02
VBASE029.VDF : 7.10.11.154 2048 Bytes 9/13/2010 18:33:02
VBASE030.VDF : 7.10.11.155 2048 Bytes 9/13/2010 18:33:03
VBASE031.VDF : 7.10.11.163 170496 Bytes 9/14/2010 17:53:31
Engineversion : 8.2.4.52
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 03:18:28
AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 8/27/2010 21:16:23
AESCN.DLL : 8.1.6.1 127347 Bytes 7/14/2010 18:06:31
AESBX.DLL : 8.1.3.1 254324 Bytes 7/14/2010 18:06:36
AERDL.DLL : 8.1.8.2 614772 Bytes 7/23/2010 01:16:16
AEPACK.DLL : 8.2.3.5 471412 Bytes 8/8/2010 15:50:03
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/23/2010 01:16:12
AEHEUR.DLL : 8.1.2.21 2883958 Bytes 9/3/2010 17:51:28
AEHELP.DLL : 8.1.13.3 242038 Bytes 8/27/2010 21:16:13
AEGEN.DLL : 8.1.3.21 401780 Bytes 9/14/2010 17:54:08
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/14/2010 18:06:19
AECORE.DLL : 8.1.16.2 192887 Bytes 7/23/2010 01:16:01
AEBB.DLL : 8.1.1.0 53618 Bytes 7/14/2010 18:06:16
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/19/2010 00:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_ed80a4ac\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: September 14, 2010 15:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '1' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'OpwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP48\A0002377.exe'
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP48\A0002377.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4ec558cf.qua'.



End of the scan: September 14, 2010 15:38
Used time: 00:06 Minute(s)

The scan has been done completely.

0 Scanned directories
35 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
34 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:24 AM

Posted 14 September 2010 - 08:51 PM

The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan were in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after RP represents a sequential number automatically assigned by the operating system. The ***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:System Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before changes are made. These restore points can be used to "roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. See What's Restored when using System Restore and What's Not.

System Restore is enabled by default and will back up the good as well as malevolent files, so when malware is present on the system it gets included in restore points as an A00***** file. If you only get a detection on a file in the SVI folder, that means the original file was on your system in another location at some point and probably has been removed. However, when you scan your system with anti-virus or anti-malware tools, you may receive an alert that a malicious file was detected in the SVI folder (in System Restore points) and moved into quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat. Thereafter, you can delete it at any time.

If your anti-virus or anti-malware tool cannot move the files to quarantine, they sometimes can reinfect your system if you accidentally use an old restore point. If your anti-virus or anti-malware tool was able to move (quarantine) the file(s) it is no longer a threat. When an anti-virus or security program quarantines a file and moves it into a virus vault (chest) or a dedicated quarantine folder, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is usually renamed before moving, then safely held there and no longer a threat until you take action to delete it.

One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive" especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be malicious, you can delete it at any time usually by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete. If it was a false positive, then you can choose the option to restore the file.

Other than that, how is your computer running now? Are there any more signs of infection, strange audio ads, unwanted pop-ups, security alerts, or browser redirects?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Camilleflower

Camilleflower
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 15 September 2010 - 01:34 PM

Thank you very much for everything! My computer's running well, except adware cookies every time I go online, but I guess that's normal.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:24 AM

Posted 15 September 2010 - 01:41 PM

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:FYI: Cookies are text string messages given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them.
  • Persistent cookies have expiration dates set by the Web server when it passes the cookie and are stored on a user's hard drive until they expire or are deleted. These types of cookies are used to store information between visits to a site and collect identifying information about the user such as surfing behavior or preferences for a specific web site.
  • Session (transient) cookies are not saved to the hard drive, do not collect any information and have no set expiration date. They are used to temporarily hold information in the form of a session identification stored in memory as you browse web pages. These types of cookies are cached only while a user is visiting the Web server issuing the session cookie and are deleted from the cache when the user closes the session.
Cookies can be categorized as:
  • Trusted cookies are from sites you trust, use often, and want to be able to identify and personalize content for you.
  • Nuisance cookies are from those sites you do not recognize or often use but somehow it's put a cookie on your machine.
  • Bad cookies (i.e. persistent cookies, long term and third party tracking cookies) are those that can be linked to an ad company or something that tracks your movements across the web.
The type of persistent cookie that is a cause for some concern are "tracking cookies" because they can be considered a privacy risk. These types of cookies are used to track your Web browsing habits (your movement from site to site). Ad companies use them to record your activity on all sites where they have placed ads. They can keep count of how many times you visited a web page, store your username and password so you don't have to log in and retain your custom settings. When you visit one of these sites, a cookie is placed on your computer. Each time you visit another site that hosts one of their ads, that same cookie is read, and soon they have assembled a list of which of their sites you have visited and which of their ads that you have clicked on. Cookies are used all over the Internet and advertisement companies often plant them whenever your browser loads one of their banners.

Cookies are NOT a "threat". As text files they cannot be executed to cause any damage. Cookies do not cause any pop ups or install malware and they cannot erase or read information from a computer.

Cookies cannot be used to run code (run programs) or to deliver viruses to your computer.

MS Article ID: 60971 - Description of Cookies

To learn more about Cookies, please refer to:Flash cookies (or Local Shared Objects) are a newer way of tracking user behavior and surfing habits but they too are not a threat and cannot harm your computer. Flash cookies are cookie-like data stored on a computer and used by all versions of Adobe Flash Player and similar applications. They can store much more information than traditional browser cookies and they are typically stored within each user’s Application Data directory with a ".SOL" extension, under the Macromedia\FlashPlayer\#SharedObjects folder. Unlike traditional cookies, Flash cookies cannot be managed through browser controls so they are more difficult to find and remove. However, they can be viewed, managed and deleted using the Website Storage Settings panel at Macromedia's Support Site. From this panel, you can change storage settings for a website, delete a specific website or delete all sites which erases any information that may have been stored on the computer. To prevent any Flash Cookies from being stored on your computer, go to the Global Storage Settings panel and uncheck the option “Allow third-party Flash content to store data on your computer”. For more information, please refer to:As long as you surf the Internet, you are going to get cookies and some of your security programs will flag them for removal. However, you can minimize the number of them which are stored on your computer by referring to:

Edited by quietman7, 15 September 2010 - 01:52 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users