Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect - Firefox


  • Please log in to reply
2 replies to this topic

#1 gallbladder

gallbladder

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 18 May 2011 - 01:02 AM

This is an Acer laptop running Windows 7 Home Premium (64). I've ran TDSSKiller and Norton Antivirus so far. Firefox is affected, IE 64/32 bit is not.
Many search engines are affected (Google, Bing, etc). Some sites aren't (Altavista).
I was told that the error messages that I've been getting when Windows starts up is related to this issue (Window is named RunDLL. The error message reads: There was a problem starting CtaMon.dll. The specified module could not be found). Also, I am constantly reminded to install a program whenever Windows starts up (Application install - security warning).
I'm not sure if this last issue is related but sometimes I need to refresh a new window exactly twice in order for the page to load (Firefox).

Also, I have been mounting my HTC Thunderbolt as a disk drive on this infected laptop. Should I be concerned?

Edited by gallbladder, 18 May 2011 - 01:08 AM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:45 AM

Posted 22 May 2011 - 01:19 PM

Can you post the TDSSKiller log?

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#3 gallbladder

gallbladder
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 22 May 2011 - 06:30 PM

Here are three of the four logs that you requested. The gmer log was empty.

TDSSKiller log:

2011/05/22 14:50:17.0929 8424 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 14:50:18.0280 8424 ================================================================================
2011/05/22 14:50:18.0280 8424 SystemInfo:
2011/05/22 14:50:18.0280 8424
2011/05/22 14:50:18.0280 8424 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/22 14:50:18.0280 8424 Product type: Workstation
2011/05/22 14:50:18.0280 8424 ComputerName: SPARKNINEONE-PC
2011/05/22 14:50:18.0280 8424 UserName: sparknineone
2011/05/22 14:50:18.0280 8424 Windows directory: C:\Windows
2011/05/22 14:50:18.0280 8424 System windows directory: C:\Windows
2011/05/22 14:50:18.0280 8424 Running under WOW64
2011/05/22 14:50:18.0280 8424 Processor architecture: Intel x64
2011/05/22 14:50:18.0280 8424 Number of processors: 4
2011/05/22 14:50:18.0280 8424 Page size: 0x1000
2011/05/22 14:50:18.0280 8424 Boot type: Normal boot
2011/05/22 14:50:18.0280 8424 ================================================================================
2011/05/22 14:50:18.0567 8424 Initialize success
2011/05/22 14:50:22.0292 6568 ================================================================================
2011/05/22 14:50:22.0292 6568 Scan started
2011/05/22 14:50:22.0292 6568 Mode: Manual;
2011/05/22 14:50:22.0292 6568 ================================================================================
2011/05/22 14:50:23.0376 6568 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/22 14:50:23.0499 6568 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/22 14:50:23.0617 6568 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/22 14:50:23.0955 6568 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/22 14:50:24.0084 6568 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/22 14:50:24.0153 6568 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/22 14:50:24.0280 6568 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/22 14:50:24.0400 6568 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/22 14:50:24.0522 6568 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/22 14:50:24.0566 6568 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/22 14:50:24.0658 6568 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/22 14:50:24.0760 6568 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/22 14:50:24.0869 6568 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/22 14:50:24.0912 6568 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/22 14:50:25.0021 6568 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/22 14:50:25.0058 6568 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
2011/05/22 14:50:25.0169 6568 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/22 14:50:25.0293 6568 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/22 14:50:25.0342 6568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/22 14:50:25.0377 6568 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/22 14:50:25.0489 6568 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/22 14:50:25.0621 6568 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/22 14:50:25.0827 6568 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/22 14:50:25.0953 6568 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/22 14:50:26.0036 6568 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/22 14:50:26.0147 6568 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/22 14:50:26.0303 6568 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/22 14:50:26.0400 6568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/22 14:50:26.0433 6568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/22 14:50:26.0480 6568 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
2011/05/22 14:50:26.0540 6568 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
2011/05/22 14:50:26.0733 6568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/22 14:50:26.0800 6568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/22 14:50:26.0826 6568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/22 14:50:26.0911 6568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/22 14:50:26.0969 6568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/22 14:50:27.0037 6568 CBDisk (b99d91e4cd9017f213645aa2e80eb425) C:\Windows\system32\drivers\CBDisk.sys
2011/05/22 14:50:27.0134 6568 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/22 14:50:27.0244 6568 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/22 14:50:27.0333 6568 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/22 14:50:27.0413 6568 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/22 14:50:27.0592 6568 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/22 14:50:27.0647 6568 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/22 14:50:27.0786 6568 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/22 14:50:27.0898 6568 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/22 14:50:27.0963 6568 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/22 14:50:28.0087 6568 copperhd (71879a4ab90d21bccf9e3cfcf0bb5f4a) C:\Windows\system32\drivers\copperhd.sys
2011/05/22 14:50:28.0138 6568 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/22 14:50:28.0291 6568 Ctafiltv (01acb9228c303de1fff82b807d28b2b0) C:\Windows\system32\drivers\Ctafiltv.sys
2011/05/22 14:50:28.0390 6568 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/22 14:50:28.0453 6568 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/22 14:50:28.0581 6568 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/22 14:50:28.0710 6568 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/22 14:50:28.0824 6568 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/22 14:50:28.0998 6568 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/22 14:50:29.0252 6568 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/22 14:50:29.0311 6568 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/22 14:50:29.0419 6568 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/22 14:50:29.0469 6568 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/22 14:50:29.0502 6568 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/22 14:50:29.0545 6568 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/22 14:50:29.0568 6568 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/22 14:50:29.0593 6568 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/22 14:50:29.0618 6568 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/22 14:50:29.0648 6568 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/22 14:50:29.0704 6568 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/22 14:50:29.0814 6568 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/22 14:50:29.0935 6568 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/22 14:50:30.0059 6568 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/22 14:50:30.0207 6568 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2011/05/22 14:50:30.0296 6568 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/22 14:50:30.0443 6568 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/22 14:50:30.0565 6568 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/22 14:50:30.0697 6568 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/05/22 14:50:30.0786 6568 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/22 14:50:30.0933 6568 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/22 14:50:31.0011 6568 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/22 14:50:31.0150 6568 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/22 14:50:31.0296 6568 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/22 14:50:31.0406 6568 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/22 14:50:31.0563 6568 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/22 14:50:31.0718 6568 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/22 14:50:31.0868 6568 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/22 14:50:32.0034 6568 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/22 14:50:32.0342 6568 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/22 14:50:32.0698 6568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/22 14:50:32.0851 6568 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/05/22 14:50:33.0036 6568 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/22 14:50:33.0209 6568 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/05/22 14:50:33.0288 6568 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/22 14:50:33.0364 6568 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/22 14:50:33.0468 6568 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/22 14:50:33.0514 6568 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/22 14:50:33.0574 6568 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/22 14:50:33.0745 6568 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/22 14:50:33.0806 6568 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/22 14:50:33.0945 6568 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/22 14:50:34.0101 6568 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/22 14:50:34.0244 6568 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/22 14:50:34.0401 6568 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/22 14:50:34.0463 6568 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/22 14:50:34.0607 6568 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/22 14:50:34.0744 6568 L1C (32980b4e711d2ef7128c44dc2cf85706) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/05/22 14:50:34.0921 6568 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/22 14:50:35.0194 6568 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/22 14:50:35.0234 6568 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/22 14:50:35.0297 6568 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/22 14:50:35.0455 6568 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/22 14:50:35.0513 6568 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/22 14:50:35.0671 6568 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/05/22 14:50:35.0818 6568 MDFSYSNT (1f2a22e735646f72bea9d6e454de2f57) C:\Windows\system32\drivers\MDFSYSNT.sys
2011/05/22 14:50:35.0931 6568 MDPMGRNT (e742557a08eabccc897d79717db2d5fe) C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
2011/05/22 14:50:35.0993 6568 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/22 14:50:36.0082 6568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/22 14:50:36.0222 6568 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/22 14:50:36.0333 6568 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/22 14:50:36.0400 6568 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/22 14:50:36.0534 6568 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/22 14:50:36.0591 6568 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/22 14:50:36.0710 6568 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/22 14:50:36.0756 6568 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/22 14:50:36.0802 6568 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/22 14:50:36.0855 6568 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/22 14:50:36.0901 6568 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/22 14:50:36.0933 6568 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/22 14:50:36.0989 6568 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/22 14:50:37.0049 6568 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/22 14:50:37.0126 6568 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/22 14:50:37.0241 6568 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/22 14:50:37.0306 6568 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/22 14:50:37.0479 6568 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/22 14:50:37.0636 6568 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/22 14:50:37.0795 6568 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/22 14:50:37.0959 6568 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/22 14:50:38.0118 6568 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/22 14:50:38.0289 6568 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/22 14:50:38.0454 6568 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/22 14:50:38.0623 6568 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/22 14:50:38.0771 6568 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/05/22 14:50:38.0923 6568 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/05/22 14:50:39.0072 6568 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/05/22 14:50:39.0297 6568 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/22 14:50:39.0499 6568 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/22 14:50:39.0690 6568 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/22 14:50:39.0853 6568 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/22 14:50:40.0026 6568 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/22 14:50:40.0185 6568 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/22 14:50:40.0330 6568 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/22 14:50:40.0483 6568 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/22 14:50:40.0633 6568 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/22 14:50:40.0815 6568 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/22 14:50:40.0973 6568 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/22 14:50:41.0122 6568 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/22 14:50:41.0314 6568 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/22 14:50:41.0532 6568 NTIDrvr (710263b44c1d1aee07525a53401fbe48) C:\Windows\system32\drivers\NTIDrvr.sys
2011/05/22 14:50:41.0711 6568 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/22 14:50:42.0104 6568 nvlddmkm (6850d89c7abdd8b4fb0b3659da961379) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/22 14:50:42.0487 6568 nvpciflt (76974e51df6009246bc5663a5c090f2e) C:\Windows\system32\DRIVERS\nvpciflt.sys
2011/05/22 14:50:42.0660 6568 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/22 14:50:42.0823 6568 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/22 14:50:43.0023 6568 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/22 14:50:43.0194 6568 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/22 14:50:43.0423 6568 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/22 14:50:43.0582 6568 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/22 14:50:43.0767 6568 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/22 14:50:43.0928 6568 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/22 14:50:44.0092 6568 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/22 14:50:44.0267 6568 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/22 14:50:44.0444 6568 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/22 14:50:44.0682 6568 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/22 14:50:44.0840 6568 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/22 14:50:45.0041 6568 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/22 14:50:45.0237 6568 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/22 14:50:45.0439 6568 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/22 14:50:45.0624 6568 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/22 14:50:45.0774 6568 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/22 14:50:45.0913 6568 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/22 14:50:46.0078 6568 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/22 14:50:46.0250 6568 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/22 14:50:46.0414 6568 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/22 14:50:46.0572 6568 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/22 14:50:46.0733 6568 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/22 14:50:46.0898 6568 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/22 14:50:47.0048 6568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/22 14:50:47.0236 6568 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/22 14:50:47.0403 6568 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/22 14:50:47.0569 6568 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/22 14:50:47.0735 6568 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/05/22 14:50:47.0946 6568 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/22 14:50:48.0123 6568 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/22 14:50:48.0285 6568 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/22 14:50:48.0484 6568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/22 14:50:48.0672 6568 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/22 14:50:48.0830 6568 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/22 14:50:48.0998 6568 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/22 14:50:49.0210 6568 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/22 14:50:49.0354 6568 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/22 14:50:49.0510 6568 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/22 14:50:49.0657 6568 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/22 14:50:49.0823 6568 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/22 14:50:49.0969 6568 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/22 14:50:50.0127 6568 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/22 14:50:50.0308 6568 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/22 14:50:50.0487 6568 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/22 14:50:50.0584 6568 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/22 14:50:50.0665 6568 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/22 14:50:50.0840 6568 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/22 14:50:50.0993 6568 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/22 14:50:51.0165 6568 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/22 14:50:51.0376 6568 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/22 14:50:51.0610 6568 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/22 14:50:51.0791 6568 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/22 14:50:51.0947 6568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/22 14:50:52.0103 6568 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/22 14:50:52.0282 6568 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/22 14:50:52.0448 6568 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/22 14:50:52.0648 6568 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/22 14:50:52.0827 6568 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/22 14:50:52.0991 6568 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/22 14:50:53.0139 6568 UBHelper (40079b0b801c5432ba435b5ad61ce6e3) C:\Windows\system32\drivers\UBHelper.sys
2011/05/22 14:50:53.0292 6568 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/22 14:50:53.0478 6568 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/22 14:50:53.0624 6568 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/22 14:50:53.0779 6568 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/22 14:50:53.0960 6568 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/22 14:50:54.0099 6568 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/05/22 14:50:54.0242 6568 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/22 14:50:54.0429 6568 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/22 14:50:54.0589 6568 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
2011/05/22 14:50:54.0772 6568 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/22 14:50:54.0934 6568 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/05/22 14:50:55.0118 6568 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/22 14:50:55.0288 6568 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/22 14:50:55.0453 6568 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/22 14:50:55.0600 6568 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
2011/05/22 14:50:55.0781 6568 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/22 14:50:55.0988 6568 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/22 14:50:56.0151 6568 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/22 14:50:56.0301 6568 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/22 14:50:56.0457 6568 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/22 14:50:56.0612 6568 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/22 14:50:56.0760 6568 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/22 14:50:56.0921 6568 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/22 14:50:57.0094 6568 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/22 14:50:57.0271 6568 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/22 14:50:57.0432 6568 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/22 14:50:57.0580 6568 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/22 14:50:57.0749 6568 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/22 14:50:57.0901 6568 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 14:50:57.0918 6568 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/22 14:50:58.0116 6568 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/22 14:50:58.0285 6568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/22 14:50:58.0480 6568 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/22 14:50:58.0629 6568 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/22 14:50:58.0864 6568 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/22 14:50:59.0033 6568 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/22 14:50:59.0227 6568 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/22 14:50:59.0428 6568 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/22 14:50:59.0601 6568 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/22 14:50:59.0697 6568 ================================================================================
2011/05/22 14:50:59.0697 6568 Scan finished
2011/05/22 14:50:59.0697 6568 ================================================================================









Mbam log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6641

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/22/2011 3:48:01 PM
mbam-log-2011-05-22 (15-48-01).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 419776
Time elapsed: 51 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\sparknineone\local settings\application data\pcre3.dll (Trojan.Dropper) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CTF Products Updater (Password.Stealer) -> Value: CTF Products Updater -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Dumper Host (Password.Stealer) -> Value: Windows Dumper Host -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CTF Products Updater (Password.Stealer) -> Value: CTF Products Updater -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvxslek32k (Trojan.SearchRedir.M) -> Value: drvxslek32k -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\sparknineone\AppData\Roaming\drvxslek32k (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.
c:\Users\sparknineone\AppData\Roaming\Svchost (Backdoor.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\sparknineone\documents\aoe ii + expansion [portable]\age of empires ii portable\1000000a00002i\dplaysvr.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Users\sparknineone\documents\aoe ii + expansion [portable]\age of empires ii portable\400000c00002i\closedpw.exe (Trojan.IRCBot) -> Quarantined and deleted successfully.
c:\Users\sparknineone\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\sparknineone\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\sparknineone\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\sparknineone\local settings\application data\pcre3.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\System32\b_ctfmn.dll (Password.Stealer) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\b_ctfmn.dll (Password.Stealer) -> Quarantined and deleted successfully.
c:\Users\sparknineone\AppData\Local\Temp\winbdm.dll (Password.Stealer) -> Quarantined and deleted successfully.
c:\Users\sparknineone\AppData\Roaming\drvxslek32k\config.ini (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.








SUPERAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/22/2011 at 06:21 PM

Application Version : 4.52.1000

Core Rules Database Version : 7111
Trace Rules Database Version: 4923

Scan type : Complete Scan
Total Scan Time : 01:58:09

Memory items scanned : 342
Memory threats detected : 0
Registry items scanned : 13720
Registry threats detected : 0
File items scanned : 257547
File threats detected : 75

Adware.Tracking Cookie
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@server.iad.liveperson[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@imrworldwide[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@www.googleadservices[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@tracker.cdonlineads[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@fastclick[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@bs.serving-sys[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@atdmt[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@advertising[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@ads.intergi[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@serving-sys[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@apmebf[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@mediaplex[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@adbrite[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@statcounter[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@r1-ads.ace.advertising[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@ad.yieldmanager[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@invitemedia[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@revsci[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@www.burstnet[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@msnportal.112.2o7[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@zedo[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@adserver.adtechus[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@yieldmanager[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@a1.interclick[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@liveperson[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@dmtracker[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@cigarettesexpress[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@ad.wsod[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@content.yieldmanager[3].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@interclick[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@247realmedia[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@statse.webtrendslive[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@ads.nexon[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@doubleclick[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\sparknineone@www.googleadservices[1].txt
banners.securedataimages.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
cdn.eyewonder.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
core.insightexpressai.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
ia.media-imdb.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
media.heavy.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
media.scanscout.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
media.socialvibe.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
media1.break.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
objects.tremormedia.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
s0.2mdn.net [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
secure-us.imrworldwide.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
www.naiadsystems.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
www.pornhub.com [ C:\Users\sparknineone\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXK8T5U3 ]
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@2o7[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@ad.wsod[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@ad.yieldmanager[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@ads.pointroll[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@advertising[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@atdmt[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@doubleclick[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@imrworldwide[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@interclick[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@msnportal.112.2o7[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@network.realmedia[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@pointroll[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@questionmarket[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@realmedia[1].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@specificclick[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@statse.webtrendslive[2].txt
C:\Users\sparknineone\AppData\Roaming\Microsoft\Windows\Cookies\Low\sparknineone@tribalfusion[2].txt

Trojan.Agent/Gen
C:\USERS\SPARKNINEONE\APPDATA\LOCAL\TEMP\WINBDM.DLL
C:\USERS\SPARKNINEONE\APPDATA\LOCAL\TEMP\_OR1404.TMP
C:\USERS\SPARKNINEONE\APPDATA\LOCAL\TEMP\_OR3DEA.TMP
C:\USERS\SPARKNINEONE\APPDATA\LOCAL\TEMP\_OR6BE4.TMP
C:\USERS\SPARKNINEONE\APPDATA\LOCAL\TEMP\_OR8D02.TMP
C:\USERS\SPARKNINEONE\APPDATA\LOCAL\TEMP\_ORA0D0.TMP
C:\USERS\SPARKNINEONE\APPDATA\LOCAL\TEMP\_ORAB99.TMP
C:\USERS\SPARKNINEONE\APPDATA\LOCAL\TEMP\_ORC8AC.TMP
C:\USERS\SPARKNINEONE\APPDATA\LOCAL\TEMP\_ORCB13.TMP
C:\WINDOWS\SYSWOW64\B_CTFMN.DLL




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users