Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Google and Yahoo Redirects

  1. #1
    Junior Member
    Join Date
    Sep 2011
    Posts
    13

    Angry Google and Yahoo Redirects

    Whenever I search for something on yahoo or google and then click on the results the page gets redirected. Dogpile.com still works though, here is my logs:

    DDS results:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Jade at 20:23:49 on 2011-08-31
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6143.4307 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    c:\hp\HPEZBTN\HPBtnSrv.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files (x86)\Palm\Hotsync.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Logitech\SetPoint\KEM.exe
    C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\PROGRA~2\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
    C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
    C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\WUDFHost.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] C:\HP\KBD\KbdStub.EXE
    mRun: [SetPoint] "C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE"
    mRun: [Share-to-Web Namespace Daemon] "C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    StartupFolder: C:\Users\Jade\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HOTSYN~1.LNK - C:\Program Files (x86)\Palm\Hotsync.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~2.LNK - C:\Program Files (x86)\Logitech\SetPoint\KEM.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C932D27E-0EE0-44BB-8066-B67ECA06D4A8} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C932D27E-0EE0-44BB-8066-B67ECA06D4A8}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun-x64: [KBD] C:\HP\KBD\KbdStub.EXE
    mRun-x64: [SetPoint] "C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE"
    mRun-x64: [Share-to-Web Namespace Daemon] "C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\v89rpgx1.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2008-5-9 198240]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-7 13336]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-29 2214504]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-29 1153368]
    R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
    R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-09-01 01:50:35 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9BC1CF9-6161-4031-A154-98E134E3C04D}\mpengine.dll
    2011-08-31 17:44:46 -------- d-----w- C:\Users\Jade\AppData\Local\PhotoChannel
    2011-08-31 03:28:49 -------- d-----w- C:\Users\Jade\AppData\Roaming\Malwarebytes
    2011-08-31 03:28:32 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-08-30 06:17:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-08-30 06:17:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-08-30 05:09:54 -------- d-----w- C:\ProgramData\STOPzilla!
    2011-08-30 04:43:34 -------- d-----w- C:\Program Files\Realtek
    2011-08-30 04:40:51 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2011-08-30 04:40:37 739432 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
    2011-08-30 04:40:37 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll
    2011-08-30 04:39:45 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2011-08-30 04:39:33 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2011-08-24 14:45:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-08-24 14:45:10 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-08-12 10:11:40 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7D37064-8CDC-4956-8DF2-4260F9C6CB66}\gapaengine.dll
    2011-08-11 04:28:57 -------- d-----w- C:\Windows\System32\SPReview
    2011-08-11 04:28:31 -------- d-----w- C:\Windows\System32\EventProviders
    2011-08-11 03:04:53 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-08-11 03:04:52 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-08-11 03:04:51 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-08-09 02:57:05 -------- d-----w- C:\Program Files (x86)\Ask.com
    2011-08-09 02:56:44 -------- d-----w- C:\ProgramData\Ask
    2011-08-09 02:55:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-08-08 14:32:50 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-08-08 14:32:50 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-08-06 20:00:27 -------- d-----w- C:\ProgramData\Bakrie
    2011-08-06 18:57:46 -------- d-----w- C:\Users\Jade\AppData\Roaming\Titanium
    2011-08-06 18:57:44 -------- d-----w- C:\Users\Jade\AppData\Local\Bakrie
    2011-08-06 18:55:41 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
    2011-08-06 18:54:43 -------- d-----w- C:\Program Files (x86)\Bakrie
    2011-08-05 20:38:08 28680 ----a-w- C:\Windows\SysWow64\drivers\swmsflt.sys
    .
    ==================== Find3M ====================
    .
    2011-08-11 05:02:00 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-08-11 05:01:59 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-08-05 20:37:50 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-06-27 15:42:31 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 20:33:06.36 ===============

    DoubleClick: Tracking cookie (Internet Explorer: Jade) (Cookie, nothing done)


    Right Media: Tracking cookie (Internet Explorer: Jade) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Internet Explorer: Jade) (Cookie, nothing done)


    FastClick: Tracking cookie (Internet Explorer: Jade) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2011-08-29 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-08-29 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-05-16 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-08-31 Includes\Malware.sbi (*)
    2011-08-30 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-05-24 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-05-03 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-06-14 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-06-20 Includes\Trojans.sbi (*)
    2011-08-29 Includes\TrojansC-02.sbi (*)
    2011-08-09 Includes\TrojansC-03.sbi (*)
    2011-08-30 Includes\TrojansC-04.sbi (*)
    2011-08-29 Includes\TrojansC-05.sbi (*)
    2011-08-23 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll


    Thanks for the help in advance!
    Last edited by tashi; 2011-09-01 at 05:48. Reason: Merged two posts :-)

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Ask Toolbar <--This falls somewhere in the gray area, I would unintall it via Programs and Features in the Control Panel, let me know if it would not uninstall.


    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply







    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Sep 2011
    Posts
    13

    Default Log Results

    The ask toolbar uninstalled successfully without problems.

    Here is my aswMBR log:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-04 09:43:14
    -----------------------------
    09:43:14.555 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:43:14.555 Number of processors: 4 586 0xF0B
    09:43:14.555 ComputerName: JADES-DESKTOP UserName: Jade
    09:43:18.363 Initialize success
    09:43:21.405 AVAST engine defs: 11090400
    09:43:44.789 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:43:44.789 Disk 0 Vendor: ST375063 HP24 Size: 715404MB BusType: 8
    09:43:44.820 Disk 0 MBR read successfully
    09:43:44.820 Disk 0 MBR scan
    09:43:44.820 Disk 0 TDL4@MBR code has been found
    09:43:44.820 Disk 0 Windows 7 default MBR code found via API
    09:43:44.820 Disk 0 MBR hidden
    09:43:44.836 Disk 0 MBR [TDL4] **ROOTKIT**
    09:43:44.836 Disk 0 trace - called modules:
    09:43:44.851 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80080b8254]<<
    09:43:44.851 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080a4060]
    09:43:44.851 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005c0d050]
    09:43:44.851 \Driver\iaStor[0xfffffa8005bdaba0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80080b8254
    09:43:46.287 AVAST engine scan C:\Windows
    09:43:52.152 AVAST engine scan C:\Windows\system32
    09:46:16.952 AVAST engine scan C:\Windows\system32\drivers
    09:46:33.066 AVAST engine scan C:\Users\Jade
    10:06:30.176 AVAST engine scan C:\ProgramData
    10:08:34.025 Scan finished successfully
    10:20:01.659 Disk 0 MBR has been saved successfully to "C:\Users\Jade\Desktop\MBR.dat"
    10:20:01.659 The log file has been saved successfully to "C:\Users\Jade\Desktop\aswMBR.txt"


    Here is my malwrebytes log:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7651

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    9/4/2011 10:01:22 AM
    mbam-log-2011-09-04 (10-01-22).txt

    Scan type: Quick scan
    Objects scanned: 224153
    Time elapsed: 3 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    I also attached the log files to this post.

    Thanks in advance, I'll be looking forward to your response.

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Your infected with the TDSS Rootkit


    What I would like you to do is to run this program, make sure to cure what it finds, reboot, post the log and then run aswMBR again and post a new log

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Sep 2011
    Posts
    13

    Default RDSSKiller log

    Here is my RDSS Killer log:

    2011/09/04 16:45:47.0915 5656 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
    2011/09/04 16:45:48.0383 5656 ================================================================================
    2011/09/04 16:45:48.0383 5656 SystemInfo:
    2011/09/04 16:45:48.0383 5656
    2011/09/04 16:45:48.0383 5656 OS Version: 6.1.7601 ServicePack: 1.0
    2011/09/04 16:45:48.0383 5656 Product type: Workstation
    2011/09/04 16:45:48.0383 5656 ComputerName: JADES-DESKTOP
    2011/09/04 16:45:48.0383 5656 UserName: Jade
    2011/09/04 16:45:48.0383 5656 Windows directory: C:\Windows
    2011/09/04 16:45:48.0383 5656 System windows directory: C:\Windows
    2011/09/04 16:45:48.0383 5656 Running under WOW64
    2011/09/04 16:45:48.0383 5656 Processor architecture: Intel x64
    2011/09/04 16:45:48.0383 5656 Number of processors: 4
    2011/09/04 16:45:48.0383 5656 Page size: 0x1000
    2011/09/04 16:45:48.0383 5656 Boot type: Normal boot
    2011/09/04 16:45:48.0383 5656 ================================================================================
    2011/09/04 16:48:09.0275 5656 Initialize success
    2011/09/04 16:48:29.0131 5700 ================================================================================
    2011/09/04 16:48:29.0131 5700 Scan started
    2011/09/04 16:48:29.0131 5700 Mode: Manual;
    2011/09/04 16:48:29.0131 5700 ================================================================================
    2011/09/04 16:48:29.0626 5700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/04 16:48:29.0701 5700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/09/04 16:48:29.0757 5700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/04 16:48:29.0836 5700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/09/04 16:48:29.0900 5700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/09/04 16:48:29.0954 5700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/09/04 16:48:30.0040 5700 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    2011/09/04 16:48:30.0081 5700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/09/04 16:48:30.0138 5700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/09/04 16:48:30.0163 5700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/09/04 16:48:30.0190 5700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/04 16:48:30.0215 5700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/09/04 16:48:30.0278 5700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/09/04 16:48:30.0323 5700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/09/04 16:48:30.0365 5700 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/09/04 16:48:30.0401 5700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/09/04 16:48:30.0454 5700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/09/04 16:48:30.0481 5700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/09/04 16:48:30.0522 5700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/04 16:48:30.0560 5700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/09/04 16:48:30.0618 5700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/09/04 16:48:30.0647 5700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/09/04 16:48:30.0688 5700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/09/04 16:48:30.0726 5700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/04 16:48:30.0786 5700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/04 16:48:30.0814 5700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/04 16:48:30.0838 5700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/04 16:48:30.0870 5700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/04 16:48:30.0896 5700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/04 16:48:30.0911 5700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/04 16:48:30.0928 5700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/04 16:48:30.0984 5700 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    2011/09/04 16:48:31.0008 5700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/04 16:48:31.0081 5700 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/09/04 16:48:31.0143 5700 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    2011/09/04 16:48:31.0199 5700 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    2011/09/04 16:48:31.0260 5700 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
    2011/09/04 16:48:31.0298 5700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/04 16:48:31.0330 5700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    2011/09/04 16:48:31.0392 5700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/09/04 16:48:31.0439 5700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/09/04 16:48:31.0498 5700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/04 16:48:31.0529 5700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/09/04 16:48:31.0575 5700 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/09/04 16:48:31.0603 5700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/04 16:48:31.0654 5700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/09/04 16:48:31.0683 5700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/09/04 16:48:31.0733 5700 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    2011/09/04 16:48:31.0796 5700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/04 16:48:31.0829 5700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/09/04 16:48:31.0869 5700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/09/04 16:48:31.0931 5700 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/09/04 16:48:31.0982 5700 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
    2011/09/04 16:48:32.0011 5700 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/09/04 16:48:32.0072 5700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/04 16:48:32.0108 5700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/04 16:48:32.0211 5700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/09/04 16:48:32.0342 5700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/09/04 16:48:32.0401 5700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/09/04 16:48:32.0462 5700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/09/04 16:48:32.0488 5700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/09/04 16:48:32.0536 5700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/04 16:48:32.0570 5700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/04 16:48:32.0596 5700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/09/04 16:48:32.0649 5700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/04 16:48:32.0698 5700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/04 16:48:32.0732 5700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/04 16:48:32.0752 5700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/04 16:48:32.0793 5700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/04 16:48:32.0819 5700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/09/04 16:48:32.0857 5700 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2011/09/04 16:48:32.0926 5700 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
    2011/09/04 16:48:33.0004 5700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/04 16:48:33.0116 5700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/09/04 16:48:33.0149 5700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/09/04 16:48:33.0203 5700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/09/04 16:48:33.0230 5700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/09/04 16:48:33.0279 5700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    2011/09/04 16:48:33.0337 5700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/04 16:48:33.0400 5700 HSF_DP (64667d9808fd09fabedccf62e8f52662) C:\Windows\system32\DRIVERS\CAX_DP.sys
    2011/09/04 16:48:33.0478 5700 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    2011/09/04 16:48:33.0538 5700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/09/04 16:48:33.0641 5700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/04 16:48:33.0690 5700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/09/04 16:48:33.0736 5700 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/09/04 16:48:33.0910 5700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/04 16:48:33.0967 5700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/09/04 16:48:34.0048 5700 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/09/04 16:48:34.0086 5700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/09/04 16:48:34.0123 5700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/04 16:48:34.0169 5700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/04 16:48:34.0204 5700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/04 16:48:34.0228 5700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/09/04 16:48:34.0291 5700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/09/04 16:48:34.0332 5700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/09/04 16:48:34.0379 5700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/04 16:48:34.0413 5700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/09/04 16:48:34.0451 5700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/09/04 16:48:34.0482 5700 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/04 16:48:34.0528 5700 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/04 16:48:34.0553 5700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/09/04 16:48:34.0639 5700 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/09/04 16:48:34.0693 5700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/04 16:48:34.0742 5700 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/09/04 16:48:34.0770 5700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/09/04 16:48:34.0803 5700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/09/04 16:48:34.0830 5700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/04 16:48:34.0864 5700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/04 16:48:34.0900 5700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/09/04 16:48:34.0932 5700 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
    2011/09/04 16:48:35.0034 5700 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/09/04 16:48:35.0119 5700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/09/04 16:48:35.0152 5700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/09/04 16:48:35.0197 5700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/09/04 16:48:35.0229 5700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/04 16:48:35.0272 5700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/09/04 16:48:35.0312 5700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/04 16:48:35.0352 5700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/04 16:48:35.0390 5700 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/09/04 16:48:35.0429 5700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/09/04 16:48:35.0479 5700 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/09/04 16:48:35.0507 5700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/04 16:48:35.0554 5700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/04 16:48:35.0606 5700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/04 16:48:35.0646 5700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/04 16:48:35.0679 5700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/04 16:48:35.0727 5700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/09/04 16:48:35.0755 5700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/09/04 16:48:35.0793 5700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/09/04 16:48:35.0815 5700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/04 16:48:35.0842 5700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/04 16:48:35.0894 5700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/04 16:48:35.0960 5700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/04 16:48:35.0990 5700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/04 16:48:36.0036 5700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/04 16:48:36.0076 5700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/09/04 16:48:36.0107 5700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/04 16:48:36.0133 5700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/09/04 16:48:36.0171 5700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/09/04 16:48:36.0234 5700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/04 16:48:36.0307 5700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/09/04 16:48:36.0377 5700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/04 16:48:36.0416 5700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/04 16:48:36.0470 5700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/04 16:48:36.0514 5700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/04 16:48:36.0555 5700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/04 16:48:36.0582 5700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/04 16:48:36.0618 5700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/04 16:48:36.0689 5700 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
    2011/09/04 16:48:36.0771 5700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/09/04 16:48:36.0832 5700 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/09/04 16:48:36.0882 5700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/09/04 16:48:36.0917 5700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/04 16:48:36.0978 5700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/04 16:48:37.0030 5700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/09/04 16:48:37.0259 5700 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/09/04 16:48:37.0374 5700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    2011/09/04 16:48:37.0398 5700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    2011/09/04 16:48:37.0460 5700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/04 16:48:37.0503 5700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/04 16:48:37.0562 5700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/04 16:48:37.0608 5700 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/09/04 16:48:37.0660 5700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/09/04 16:48:37.0700 5700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/09/04 16:48:37.0728 5700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/04 16:48:37.0780 5700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/09/04 16:48:37.0811 5700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/09/04 16:48:37.0915 5700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/04 16:48:37.0937 5700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/09/04 16:48:37.0987 5700 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
    2011/09/04 16:48:38.0025 5700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/04 16:48:38.0060 5700 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/09/04 16:48:38.0115 5700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/09/04 16:48:38.0167 5700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/09/04 16:48:38.0196 5700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/04 16:48:38.0227 5700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/04 16:48:38.0275 5700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/04 16:48:38.0314 5700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/04 16:48:38.0345 5700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/04 16:48:38.0375 5700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/04 16:48:38.0422 5700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/04 16:48:38.0449 5700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/04 16:48:38.0474 5700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/04 16:48:38.0517 5700 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/04 16:48:38.0570 5700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/04 16:48:38.0597 5700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/04 16:48:38.0663 5700 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    2011/09/04 16:48:38.0705 5700 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/04 16:48:38.0749 5700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/04 16:48:38.0803 5700 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/09/04 16:48:38.0859 5700 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    2011/09/04 16:48:38.0908 5700 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    2011/09/04 16:48:38.0955 5700 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    2011/09/04 16:48:39.0019 5700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/04 16:48:39.0107 5700 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/09/04 16:48:39.0155 5700 RTL8169 (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys
    2011/09/04 16:48:39.0195 5700 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    2011/09/04 16:48:39.0228 5700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/04 16:48:39.0306 5700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/04 16:48:39.0348 5700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/09/04 16:48:39.0396 5700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/04 16:48:39.0420 5700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/04 16:48:39.0469 5700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/09/04 16:48:39.0511 5700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/04 16:48:39.0535 5700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/04 16:48:39.0556 5700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/04 16:48:39.0602 5700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/09/04 16:48:39.0642 5700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/04 16:48:39.0667 5700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/09/04 16:48:39.0712 5700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/04 16:48:39.0747 5700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/09/04 16:48:39.0797 5700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/04 16:48:39.0828 5700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/04 16:48:39.0861 5700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/04 16:48:39.0923 5700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/09/04 16:48:39.0952 5700 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    2011/09/04 16:48:39.0987 5700 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    2011/09/04 16:48:40.0032 5700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/09/04 16:48:40.0144 5700 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    2011/09/04 16:48:40.0227 5700 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/04 16:48:40.0271 5700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/04 16:48:40.0300 5700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/04 16:48:40.0321 5700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/04 16:48:40.0359 5700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/04 16:48:40.0395 5700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/09/04 16:48:40.0453 5700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/04 16:48:40.0497 5700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/09/04 16:48:40.0564 5700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/04 16:48:40.0587 5700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/09/04 16:48:40.0633 5700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/04 16:48:40.0699 5700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/04 16:48:40.0739 5700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/09/04 16:48:40.0764 5700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/09/04 16:48:40.0818 5700 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/09/04 16:48:40.0870 5700 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    2011/09/04 16:48:40.0902 5700 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/04 16:48:40.0951 5700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/09/04 16:48:40.0993 5700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    2011/09/04 16:48:41.0057 5700 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/04 16:48:41.0157 5700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    2011/09/04 16:48:41.0184 5700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/04 16:48:41.0223 5700 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/09/04 16:48:41.0261 5700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/09/04 16:48:41.0299 5700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    2011/09/04 16:48:41.0342 5700 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
    2011/09/04 16:48:41.0398 5700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/04 16:48:41.0437 5700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/04 16:48:41.0463 5700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/09/04 16:48:41.0522 5700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/04 16:48:41.0549 5700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/09/04 16:48:41.0596 5700 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    2011/09/04 16:48:41.0636 5700 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    2011/09/04 16:48:41.0674 5700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/09/04 16:48:41.0710 5700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/04 16:48:41.0753 5700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/09/04 16:48:41.0779 5700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/09/04 16:48:41.0820 5700 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
    2011/09/04 16:48:41.0881 5700 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    2011/09/04 16:48:41.0930 5700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/09/04 16:48:41.0952 5700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/09/04 16:48:42.0004 5700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/09/04 16:48:42.0048 5700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/09/04 16:48:42.0084 5700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/04 16:48:42.0099 5700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/04 16:48:42.0141 5700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/09/04 16:48:42.0170 5700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/04 16:48:42.0233 5700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/04 16:48:42.0250 5700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/09/04 16:48:42.0298 5700 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
    2011/09/04 16:48:42.0420 5700 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/09/04 16:48:42.0456 5700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/04 16:48:42.0534 5700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/04 16:48:42.0627 5700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/04 16:48:42.0657 5700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/04 16:48:42.0713 5700 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
    2011/09/04 16:48:42.0811 5700 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/09/04 16:48:42.0821 5700 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    2011/09/04 16:48:42.0834 5700 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk6\DR6
    2011/09/04 16:48:42.0847 5700 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk7\DR7
    2011/09/04 16:48:42.0860 5700 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk8\DR8
    2011/09/04 16:48:42.0872 5700 Boot (0x1200) (b4aa9883bf96d948e3db68ecede2c0f5) \Device\Harddisk0\DR0\Partition0
    2011/09/04 16:48:42.0911 5700 Boot (0x1200) (7aa7d4d467386d85c3d5e9125751a8da) \Device\Harddisk0\DR0\Partition1
    2011/09/04 16:48:42.0919 5700 Boot (0x1200) (f55078df5ffb4d1cc2922c6214e153e6) \Device\Harddisk1\DR1\Partition0
    2011/09/04 16:48:42.0932 5700 Boot (0x1200) (c288f1239924e851dec8c1ca86e18f73) \Device\Harddisk6\DR6\Partition0
    2011/09/04 16:48:42.0944 5700 Boot (0x1200) (ef41ca7a64b684fcf4382e300e445b5f) \Device\Harddisk7\DR7\Partition0
    2011/09/04 16:48:42.0955 5700 Boot (0x1200) (cabcd1d1bfdb3651bee1217badf13122) \Device\Harddisk8\DR8\Partition0
    2011/09/04 16:48:42.0962 5700 ================================================================================
    2011/09/04 16:48:42.0962 5700 Scan finished
    2011/09/04 16:48:42.0962 5700 ================================================================================
    2011/09/04 16:48:42.0970 3372 Detected object count: 0
    2011/09/04 16:48:42.0970 3372 Actual detected object count: 0
    2011/09/04 16:49:14.0518 6796 ================================================================================
    2011/09/04 16:49:14.0519 6796 Scan started
    2011/09/04 16:49:14.0519 6796 Mode: Manual;
    2011/09/04 16:49:14.0519 6796 ================================================================================
    2011/09/04 16:49:15.0360 6796 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/04 16:49:15.0410 6796 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/09/04 16:49:15.0458 6796 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/04 16:49:15.0513 6796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/09/04 16:49:15.0558 6796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/09/04 16:49:15.0597 6796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/09/04 16:49:15.0648 6796 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    2011/09/04 16:49:15.0682 6796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/09/04 16:49:15.0705 6796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/09/04 16:49:15.0731 6796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/09/04 16:49:15.0757 6796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/04 16:49:15.0782 6796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/09/04 16:49:15.0829 6796 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/09/04 16:49:15.0857 6796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/09/04 16:49:15.0891 6796 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/09/04 16:49:15.0927 6796 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/09/04 16:49:15.0972 6796 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/09/04 16:49:15.0998 6796 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/09/04 16:49:16.0023 6796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/04 16:49:16.0061 6796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/09/04 16:49:16.0110 6796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/09/04 16:49:16.0148 6796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/09/04 16:49:16.0180 6796 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/09/04 16:49:16.0211 6796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/04 16:49:16.0246 6796 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/04 16:49:16.0265 6796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/04 16:49:16.0289 6796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/04 16:49:16.0321 6796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/04 16:49:16.0347 6796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/04 16:49:16.0362 6796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/04 16:49:16.0379 6796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/04 16:49:16.0410 6796 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    2011/09/04 16:49:16.0434 6796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/04 16:49:16.0465 6796 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/09/04 16:49:16.0510 6796 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    2011/09/04 16:49:16.0559 6796 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    2011/09/04 16:49:16.0594 6796 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
    2011/09/04 16:49:16.0624 6796 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/04 16:49:16.0665 6796 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    2011/09/04 16:49:16.0693 6796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/09/04 16:49:16.0733 6796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/09/04 16:49:16.0774 6796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/04 16:49:16.0805 6796 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/09/04 16:49:16.0851 6796 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/09/04 16:49:16.0896 6796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/04 16:49:16.0930 6796 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/09/04 16:49:16.0959 6796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/09/04 16:49:17.0009 6796 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    2011/09/04 16:49:17.0122 6796 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/04 16:49:17.0163 6796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/09/04 16:49:17.0178 6796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/09/04 16:49:17.0224 6796 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/09/04 16:49:17.0258 6796 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
    2011/09/04 16:49:17.0287 6796 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/09/04 16:49:17.0365 6796 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/04 16:49:17.0417 6796 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/04 16:49:17.0504 6796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/09/04 16:49:17.0577 6796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/09/04 16:49:17.0611 6796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/09/04 16:49:17.0664 6796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/09/04 16:49:17.0689 6796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/09/04 16:49:17.0720 6796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/04 16:49:17.0754 6796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/04 16:49:17.0773 6796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/09/04 16:49:17.0809 6796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/04 16:49:17.0841 6796 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/04 16:49:17.0875 6796 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/04 16:49:17.0895 6796 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/04 16:49:17.0928 6796 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/04 16:49:17.0954 6796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/09/04 16:49:17.0983 6796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2011/09/04 16:49:18.0036 6796 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
    2011/09/04 16:49:18.0072 6796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

  6. #6
    Junior Member
    Join Date
    Sep 2011
    Posts
    13

    Default RDSSKiller log part 2

    2011/09/04 16:49:18.0109 6796 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/09/04 16:49:18.0133 6796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/09/04 16:49:18.0171 6796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/09/04 16:49:18.0198 6796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/09/04 16:49:18.0239 6796 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    2011/09/04 16:49:18.0297 6796 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/04 16:49:18.0360 6796 HSF_DP (64667d9808fd09fabedccf62e8f52662) C:\Windows\system32\DRIVERS\CAX_DP.sys
    2011/09/04 16:49:18.0405 6796 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    2011/09/04 16:49:18.0446 6796 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/09/04 16:49:18.0518 6796 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/04 16:49:18.0566 6796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/09/04 16:49:18.0604 6796 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/09/04 16:49:18.0653 6796 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/04 16:49:18.0702 6796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/09/04 16:49:18.0771 6796 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/09/04 16:49:18.0871 6796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/09/04 16:49:18.0900 6796 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/04 16:49:18.0953 6796 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/04 16:49:18.0989 6796 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/04 16:49:19.0013 6796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/09/04 16:49:19.0059 6796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/09/04 16:49:19.0116 6796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/09/04 16:49:19.0147 6796 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/04 16:49:19.0173 6796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/09/04 16:49:19.0211 6796 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/09/04 16:49:19.0242 6796 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/04 16:49:19.0280 6796 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/04 16:49:19.0304 6796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/09/04 16:49:19.0357 6796 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    2011/09/04 16:49:19.0386 6796 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/04 16:49:19.0427 6796 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    2011/09/04 16:49:19.0454 6796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/09/04 16:49:19.0488 6796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/09/04 16:49:19.0515 6796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/04 16:49:19.0557 6796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/04 16:49:19.0584 6796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/09/04 16:49:19.0617 6796 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
    2011/09/04 16:49:19.0677 6796 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/09/04 16:49:19.0704 6796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/09/04 16:49:19.0728 6796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/09/04 16:49:19.0765 6796 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/09/04 16:49:19.0798 6796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/04 16:49:19.0831 6796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/09/04 16:49:19.0855 6796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/04 16:49:19.0886 6796 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/04 16:49:19.0917 6796 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/09/04 16:49:19.0956 6796 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/09/04 16:49:19.0980 6796 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/09/04 16:49:20.0000 6796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/04 16:49:20.0039 6796 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/04 16:49:20.0083 6796 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/04 16:49:20.0123 6796 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/04 16:49:20.0147 6796 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/04 16:49:20.0187 6796 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/09/04 16:49:20.0215 6796 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/09/04 16:49:20.0253 6796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/09/04 16:49:20.0268 6796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/04 16:49:20.0294 6796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/04 16:49:20.0337 6796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/04 16:49:20.0370 6796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/04 16:49:20.0400 6796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/04 16:49:20.0446 6796 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/04 16:49:20.0486 6796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/09/04 16:49:20.0509 6796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/04 16:49:20.0528 6796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/09/04 16:49:20.0557 6796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/09/04 16:49:20.0603 6796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/04 16:49:20.0658 6796 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/09/04 16:49:20.0696 6796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/04 16:49:20.0719 6796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/04 16:49:20.0764 6796 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/04 16:49:20.0808 6796 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/04 16:49:20.0841 6796 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/04 16:49:20.0868 6796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/04 16:49:20.0895 6796 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/04 16:49:20.0950 6796 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
    2011/09/04 16:49:20.0982 6796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/09/04 16:49:21.0010 6796 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/09/04 16:49:21.0043 6796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/09/04 16:49:21.0078 6796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/04 16:49:21.0139 6796 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/04 16:49:21.0167 6796 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/09/04 16:49:21.0394 6796 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/09/04 16:49:21.0493 6796 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    2011/09/04 16:49:21.0517 6796 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    2011/09/04 16:49:21.0563 6796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/04 16:49:21.0597 6796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/04 16:49:21.0639 6796 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/04 16:49:21.0678 6796 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/09/04 16:49:21.0720 6796 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/09/04 16:49:21.0752 6796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/09/04 16:49:21.0781 6796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/04 16:49:21.0816 6796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/09/04 16:49:21.0847 6796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/09/04 16:49:21.0943 6796 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/04 16:49:21.0965 6796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/09/04 16:49:22.0007 6796 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
    2011/09/04 16:49:22.0045 6796 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/04 16:49:22.0071 6796 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/09/04 16:49:22.0127 6796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/09/04 16:49:22.0161 6796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/09/04 16:49:22.0190 6796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/04 16:49:22.0221 6796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/04 16:49:22.0261 6796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/04 16:49:22.0301 6796 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/04 16:49:22.0356 6796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/04 16:49:22.0420 6796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/04 16:49:22.0466 6796 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/04 16:49:22.0493 6796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/04 16:49:22.0520 6796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/04 16:49:22.0562 6796 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/04 16:49:22.0606 6796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/04 16:49:22.0629 6796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/04 16:49:22.0682 6796 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    2011/09/04 16:49:22.0716 6796 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/04 16:49:22.0743 6796 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/04 16:49:22.0789 6796 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/09/04 16:49:22.0820 6796 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    2011/09/04 16:49:22.0845 6796 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    2011/09/04 16:49:22.0860 6796 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    2011/09/04 16:49:22.0922 6796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/04 16:49:22.0959 6796 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/09/04 16:49:22.0992 6796 RTL8169 (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys
    2011/09/04 16:49:23.0032 6796 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    2011/09/04 16:49:23.0139 6796 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/04 16:49:23.0218 6796 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/04 16:49:23.0251 6796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/09/04 16:49:23.0291 6796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/04 16:49:23.0315 6796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/04 16:49:23.0355 6796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/09/04 16:49:23.0406 6796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/04 16:49:23.0430 6796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/04 16:49:23.0450 6796 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/04 16:49:23.0480 6796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/09/04 16:49:23.0511 6796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/04 16:49:23.0536 6796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/09/04 16:49:23.0573 6796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/04 16:49:23.0608 6796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/09/04 16:49:23.0658 6796 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/04 16:49:23.0679 6796 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/04 16:49:23.0706 6796 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/04 16:49:23.0734 6796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/09/04 16:49:23.0780 6796 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    2011/09/04 16:49:23.0815 6796 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    2011/09/04 16:49:23.0843 6796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/09/04 16:49:23.0949 6796 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    2011/09/04 16:49:24.0014 6796 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/04 16:49:24.0057 6796 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/04 16:49:24.0087 6796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/04 16:49:24.0108 6796 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/04 16:49:24.0145 6796 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/04 16:49:24.0181 6796 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/09/04 16:49:24.0239 6796 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/04 16:49:24.0275 6796 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/09/04 16:49:24.0326 6796 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/04 16:49:24.0349 6796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/09/04 16:49:24.0394 6796 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/04 16:49:24.0427 6796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/04 16:49:24.0467 6796 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/09/04 16:49:24.0492 6796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/09/04 16:49:24.0529 6796 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/09/04 16:49:24.0564 6796 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    2011/09/04 16:49:24.0597 6796 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/04 16:49:24.0638 6796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/09/04 16:49:24.0671 6796 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    2011/09/04 16:49:24.0717 6796 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/04 16:49:24.0751 6796 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    2011/09/04 16:49:24.0778 6796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/04 16:49:24.0817 6796 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/09/04 16:49:24.0848 6796 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/09/04 16:49:24.0885 6796 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    2011/09/04 16:49:24.0920 6796 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
    2011/09/04 16:49:24.0960 6796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/04 16:49:24.0990 6796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/04 16:49:25.0016 6796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/09/04 16:49:25.0117 6796 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/04 16:49:25.0152 6796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/09/04 16:49:25.0199 6796 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    2011/09/04 16:49:25.0239 6796 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    2011/09/04 16:49:25.0286 6796 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/09/04 16:49:25.0321 6796 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/04 16:49:25.0348 6796 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/09/04 16:49:25.0374 6796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/09/04 16:49:25.0415 6796 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
    2011/09/04 16:49:25.0476 6796 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    2011/09/04 16:49:25.0517 6796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/09/04 16:49:25.0538 6796 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/09/04 16:49:25.0565 6796 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/09/04 16:49:25.0602 6796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/09/04 16:49:25.0629 6796 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/04 16:49:25.0652 6796 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/04 16:49:25.0694 6796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/09/04 16:49:25.0740 6796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/04 16:49:25.0786 6796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/04 16:49:25.0802 6796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/09/04 16:49:25.0852 6796 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
    2011/09/04 16:49:25.0915 6796 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/09/04 16:49:25.0951 6796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/04 16:49:26.0004 6796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/04 16:49:26.0055 6796 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/04 16:49:26.0085 6796 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/04 16:49:26.0124 6796 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
    2011/09/04 16:49:26.0189 6796 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    2011/09/04 16:49:26.0200 6796 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    2011/09/04 16:49:26.0213 6796 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk6\DR6
    2011/09/04 16:49:26.0226 6796 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk7\DR7
    2011/09/04 16:49:26.0241 6796 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk8\DR8
    2011/09/04 16:49:26.0254 6796 Boot (0x1200) (b4aa9883bf96d948e3db68ecede2c0f5) \Device\Harddisk0\DR0\Partition0
    2011/09/04 16:49:26.0298 6796 Boot (0x1200) (7aa7d4d467386d85c3d5e9125751a8da) \Device\Harddisk0\DR0\Partition1
    2011/09/04 16:49:26.0307 6796 Boot (0x1200) (f55078df5ffb4d1cc2922c6214e153e6) \Device\Harddisk1\DR1\Partition0
    2011/09/04 16:49:26.0320 6796 Boot (0x1200) (c288f1239924e851dec8c1ca86e18f73) \Device\Harddisk6\DR6\Partition0
    2011/09/04 16:49:26.0332 6796 Boot (0x1200) (ef41ca7a64b684fcf4382e300e445b5f) \Device\Harddisk7\DR7\Partition0
    2011/09/04 16:49:26.0345 6796 Boot (0x1200) (cabcd1d1bfdb3651bee1217badf13122) \Device\Harddisk8\DR8\Partition0
    2011/09/04 16:49:26.0353 6796 ================================================================================
    2011/09/04 16:49:26.0353 6796 Scan finished
    2011/09/04 16:49:26.0353 6796 ================================================================================
    2011/09/04 16:49:26.0364 6400 Detected object count: 0
    2011/09/04 16:49:26.0364 6400 Actual detected object count: 0
    2011/09/04 16:49:30.0317 7104 Deinitialize success


    RDSSKiller didn't find anything, so I didn't get to clean anything. I attached my rerun of the aswMBR.


    I did notice that Microsoft Security Essentials detected and removed Trojan:DOS/Alueron.C while running aswMBR and again while saving the aswMBR log. This also does not fix the redirection problem though.

    I really appreciate any other options an ideas you may have. Thanks in advance.

  7. #7
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    The report for aswMBR you just posted was the sameone that you initially posted, I needed to see a new one.


    Lets do this

    Re-Run aswMBR

    Click Scan

    On completion of the scan

    Click Fix





    Save the log as before and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Junior Member
    Join Date
    Sep 2011
    Posts
    13

    Default aswMBR status

    So I re-ran aswMBR and then hit fix. I couldn't save the log before the fix rebooted. So I had to re-run the scan, then save the log and then it hit fix and here is my results:
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-04 20:49:03
    -----------------------------
    20:49:03.465 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:49:03.465 Number of processors: 4 586 0xF0B
    20:49:03.465 ComputerName: JADES-DESKTOP UserName: Jade
    20:49:04.898 Initialize success
    20:49:08.374 AVAST engine defs: 11090400
    20:49:21.735 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:49:21.738 Disk 0 Vendor: ST375063 HP24 Size: 715404MB BusType: 8
    20:49:21.756 Disk 0 MBR read successfully
    20:49:21.759 Disk 0 MBR scan
    20:49:21.765 Disk 0 TDL4@MBR code has been found
    20:49:21.769 Disk 0 Windows 7 default MBR code found via API
    20:49:21.773 Disk 0 MBR hidden
    20:49:21.777 Disk 0 MBR [TDL4] **ROOTKIT**
    20:49:21.781 Disk 0 trace - called modules:
    20:49:21.787 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800809a254]<<
    20:49:21.792 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008086060]
    20:49:21.796 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006df9050]
    20:49:21.802 \Driver\iaStor[0xfffffa8005fc9e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800809a254
    20:49:23.053 AVAST engine scan C:\Windows
    20:49:29.336 AVAST engine scan C:\Windows\system32
    20:52:19.832 AVAST engine scan C:\Windows\system32\drivers
    20:52:36.989 AVAST engine scan C:\Users\Jade
    21:06:51.173 AVAST engine scan C:\ProgramData
    21:08:02.392 Scan finished successfully
    21:10:39.375 Disk 0 MBR has been saved successfully to "C:\Users\Jade\Desktop\MBR.dat"
    21:10:39.375 The log file has been saved successfully to "C:\Users\Jade\Desktop\aswMBR.txt"


    The second time my machine rebooted, it wouldn't start again. My machine would just run a boot repair program over and over again and kept failing on:

    Boot manager failed to find OS Loader, with an error code of 0x490

    This kept happening, until I put my Windows 7 install disk in and ran the command prompt and typed in bootrec /fixmbr

    Then my computer finally rebooted properly and now the google/yahoo redirect is gone, and so is aswMbr and TDSRootkit are gone.

    Do you know what happened, am I fixed? It appears I am fixed.

    Thanks again for in advice in advance.

  9. #9
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Your Master Boot Record was infected, not sure with all that went on what actually fixed it. Do this, run aswMBR again, but not the fix, just the scan so I can take another look at the report, you can download it from my initial post


    Those types of rootkits sometimes bring more with it .

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Junior Member
    Join Date
    Sep 2011
    Posts
    13

    Default aswMBR and ComboFix Logs

    Hi,

    Here is my aswMBR log:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-05 08:53:40
    -----------------------------
    08:53:40.900 OS Version: Windows x64 6.1.7601 Service Pack 1
    08:53:40.900 Number of processors: 4 586 0xF0B
    08:53:40.901 ComputerName: JADES-DESKTOP UserName: Jade
    08:53:43.701 Initialize success
    08:53:46.789 AVAST engine defs: 11090500
    08:54:49.047 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    08:54:49.049 Disk 0 Vendor: ST375063 HP24 Size: 715404MB BusType: 8
    08:54:49.070 Disk 0 MBR read successfully
    08:54:49.073 Disk 0 MBR scan
    08:54:49.126 Disk 0 Windows 7 default MBR code
    08:54:49.129 Service scanning
    08:54:49.785 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    08:54:50.517 Modules scanning
    08:54:50.520 Disk 0 trace - called modules:
    08:54:50.552 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    08:54:50.556 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080a5060]
    08:54:50.560 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006e1b050]
    08:54:51.768 AVAST engine scan C:\Windows
    08:54:56.601 AVAST engine scan C:\Windows\system32
    08:57:26.236 AVAST engine scan C:\Windows\system32\drivers
    08:57:41.049 AVAST engine scan C:\Users\Jade
    09:12:48.093 AVAST engine scan C:\ProgramData
    09:14:17.311 Scan finished successfully
    09:14:26.178 Disk 0 MBR has been saved successfully to "C:\Users\Jade\Desktop\MBR.dat"
    09:14:26.232 The log file has been saved successfully to "C:\Users\Jade\Desktop\aswMBR.txt"



    Here is my combo fix log:

    ComboFix 11-09-05.03 - Jade 09/05/2011 9:17.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6143.3943 [GMT -7:00]
    Running from: c:\users\Jade\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Jade\AppData\Local\Temp\IadHide4.dll
    c:\windows\bwUnin-6.1.4.68-8876480L.exe
    c:\windows\SysWow64\comct332.ocx
    c:\windows\SysWow64\jusched.exe
    F:\Autorun.inf
    H:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-05 16:22 . 2011-09-05 16:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-05 05:57 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CAD32B46-178A-4B46-91E1-F407F09BA1BE}\mpengine.dll
    2011-09-04 16:33 . 2011-09-05 05:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-09-03 00:27 . 2011-09-05 06:28 -------- d-----w- c:\users\Administrator
    2011-09-01 02:59 . 2011-09-01 02:59 -------- d-----w- c:\program files (x86)\ERUNT
    2011-08-31 17:44 . 2011-08-31 18:09 -------- d-----w- c:\users\Jade\AppData\Local\PhotoChannel
    2011-08-31 03:28 . 2011-08-31 03:28 -------- d-----w- c:\users\Jade\AppData\Roaming\Malwarebytes
    2011-08-31 03:28 . 2011-08-31 03:28 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-30 06:17 . 2011-08-31 05:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-08-30 06:17 . 2011-08-30 15:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-08-30 05:09 . 2011-08-30 15:08 -------- d-----w- c:\programdata\STOPzilla!
    2011-08-30 04:43 . 2011-08-30 04:43 -------- d-----w- c:\program files\Realtek
    2011-08-30 04:40 . 2011-09-05 05:44 -------- d-----w- c:\users\UpdatusUser
    2011-08-30 04:40 . 2011-08-30 04:40 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2011-08-30 04:40 . 2011-05-21 13:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-08-30 04:40 . 2011-05-21 13:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-08-30 04:39 . 2011-08-30 04:39 -------- d-----w- c:\programdata\NVIDIA Corporation
    2011-08-30 04:39 . 2011-08-30 04:40 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-08-24 14:45 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-24 14:45 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-12 10:11 . 2010-12-30 22:00 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7D37064-8CDC-4956-8DF2-4260F9C6CB66}\gapaengine.dll
    2011-08-11 04:28 . 2011-08-11 04:28 -------- d-----w- c:\windows\system32\SPReview
    2011-08-11 04:28 . 2011-08-11 04:28 -------- d-----w- c:\windows\system32\EventProviders
    2011-08-11 03:04 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-08-11 03:04 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-11 03:04 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-08-09 02:57 . 2011-09-05 06:27 -------- d-----w- c:\program files (x86)\Ask.com
    2011-08-09 02:56 . 2011-08-09 02:56 -------- d-----w- c:\programdata\Ask
    2011-08-09 02:55 . 2011-08-09 02:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-08-08 14:32 . 2011-08-08 14:32 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2011-08-08 14:32 . 2011-08-08 14:32 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
    2011-08-06 20:00 . 2011-08-06 20:00 -------- d-----w- c:\programdata\Bakrie
    2011-08-06 18:57 . 2011-08-06 18:57 -------- d-----w- c:\users\Jade\AppData\Roaming\Titanium
    2011-08-06 18:57 . 2011-08-06 18:57 -------- d-----w- c:\users\Jade\AppData\Local\Bakrie
    2011-08-06 18:55 . 2011-08-05 20:37 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
    2011-08-06 18:54 . 2011-08-06 20:00 -------- d-----w- c:\program files (x86)\Bakrie
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-11 05:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-08-11 05:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-08-05 20:38 . 2011-08-05 20:38 28680 ----a-w- c:\windows\SysWow64\drivers\swmsflt.sys
    2011-08-05 20:37 . 2009-06-09 22:41 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2011-07-16 04:26 . 2011-08-11 03:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-13 04:53 . 2011-07-27 10:03 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2011-07-13 04:53 . 2011-01-01 18:27 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-06-27 15:42 . 2011-06-16 03:13 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-11 03:07 . 2011-07-13 14:15 3137536 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-08 1491920]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-07-08 00:53 1491920 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-08 1491920]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
    "LDM"="c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-09-06 20480]
    "ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "SetPoint"="c:\program files (x86)\Logitech\SetPoint\KEM.EXE" [2004-07-15 581632]
    "Share-to-Web Namespace Daemon"="c:\program files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    "Iomega Home Storage Manager"="c:\program files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe" [2009-10-27 152936]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-08 399312]
    .
    c:\users\Jade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-1-12 385024]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\program files (x86)\Palm\Hotsync.exe [2008-1-3 1392640]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
    Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-9-5 450560]
    Logitech SetPoint.lnk - c:\program files (x86)\Logitech\SetPoint\KEM.exe [2008-9-5 581632]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk
    *Deregistered* - mfesmfk
    *Deregistered* - MPFP
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-05 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2008-10-13 14:29]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6430208]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Jade\AppData\Roaming\Mozilla\Firefox\Profiles\v89rpgx1.default\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-sp41119 - c:\hp\Softpaq\sp41119\sp41119.exe
    AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe
    AddRemove-sp43111 - c:\hp\Softpaq\sp43111\sp43111.exe
    AddRemove-YInstHelper - c:\windows\system32\regsvr32
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-05 09:32:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-05 16:32
    .
    Pre-Run: 575,805,227,008 bytes free
    Post-Run: 575,434,129,408 bytes free
    .
    - - End Of File - - AB6C598C1B504398568437207F0C0C09



    The google/yahoo redirect is still gone, which is good.

    I'll be looking forward to your response.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •