I know this is an old problem, but thankfully relatively new to me. I have tried MB, Spybot, Avira, and several others, to no avail. For some unknown reason it appears to go away for a short while, occasionally then the redirections resume. Any help will be greatly appreciated. I'm no IT guy, but I can follow instructions. Thanks.
abilroth 0 Newbie Poster
jholland1964 650 Posting Expert Team Colleague Featured Poster
Follow the instructions given here and post back with all the requested logs and we will be most happy to help you.
http://www.daniweb.com/forums/thread134865.html
abilroth 0 Newbie Poster
I know this is an old problem, but thankfully relatively new to me. I have tried MB, Spybot, Avira, and several others, to no avail. For some unknown reason it appears to go away for a short while, occasionally then the redirections resume. Any help will be greatly appreciated. I'm no IT guy, but I can follow instructions. Thanks.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5324
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
12/15/2010 22:25:28
mbam-log-2010-12-15 (22-25-28).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 304971
Time elapsed: 1 hour(s), 57 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/31/2007 03:47:32
System Uptime: 12/15/2010 22:35:43 (0 hours ago)
Motherboard: Hewlett-Packard | | 30C6
Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U1 | 1333/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 66 GiB total, 5.433 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.316 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
1Click DVD Copy Pro 4.2.1.0
AAC Decoder
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Amazon MP3 Downloader 1.0.3
Apple Application Support
Apple Software Update
AT&T Communication Manager
AutoUpdate
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 4.6
CCleaner
Conexant HD Audio
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Drivers Install For Linksys Easylink Advisor
ESU for Microsoft Vista
Feedback Tool
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
HDAUDIO Soft Data Fax Modem with SmartCP
HDView for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Product Detection
HP Quick Launch Buttons 6.20 D3
HP Total Care Advisor
HP Update
HP User Guides 0079
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Juniper Networks Setup Client
LightScribe 1.4.136.1
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MKV Splitter
Mozilla Firefox (3.6.13)
MSCU for Microsoft Vista
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
PSSWCORE
QuickTime
RealPlayer
RealUpgrade 1.0
Roxio Activation Module
Roxio Media Manager
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2443839)
VC80CRTRedist - 8.0.50727.762
Virtual Plastic Surgery Software - VPSS v1.0
Windows 7 Upgrade Advisor
Windows Installer Clean Up
Windows Live ID Sign-in Assistant
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Writer
Windows Media Player Firefox Plugin
Wise Disk Cleaner 5.3
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.6.2
==== End Of File ===========================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-15 20:05:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS541680J9SA00 rev.SB2OC7BP
Running: vx0f9ec2.exe; Driver: C:\Users\Rick\AppData\Local\Temp\kxldrpoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
I could not generat a GMER 2 report. I received an error message that something was wrong, that the program would close and I would be notified if a solution were found.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Rick at 22:42:15.02 on Wed 12/15/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.217 [GMT -6:00]
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Rick\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\linksys easylink advisor\LinksysAgent.exe" /startup
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\rick\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: bmnet.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\mkak0qj4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?|https://home.americanexpress.com/home/mt_personal.shtml?us_nu=globalbar
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-12-15 28552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-1 61960]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
=============== Created Last 30 ================
2010-12-16 03:46:44 -------- d-----w- c:\users\rick\appdata\local\Adobe
2010-12-15 17:17:27 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-12-15 17:17:17 -------- d-----w- c:\program files\Panda Security
2010-12-09 03:54:25 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-12-07 17:27:09 -------- d-----w- c:\users\rick\appdata\roaming\Avira
2010-12-01 15:13:59 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-01 15:13:19 -------- d-----w- c:\program files\Avira
2010-12-01 15:13:19 -------- d-----w- c:\progra~2\Avira
2010-11-29 07:09:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-29 07:09:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-28 18:38:56 691 ----a-w- c:\users\rick\appdata\roaming\GetValue.vbs
2010-11-28 18:38:56 4572 ----a-w- c:\windows\system32\tmp.reg
2010-11-28 18:38:56 35 ----a-w- c:\users\rick\appdata\roaming\SetValue.bat
2010-11-28 18:37:52 -------- d-----w- c:\windows\system32\SmitfraudFix
2010-11-24 13:33:26 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-21 23:38:23 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-11-21 23:38:23 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-11-21 23:38:23 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-11-21 23:38:23 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-11-21 23:38:23 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-11-21 23:38:23 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-21 23:38:23 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-11-21 23:38:23 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-21 23:38:23 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-21 23:38:23 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-21 23:38:23 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-21 23:38:23 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-11-21 23:36:58 -------- d-----w- c:\program files\Feedback Tool
==================== Find3M ====================
2010-10-09 23:21:34 104960 --sha-r- c:\windows\system32\MPSSVCW.dll
2010-09-22 17:09:51 203776 ----a-w- c:\windows\system32\clrviddc.dll
============= FINISH: 22:50:58.56 ===============
jholland1964 650 Posting Expert Team Colleague Featured Poster
There are several things about your logs that I find very confusing. At the very top of the DDS scan log it says:
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
But NONE of those programs show anywhere else, not in the Installed programs list, nor is there any reference to them in the Rest of the log.They would be listed in BOTH logs even if they were installed but disabled, but they don't show.So this makes no sense to me.
Then Avira clearly shows in both the log and the Installed programs log.
So, here is the first problem, absolute rule is only ONE anti-virus program should be on the computer, one portion of your log would indicate that there are two on the computer.
The other problem is you mentioned running other programs, I see one was Smitfraudfix. You didn't mention this. I need to see the report from this The report can be found at the root of the system drive, usually at C:\rapport.txt
You DID say you ran MBA-M previously. I would like to see the log which found the infections. I really need to know what has been found in previous scans, the name and full locations. You only say "it" goes away and comes back but I don't know what "it" is.
Also you have SpyBot TeaTimer running, you need to turn that off as it will interfere with any fixes attempted.
Disable Spybot's TeaTimer
* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer
Edited by jholland1964 because: n/a
ArtistScope -5 Junior Poster
Out of curiosity, please check your DNS settings.
If they are not the DNS servers recommended by your ISP, please post the IP numbers here.
Edited by ArtistScope because: n/a
abilroth 0 Newbie Poster
Thank you so much for your prompt response. I appreciate it very much. Also, I am sorry if I am unclear. The "it" to which I refer is the internet redirect while attempting to search about which I am seeking your assistance. Sometimes, as in computer's current state, if I type anything into the search area and click on one of the results I am redirected to a different site, sometimes related topically, but sometimes not, and at other times I am simply provided with another of what appears to be a listing of search results, but in a much simpler format than usual. Additionally, this can happen with Google and Yahoo, but I cannot say for certain if it happens with Bing, as I do not like Bing and do not use it much.
I did not post any other MB logs because just as the log I sent shows, MB has never found anything, nothing. As to the Micro showing, but not showing, I haven't a clue. I purchased MicroTrend about three years ago and because I never seemed to have any virus, etcetera, problems, and rarely had much show up when I did regular scans, I assumed Micro was working adequately. Just about the time my subscription ran out a friend got the common virus that still pops up on my maching attempt- the one, or perhaps one of the many, that appears to be scanning your machine, saying you have many problems and trying to sell you faux av. I had never seen that before and with my little knowledge, despite being exponentially more than my friends, I was unable to help. Toward that end, however, I purchased a renewal of MicroTrend (for up to 3 pcs) thinking, hoping it would get rid of my friend's problem. It did not. In fact it appeared to be worthless. I was miffed and contacted Micro to see if perhaps I had installed improperly. At their suggestion I attempted to use their built-in diagnose feature, but all it did was lock up my system. Micro then recommended I uninstall and re-install. That too locked up my machine and Micro could offer no help, other than runarounds and of course never agreed to refund my money. I was so miffed that I left the problem where it was, with MicroTrend apparently partially installed and utterly useless for a while, as I had more important concerns in my life, one of which was the suicide of the friend to whom I referred. Many months later, perhaps a year, I again contacted Micro, which instructed me with something I do not recall, but that appeared to get rid of most of MicroTrend. I have noticed Micro files occasionally since then, but am at a loss as to why they didn't go away.
As to the Windows Defender, that is another problem I am having in that something has disabled it and I am unable to correct it. MS's position is that it is built into Vista, which came on this admittedly low-end laptop, so I am unable to re-install it as they provided me no disk.
As to the Avira, I am aware of the only one av program and only installed it a few days ago, which was no help. I will gladly uninstall it as soon as I send this post. Additionally, I have disabled Tea Timer and attached the Smitfraudfix log.
Again, thank you very much for your help.
SmitFraudFix v2.422
Scan done at 12:57:57.88, Sun 11/28/2010
Run from C:\Users\Rick\Documents\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6002] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
...
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D5BA3EF0-B3BE-46D4-89E3-AF0DBD8E1F86}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D5BA3EF0-B3BE-46D4-89E3-AF0DBD8E1F86}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D5BA3EF0-B3BE-46D4-89E3-AF0DBD8E1F86}: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.12 68.105.29.12 68.105.28.11
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
jholland1964 650 Posting Expert Team Colleague Featured Poster
Don't uninstall Avira, it is an EXCELLENT program, consistently out scoring most other programs in protection and removals. So leave it.
Your DNS in the Smitfraudfix log shows you location as Baton Rouge, LA. Is this correct?
Let's see if you can get that Trend Micro completely off the system.
Here is their removal tool. http://solutionfile.trendmicro.com/solutionfile/TIS/TISTOOL/SupportTool_32-bit.exe
After download, extract and run TISTOOL.exe file. Click the Uninstall tab, and then click the Uninstall button. Select the Trend Micro program that you’d like to uninstall from the drop down box and click Uninstall.
We need to get that off if at all possible before going forward. After that uninstall do another scan with the DDS scanner and post the log labeled DDS.txt I don't need to see the other one this time, the one that is labeled Attach.txt.
As far as Windows Defender, no it cannot be uninstalled as it is integrated with Vista but certainly turn it off and leave it off.
Post back with the new DDS log and then we can go forward.
Judy
abilroth 0 Newbie Poster
That Micro tistool is garbage. It is what I tried in vain a million times before to get rid of Micro. As you can see, Micro still remains. And yes and downloaded and ran the latest version. As you can see, the Micro still remains.
As to your earlier instructions to 1.Run Malwarebytes, and 2. run only one av, I have already uninstalled Avira. Thanks!
S (Ver_10-12-12.02) - NTFSx86
Run by Rick at 9:46:53.47 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.245 [GMT -6:00]
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Real\RealUpgrade\realupgrade.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Users\Rick\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0989.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\linksys easylink advisor\LinksysAgent.exe" /startup
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\rick\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: bmnet.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\mkak0qj4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?|https://home.americanexpress.com/home/mt_personal.shtml?us_nu=globalbar
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-12-15 28552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-9-22 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a9d951d892b8;Google Update Service (gupdate1c9a9d951d892b8);c:\program files\google\update\GoogleUpdate.exe [2009-3-20 133104]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-4-15 1153368]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-3-10 121416]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-22 21504]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-12-16 05:05:21 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-16 03:46:44 -------- d-----w- c:\users\rick\appdata\local\Adobe
2010-12-15 17:17:27 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-12-15 17:17:17 -------- d-----w- c:\program files\Panda Security
2010-12-09 03:54:25 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-11-29 07:09:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-29 07:09:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-28 18:38:56 691 ----a-w- c:\users\rick\appdata\roaming\GetValue.vbs
2010-11-28 18:38:56 4572 ----a-w- c:\windows\system32\tmp.reg
2010-11-28 18:38:56 35 ----a-w- c:\users\rick\appdata\roaming\SetValue.bat
2010-11-28 18:37:52 -------- d-----w- c:\windows\system32\SmitfraudFix
2010-11-24 13:33:26 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-21 23:38:23 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-11-21 23:38:23 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-11-21 23:38:23 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-11-21 23:38:23 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-11-21 23:38:23 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-11-21 23:38:23 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-21 23:38:23 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-11-21 23:38:23 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-21 23:38:23 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-21 23:38:23 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-21 23:38:23 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-21 23:38:23 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-11-21 23:36:58 -------- d-----w- c:\program files\Feedback Tool
==================== Find3M ====================
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-09 23:21:34 104960 --sha-r- c:\windows\system32\MPSSVCW.dll
2010-09-22 17:09:51 203776 ----a-w- c:\windows\system32\clrviddc.dll
============= FINISH: 9:50:29.28 ===============
jholland1964 650 Posting Expert Team Colleague Featured Poster
First of all in order to correctly locate and remove files from a computer you must call them by the proper name and you are not.
You keep referring to this program as Micro Trend, that is NOT the name of the program.
The correct name of the program is Trend Micro.
The Trend Micro removal tool isn't garbage it just didn't work for you. I have seen it work many, many times. In addition to the incorrect name used there are many different factors at work here.
#1.The main reason is the Fake Alert infection. Anti-virus programs will NOT remove these and they are not designed to do so. The first accepted tool in removal for this family of infections is MBA-M. There may be other tools required in addition to that but MBA-M is the main one that must be used.
#2. The first action of these Fake Alert infections will be to disable and damage and also infect the security programs installed on the computer. The user won't know they are damaged as they appear to be working, but they are not, key files are damaged. Reinstalling a new copy on top of a damaged copy will likely also damage the new copy. The fact that the diagnose feature and attempted removals also froze the machine tells me at least that key files were missing or corrupted BY THE INFECTION so that when the removal was attempted the files the removal needed to see either weren't there or so damaged that they couldn't be found and therefore the machine froze up.
#3.Time is of course also a factor here and that was through no fault of your own but it does figure in here but I do absolutely know and I do truly understand that it couldn't be helped in your case. I only list it here just so you know it does figure into all of this.
I want you to try another tool.
Please download ComboFix by sUBs from http://www.bleepingcomputer.com/download/anti-virus/combofix
Please note that the BleepingComputer.com download link will expire in 10 minutes! After it has expired you will need to refresh the page to get a working link.
* You must download it to and run it from your Desktop
* Physically disconnect from the internet.
* Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
* Double click combofix.exe & follow the prompts.
* When finished, it will produce a log. Please save that log to post in your next reply.
* Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
abilroth 0 Newbie Poster
I am sorry for any problem caused by my calling TrendMicro Micro Trend, or whatever other name to which I perhaps gave it. I am glad the name I used was good enough for you to understand the product to which I was referring. Additionally, we can agree to disagree on the worth of the product. I paid for a brand new product, installed it on my uninfected machine, on which it found nothing. I THEN installed and attempted to run the product on my friend's machine and it was of no help. I realize different programs have different functions and you pointed out that finding his infection is not one of TrendMicro's purposes. That point, however, is irrelevant for the sake of this discussion, because after installing the program on my uninfected machine and running it one time, during which it found nothing, I attempted to use the uninstall feature. It did not work and after countless communication with Trend and allowing them every opportunity, you see that they were unable to completely remove the product, which is still causing me problems today. I am assuming your response would be that perhaps I had some sort of other infection of which I was unaware that prevented the Trend product from being uninstalled properly. If that were the case, I would be surprised and remain disappointed in Trend because I have had no such bad experience with any other product. And that would include more than a few. So, of course by definition TrendMicro is not garbage, and you can continue to defend it just as you evidently would when you purchase something that never works, for which you are unable to get a refund, and you cannot get rid of it- by simply saying it is a good product, but it just did not work for you. Thank you for trying to assist me. I appreciate it. Peace!
jholland1964 650 Posting Expert Team Colleague Featured Poster
Oh please understand, I am certainly NOT defending the product, that was not my intention. I evidently mis-understood your post, I thought you were saying, because you ran all those infection removal programs, that YOU knew you had infection on your computer. This could certainly cause problems with any program.
The title of your thread, "Need help getting rid of internet redirect" would indicate an infection but in your last post you say you had no infections on your machine, that you installed this new copy of Trend Micro on your Uninfected machine and it found no infections but for some reason you then attempted to remove it. Frankly, I don't know why you decided to remove this program you paid for from your computer, you don't explain that at all, and if you believe the computer is clean I am not certain why you posted in this forum which is solely for assistance in removing, as the name implies, Viruses, Spyware and other Nasties or why you used the infection removal programs.
Those would not remove a valid program and whether either of us like it or not, TrendMicro IS a valid program. It is not what the removal tools we ask posters to use are for and if they DID remove valid programs when attempting to remove infections from a computer then they would not be on our list of recommended tools.
Therefore, I believe you have posted this question in the wrong place. We don't assist generally in the removal of a valid program, our mission here is to help clean up Infected computers.
I Do, however, have another program to suggest that you try. It is called Revo Uninstaller Pro. But you can download a fully functional and FREE 30 day trial of the program. It's sole purpose is to assist in removing proving nearly impossible to remove. I will not offer a guarantee this will work but it certainly is worth a try. I have used it myself, I have helped others use it to remove programs which seem impossible to remove and it worked for them.
You can get that 30 day fully function Free Trial of Revo Uninstaller here
http://www.revouninstaller.com/revo_uninstaller_free_download.html
This link below is for their FAQ pages, go to How to uninstall ... program?" questions and answers! section for instructions on how to use the program.
http://www.revouninstaller.com/revo_uninstaller_frequently_asked_questions.html
Edited by jholland1964 because: n/a
kes166 37 Practically a Master Poster
If you are unable to stop the redirection on your browser, return it to it's original install state.
Go to Tools, Internet Options, Advanced, Reset.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
That will not remove any infection though.
abilroth 0 Newbie Poster
The only thing clear about communication between the two of us is that it is entirely unclear. I am no longer requesting your help as the more I try to explain my problem, it appears the more tangential and helpless your responses become. As you stated in your last post, the title of my thread is indeed "Need help getting rid of internet redirect" which, as you clearly and correctly understood -that I was indicating my machine has an infection. True, true, so true! However, you then proceed to skip several pertinent steps in our conversation to my last post. If you were to re-read the entire conversation, you would see where your misunderstanding of what I see as my clearly explained problem. In fact, your initial response/post appears to indicate that you understand my problem perfectly. From that point, however, my responses include elements YOU questioned in the results of the programs you instructed me to run. I NEVER asked you to get rid of trendmicro. It was you who noticed it in the results of one of said programs and it was YOU who indicated that I should first get rid of it. I could not care less if trend stays on my machine for all eternity if it is not causing my internet search redirect problem- the only problem for which I am seeking relief. I only addressed trend and explained to you why it was still on my machine at all, because YOU instructed me to get rid of it. I then proceeded to explain to you how involved my experience with trying to delete trend had been, including why it remained on my machine. You instructed me to use a trend tool to delete it. That which you recommended did not work and it was the same method trend had instructed me to use to get rid of it. It did not work then, nor did it work when you instructed me to use it. When I attempted to explain to you why trend remnants, which you instructed me to removed, remain on my machine, you then amazingly ask me why I would want to get rid of trend as it is a good product. And to add to the confusion, before that you defended trend, after I labeled it "garbage", saying in your opinion it was a good product it just did not work for me. So with all due respect, it was you who turned my initial post requesting help getting rid of an internet search redirection problem to a discussion of trend and your misunderstanding of its presence and meaning on my computer. I hate trend, but do not care if it stays on my computer. I cannot however remove it, but I only attempted to remove it because you instructed me to do so in your initial, apparent understanding of my problem- INTERNET SEARCH REDIRECT PROBLEM.
re
Oh please understand, I am certainly NOT defending the product, that was not my intention. I evidently mis-understood your post, I thought you were saying, because you ran all those infection removal programs, that YOU knew you had infection on your computer. This could certainly cause problems with any program.
The title of your thread, "Need help getting rid of internet redirect" would indicate an infection but in your last post you say you had no infections on your machine, that you installed this new copy of Trend Micro on your Uninfected machine and it found no infections but for some reason you then attempted to remove it. Frankly, I don't know why you decided to remove this program you paid for from your computer, you don't explain that at all, and if you believe the computer is clean I am not certain why you posted in this forum which is solely for assistance in removing, as the name implies, Viruses, Spyware and other Nasties or why you used the infection removal programs.
Those would not remove a valid program and whether either of us like it or not, TrendMicro IS a valid program. It is not what the removal tools we ask posters to use are for and if they DID remove valid programs when attempting to remove infections from a computer then they would not be on our list of recommended tools.Therefore, I believe you have posted this question in the wrong place. We don't assist generally in the removal of a valid program, our mission here is to help clean up Infected computers.
I Do, however, have another program to suggest that you try. It is called Revo Uninstaller Pro. But you can download a fully functional and FREE 30 day trial of the program. It's sole purpose is to assist in removing proving nearly impossible to remove. I will not offer a guarantee this will work but it certainly is worth a try. I have used it myself, I have helped others use it to remove programs which seem impossible to remove and it worked for them.
You can get that 30 day fully function Free Trial of Revo Uninstaller here
http://www.revouninstaller.com/revo_uninstaller_free_download.html
This link below is for their FAQ pages, go to How to uninstall ... program?" questions and answers! section for instructions on how to use the program.
http://www.revouninstaller.com/revo_uninstaller_frequently_asked_questions.html
abilroth 0 Newbie Poster
Crunchie,
I saw on an old/closed post in which you apparently quickly and easily helped someone with the same problem I am having. Would you please read what has been posted thus far and see if you can help. Any assistance would be very greatly appreciated.
e Couin waw
That will not remove any infection though.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Please read carefully and follow these steps.
- Download TDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
============
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
abilroth 0 Newbie Poster
Thank you very much for your prompt response and agreeing to try to help. I already had tdss, but downloaded latest version 2.4.12.0, and it found no infections - I ran it twice and it scanned 248 objects. Following are the MBR results.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Presario C500 (GF572UA#ABA)
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 157):
0x82039000 \SystemRoot\system32\ntkrnlpa.exe
0x82006000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068F000 \SystemRoot\system32\drivers\acpi.sys
0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E6000 \SystemRoot\system32\drivers\pci.sys
0x8070D000 \SystemRoot\System32\drivers\partmgr.sys
0x8071C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80729000 \SystemRoot\system32\drivers\volmgr.sys
0x80738000 \SystemRoot\System32\drivers\volmgrx.sys
0x80782000 \SystemRoot\system32\drivers\intelide.sys
0x80789000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80797000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A7000 \SystemRoot\system32\drivers\pavboot.sys
0x807AD000 \SystemRoot\system32\drivers\atapi.sys
0x807B5000 \SystemRoot\system32\drivers\ataport.SYS
0x807D3000 \SystemRoot\system32\drivers\msahci.sys
0x805B2000 \SystemRoot\system32\drivers\fltmgr.sys
0x807DD000 \SystemRoot\system32\drivers\fileinfo.sys
0x807ED000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8260E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8267F000 \SystemRoot\system32\drivers\ndis.sys
0x8278A000 \SystemRoot\system32\drivers\msrpc.sys
0x827B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x86201000 \SystemRoot\System32\drivers\tcpip.sys
0x862EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86406000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86516000 \SystemRoot\system32\drivers\volsnap.sys
0x8654F000 \SystemRoot\System32\Drivers\spldr.sys
0x86557000 \SystemRoot\System32\Drivers\mup.sys
0x86566000 \SystemRoot\System32\drivers\ecache.sys
0x8658D000 \SystemRoot\system32\drivers\disk.sys
0x8659E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x865BF000 \SystemRoot\system32\drivers\crcdisk.sys
0x865C8000 \SystemRoot\system32\drivers\BMLoad.sys
0x865EC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x865F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86306000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x86400000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x86315000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x86325000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8632C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8AA0C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B0C7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B168000 \SystemRoot\System32\drivers\watchdog.sys
0x86335000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B174000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8B1FA000 \SystemRoot\System32\drivers\swmsflt.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x863C2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x827F0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x805E4000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x82600000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B201000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B214000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B21F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B24D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B24F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B25A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B272000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8B275000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B2A4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B2E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B2F0000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8B2F8000 \SystemRoot\system32\drivers\modem.sys
0x8B305000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B31C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B327000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B34A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B359000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B36D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B382000 \SystemRoot\System32\Drivers\pcouffin.sys
0x8B38E000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8B395000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B3A5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B3A7000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B3D1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B3DB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B3E8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8B60F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B644000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B655000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8B688000 \SystemRoot\system32\drivers\portcls.sys
0x8B6B5000 \SystemRoot\system32\drivers\drmk.sys
0x8B6DA000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8BA0A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8BB0D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8BBC1000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8BBE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BBED000 \SystemRoot\System32\Drivers\Null.SYS
0x8BBF4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B717000 \SystemRoot\System32\drivers\vga.sys
0x8B723000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BA00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B744000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B74C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B757000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B765000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B76E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BBFB000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0x8B784000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B798000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BC08000 \SystemRoot\system32\drivers\afd.sys
0x8BC50000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8BC59000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BC6F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BC7D000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8BC7F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BC92000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BCCE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BCD8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BCEF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BCFC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BD07000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x94000000 \SystemRoot\System32\win32k.sys
0x8BD11000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BD1B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94220000 \SystemRoot\System32\TSDDD.dll
0x94240000 \SystemRoot\System32\cdd.dll
0x94250000 \SystemRoot\System32\ATMFD.DLL
0x8BD2A000 \SystemRoot\system32\drivers\luafv.sys
0x8BD4D000 \SystemRoot\system32\drivers\spsys.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\elagopro.sys
0x8B7CA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA7C02000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA7C2C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7C36000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA7C49000 \SystemRoot\system32\drivers\HTTP.sys
0xA7CB6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA7CD3000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA7CEC000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA7D01000 \SystemRoot\system32\drivers\mrxdav.sys
0xA7D22000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA7D41000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA7D7A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA7D92000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAA208000 \SystemRoot\System32\DRIVERS\srv.sys
0xAA256000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xAA25A000 \SystemRoot\system32\DRIVERS\elaunidr.sys
0xAA25C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAA260000 \SystemRoot\system32\drivers\peauth.sys
0xAA33E000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAA348000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAA354000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAA35C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAA372000 \??\C:\Users\Rick\AppData\Local\Temp\mbr.sys
0xAA379000 \SystemRoot\system32\drivers\klmd.sys
0x77CC0000 \Windows\System32\ntdll.dll
Processes (total 86):
0 System Idle Process
4 System
392 C:\Windows\System32\smss.exe
460 csrss.exe
504 C:\Windows\System32\wininit.exe
516 csrss.exe
548 C:\Windows\System32\services.exe
560 C:\Windows\System32\lsass.exe
568 C:\Windows\System32\lsm.exe
640 C:\Windows\System32\winlogon.exe
756 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\audiodg.exe
1116 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\SLsvc.exe
1184 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\wlanext.exe
1744 C:\Windows\System32\spoolsv.exe
1752 C:\Windows\System32\taskeng.exe
1776 C:\Windows\System32\svchost.exe
1836 C:\Windows\System32\rundll32.exe
268 C:\Windows\System32\taskeng.exe
468 C:\Windows\System32\dwm.exe
688 C:\Windows\explorer.exe
1036 C:\Program Files\Internet Explorer\iexplore.exe
932 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
464 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2104 C:\Windows\System32\svchost.exe
2176 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2260 C:\Windows\System32\svchost.exe
2716 C:\Windows\System32\TCPSVCS.EXE
2736 C:\Windows\System32\svchost.exe
2780 C:\Windows\System32\svchost.exe
2860 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2912 C:\Windows\System32\SearchIndexer.exe
2944 C:\Windows\System32\drivers\XAudio.exe
2988 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3028 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3432 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3916 C:\Program Files\Internet Explorer\iexplore.exe
1400 C:\Program Files\Windows Media Player\wmpnscfg.exe
2648 C:\Program Files\Windows Media Player\wmpnetwk.exe
3636 C:\Program Files\Internet Explorer\iexplore.exe
1348 C:\Program Files\Internet Explorer\iexplore.exe
3664 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3892 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2672 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2796 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2996 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
1824 C:\Windows\System32\igfxtray.exe
3952 C:\Windows\System32\hkcmd.exe
3476 C:\Windows\System32\igfxpers.exe
2416 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
2712 C:\Program Files\iTunes\iTunesHelper.exe
988 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3376 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
3468 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3472 C:\Program Files\Windows Sidebar\sidebar.exe
216 C:\Windows\ehome\ehtray.exe
2376 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3260 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2384 C:\Program Files\Linksys EasyLink Advisor\Linksys EasyLink Advisor\LinksysAgent.exe
3168 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
3828 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3280 C:\Windows\System32\igfxsrvc.exe
3956 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
4308 C:\Windows\ehome\ehmsas.exe
4504 WmiPrvSE.exe
4856 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5740 C:\Windows\System32\wbem\unsecapp.exe
5748 C:\Program Files\iPod\bin\iPodService.exe
3148 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5256 C:\Program Files\Internet Explorer\iexplore.exe
1332 C:\Program Files\Internet Explorer\iexplore.exe
1268 C:\Program Files\Internet Explorer\iexplore.exe
3908 C:\Program Files\Internet Explorer\iexplore.exe
3640 C:\Windows\System32\taskeng.exe
4828 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
4852 C:\Users\Rick\Desktop\tdsskiller\TDSSKiller.exe
5540 C:\Windows\System32\SearchProtocolHost.exe
2052 C:\Windows\System32\SearchFilterHost.exe
5196 C:\Users\Rick\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000010`9f024e00 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC7BP
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
I'm no IT guy, but I can follow instructions. Thanks.
I hope that is true, but I am not seeing the log from TDSSKiller.
Doing the following may mess up the restore feature of the laptop. I know of no other way of fixing the MBR back to what it should be on your laptop though.
Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)
- Place a blank CD in your CD drive.
- Double click on NTBR_CD.exe file and a folder of the same name will appear.
- Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
- Follow the prompts to burn the CD.
- Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
- If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
- Insert the newly created CD into your infected PC and reboot your computer.
- Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
- Read the warning and then continue as prompted.
- You first need to select your keyboard layout - press Enter for English.
- Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
- On the following screen enter 5 to select Install Standard MBR code.
- Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
- When asked to confirm please do so.
- Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
- Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
abilroth 0 Newbie Poster
I hope that is true, but I am not seeing the log from TDSSKiller.
Life is far too short to be mean-spirited. I assumed (wrongly) that you meant there would be a report option, whether tdss found anything or not, and what further convinced me of that was that there was no 'report' option shown in the results window. I said I was no IT guy, but that I could follow.... your instructions did not say that the 'report' option could only be found on the screen that appears BEFORE you run a scan. Below is the report you requested. Perhaps you will learn something from it to help others in the future. I appreciate your prompt responses and efforts. Peace!
2010/12/20 13:58:03.0127 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/20 13:58:03.0127 ================================================================================
2010/12/20 13:58:03.0127 SystemInfo:
2010/12/20 13:58:03.0127
2010/12/20 13:58:03.0127 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/20 13:58:03.0127 Product type: Workstation
2010/12/20 13:58:03.0127 ComputerName: RICK-PC
2010/12/20 13:58:03.0127 UserName: Rick
2010/12/20 13:58:03.0127 Windows directory: C:\Windows
2010/12/20 13:58:03.0127 System windows directory: C:\Windows
2010/12/20 13:58:03.0127 Processor architecture: Intel x86
2010/12/20 13:58:03.0127 Number of processors: 2
2010/12/20 13:58:03.0127 Page size: 0x1000
2010/12/20 13:58:03.0127 Boot type: Normal boot
2010/12/20 13:58:03.0127 ================================================================================
2010/12/20 13:58:03.0533 Initialize success
2010/12/20 13:58:06.0435 ================================================================================
2010/12/20 13:58:06.0435 Scan started
2010/12/20 13:58:06.0435 Mode: Manual;
2010/12/20 13:58:06.0435 ================================================================================
2010/12/20 13:58:10.0069 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/20 13:58:10.0210 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/20 13:58:10.0272 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/20 13:58:10.0397 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/20 13:58:10.0444 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/20 13:58:10.0600 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/20 13:58:10.0709 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/12/20 13:58:10.0834 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/20 13:58:10.0881 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/12/20 13:58:11.0005 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/12/20 13:58:11.0052 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/12/20 13:58:11.0099 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/20 13:58:11.0224 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/20 13:58:11.0302 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/20 13:58:11.0427 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/20 13:58:11.0520 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys
2010/12/20 13:58:11.0629 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/20 13:58:11.0676 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/20 13:58:11.0848 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/20 13:58:11.0926 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/20 13:58:12.0051 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/20 13:58:12.0191 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\Windows\system32\drivers\BMLoad.sys
2010/12/20 13:58:12.0300 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/20 13:58:12.0378 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/20 13:58:12.0425 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/20 13:58:12.0534 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/20 13:58:12.0581 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/20 13:58:12.0628 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/20 13:58:12.0659 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/20 13:58:12.0784 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/20 13:58:12.0893 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/20 13:58:13.0002 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/20 13:58:13.0096 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/20 13:58:13.0189 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/20 13:58:13.0345 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/20 13:58:13.0392 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/12/20 13:58:13.0455 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2010/12/20 13:58:13.0595 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/20 13:58:13.0642 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/20 13:58:13.0720 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/20 13:58:13.0876 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/20 13:58:14.0032 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/20 13:58:14.0125 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/20 13:58:14.0203 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/20 13:58:14.0344 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2010/12/20 13:58:14.0391 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/20 13:58:14.0500 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2010/12/20 13:58:14.0609 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/20 13:58:14.0765 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
2010/12/20 13:58:14.0827 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
2010/12/20 13:58:14.0952 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/20 13:58:15.0342 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/20 13:58:15.0483 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/20 13:58:15.0545 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/20 13:58:15.0670 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/20 13:58:15.0732 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/20 13:58:15.0810 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/20 13:58:15.0919 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/20 13:58:16.0013 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/20 13:58:16.0060 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/20 13:58:16.0200 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/12/20 13:58:16.0263 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2010/12/20 13:58:16.0403 HdAudAddService (07eee11d6e2b78122e17db3878b4c687) C:\Windows\system32\drivers\CHDART.sys
2010/12/20 13:58:16.0481 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/20 13:58:16.0606 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/20 13:58:16.0637 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/20 13:58:16.0684 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2010/12/20 13:58:16.0824 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/20 13:58:16.0933 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/20 13:58:17.0074 HSF_DPV (0d7a055a840c3099c37d576573a42cd5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/20 13:58:17.0230 HSXHWAZL (bcc074692882c056b0e1ac97f3331a02) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/20 13:58:17.0292 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/20 13:58:17.0417 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/20 13:58:17.0479 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/20 13:58:17.0667 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/20 13:58:17.0854 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/20 13:58:18.0057 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/20 13:58:18.0166 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/20 13:58:18.0259 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/20 13:58:18.0384 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/20 13:58:18.0462 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/20 13:58:18.0540 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/20 13:58:18.0649 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/20 13:58:18.0852 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/20 13:58:18.0915 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/12/20 13:58:18.0977 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/20 13:58:19.0086 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/20 13:58:19.0117 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/20 13:58:19.0180 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/20 13:58:19.0258 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/20 13:58:19.0383 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/20 13:58:19.0507 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/20 13:58:19.0585 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/20 13:58:19.0632 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/20 13:58:19.0757 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/20 13:58:19.0835 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/20 13:58:20.0007 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/20 13:58:20.0069 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/20 13:58:20.0225 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/20 13:58:20.0303 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/20 13:58:20.0350 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/20 13:58:20.0615 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2010/12/20 13:58:20.0865 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/20 13:58:20.0974 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/20 13:58:21.0005 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/20 13:58:21.0052 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/20 13:58:21.0130 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/20 13:58:21.0223 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/20 13:58:21.0286 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/20 13:58:21.0348 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/20 13:58:21.0395 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/20 13:58:21.0473 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/20 13:58:21.0551 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/12/20 13:58:21.0613 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/20 13:58:21.0723 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/20 13:58:21.0816 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/20 13:58:21.0957 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/20 13:58:22.0035 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/20 13:58:22.0081 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/20 13:58:22.0191 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/20 13:58:22.0269 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/20 13:58:22.0331 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/20 13:58:22.0425 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/20 13:58:22.0503 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/20 13:58:22.0627 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/20 13:58:22.0721 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/20 13:58:22.0815 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/20 13:58:22.0908 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/20 13:58:23.0033 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/20 13:58:23.0127 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/20 13:58:23.0173 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/20 13:58:23.0392 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/12/20 13:58:23.0517 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/20 13:58:23.0563 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/20 13:58:23.0626 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/20 13:58:23.0719 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/20 13:58:23.0844 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/20 13:58:23.0922 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/20 13:58:23.0985 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/20 13:58:24.0031 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/20 13:58:24.0141 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/12/20 13:58:24.0281 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/20 13:58:24.0421 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/20 13:58:24.0468 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/20 13:58:24.0499 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/20 13:58:24.0562 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
2010/12/20 13:58:24.0671 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/20 13:58:24.0749 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/12/20 13:58:24.0811 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/20 13:58:24.0905 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/20 13:58:25.0014 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
2010/12/20 13:58:25.0155 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/20 13:58:25.0373 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/20 13:58:25.0435 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/20 13:58:25.0591 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/20 13:58:25.0638 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/20 13:58:25.0732 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/20 13:58:25.0888 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/20 13:58:25.0966 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/20 13:58:26.0091 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/20 13:58:26.0184 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/20 13:58:26.0293 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/20 13:58:26.0325 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/20 13:58:26.0418 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/20 13:58:26.0512 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/20 13:58:26.0590 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/12/20 13:58:26.0683 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/20 13:58:27.0058 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/20 13:58:27.0245 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/12/20 13:58:27.0292 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2010/12/20 13:58:27.0495 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/20 13:58:27.0557 RTL8023xp (8de22fb05e4a0f797b1e442eb4b3b51c) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2010/12/20 13:58:27.0619 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/20 13:58:27.0744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/20 13:58:27.0791 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/20 13:58:27.0838 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/20 13:58:27.0916 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/20 13:58:28.0041 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/12/20 13:58:28.0072 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/20 13:58:28.0134 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/20 13:58:28.0165 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/20 13:58:28.0321 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/12/20 13:58:28.0368 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/20 13:58:28.0399 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/20 13:58:28.0477 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/20 13:58:28.0602 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/20 13:58:28.0711 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/20 13:58:28.0852 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/20 13:58:28.0899 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/20 13:58:29.0023 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/20 13:58:29.0117 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
2010/12/20 13:58:29.0304 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/20 13:58:29.0398 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/20 13:58:29.0445 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/20 13:58:29.0491 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/20 13:58:29.0663 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/20 13:58:29.0819 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/20 13:58:29.0944 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\Windows\system32\drivers\tcpipBM.sys
2010/12/20 13:58:29.0991 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/20 13:58:30.0053 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/20 13:58:30.0084 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/20 13:58:30.0209 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/20 13:58:30.0271 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/20 13:58:30.0443 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/20 13:58:30.0490 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/20 13:58:30.0583 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/20 13:58:30.0677 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/20 13:58:30.0739 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/20 13:58:30.0817 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/20 13:58:30.0864 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/20 13:58:31.0239 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/20 13:58:31.0363 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/20 13:58:31.0457 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/20 13:58:31.0535 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/20 13:58:31.0644 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/20 13:58:31.0753 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/20 13:58:31.0847 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/20 13:58:31.0894 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/20 13:58:31.0956 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/12/20 13:58:32.0034 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/20 13:58:32.0159 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/20 13:58:32.0268 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/20 13:58:32.0377 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/20 13:58:32.0424 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/12/20 13:58:32.0455 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/20 13:58:32.0502 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/12/20 13:58:32.0611 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/20 13:58:32.0674 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/20 13:58:32.0783 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/20 13:58:32.0845 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/20 13:58:32.0908 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/20 13:58:32.0955 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/20 13:58:32.0986 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/20 13:58:33.0111 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/20 13:58:33.0189 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/20 13:58:33.0376 winachsf (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/20 13:58:33.0610 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/20 13:58:33.0703 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/20 13:58:33.0781 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/20 13:58:33.0906 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/20 13:58:33.0984 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/20 13:58:34.0140 ================================================================================
2010/12/20 13:58:34.0140 Scan finished
2010/12/20 13:58:34.0140 ================================================================================
2010/12/20 13:59:19.0489 ================================================================================
2010/12/20 13:59:19.0489 Scan started
2010/12/20 13:59:19.0489 Mode: Manual;
2010/12/20 13:59:19.0489 ================================================================================
2010/12/20 13:59:19.0848 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/20 13:59:19.0911 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/20 13:59:20.0020 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/20 13:59:20.0067 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/20 13:59:20.0113 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/20 13:59:20.0191 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/20 13:59:20.0285 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/12/20 13:59:20.0332 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/20 13:59:20.0363 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/12/20 13:59:20.0410 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/12/20 13:59:20.0457 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/12/20 13:59:20.0550 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/20 13:59:20.0581 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/20 13:59:20.0644 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/20 13:59:20.0691 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/20 13:59:20.0737 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys
2010/12/20 13:59:20.0847 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/20 13:59:20.0893 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/20 13:59:21.0003 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/20 13:59:21.0034 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/20 13:59:21.0159 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/20 13:59:21.0268 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\Windows\system32\drivers\BMLoad.sys
2010/12/20 13:59:21.0315 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/20 13:59:21.0408 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/20 13:59:21.0455 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/20 13:59:21.0486 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/20 13:59:21.0517 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/20 13:59:21.0549 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/20 13:59:21.0658 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/20 13:59:21.0720 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/20 13:59:21.0767 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/20 13:59:21.0814 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/20 13:59:21.0923 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/20 13:59:22.0001 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/20 13:59:22.0063 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/20 13:59:22.0173 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/12/20 13:59:22.0235 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
2010/12/20 13:59:22.0313 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/20 13:59:22.0407 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/20 13:59:22.0453 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/20 13:59:22.0531 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/20 13:59:22.0594 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/20 13:59:22.0734 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/20 13:59:22.0843 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/20 13:59:22.0937 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2010/12/20 13:59:22.0999 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/20 13:59:23.0046 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2010/12/20 13:59:23.0155 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/20 13:59:23.0249 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
2010/12/20 13:59:23.0280 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
2010/12/20 13:59:23.0374 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/20 13:59:23.0467 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/20 13:59:23.0530 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/20 13:59:23.0623 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/20 13:59:23.0686 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/20 13:59:23.0733 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/20 13:59:23.0811 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/20 13:59:23.0889 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/20 13:59:23.0967 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/20 13:59:24.0060 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/20 13:59:24.0123 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/12/20 13:59:24.0169 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2010/12/20 13:59:24.0232 HdAudAddService (07eee11d6e2b78122e17db3878b4c687) C:\Windows\system32\drivers\CHDART.sys
2010/12/20 13:59:24.0357 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/20 13:59:24.0466 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/20 13:59:24.0528 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/20 13:59:24.0591 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2010/12/20 13:59:24.0731 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/20 13:59:24.0856 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/20 13:59:24.0949 HSF_DPV (0d7a055a840c3099c37d576573a42cd5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/20 13:59:25.0027 HSXHWAZL (bcc074692882c056b0e1ac97f3331a02) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/20 13:59:25.0137 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/20 13:59:25.0199 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/20 13:59:25.0246 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/20 13:59:25.0402 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/20 13:59:25.0511 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/20 13:59:25.0651 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/20 13:59:25.0761 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/20 13:59:25.0839 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/20 13:59:25.0917 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/20 13:59:25.0963 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/20 13:59:26.0104 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/20 13:59:26.0151 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/20 13:59:26.0213 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/20 13:59:26.0307 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/12/20 13:59:26.0369 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/20 13:59:26.0416 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/20 13:59:26.0447 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/20 13:59:26.0556 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/20 13:59:26.0603 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/20 13:59:26.0681 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/20 13:59:26.0853 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/20 13:59:26.0915 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/20 13:59:26.0946 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/20 13:59:26.0977 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/20 13:59:27.0024 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/20 13:59:27.0165 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/20 13:59:27.0211 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/20 13:59:27.0289 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/20 13:59:27.0399 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/20 13:59:27.0445 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/20 13:59:27.0492 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2010/12/20 13:59:27.0539 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/20 13:59:27.0633 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/12/20 13:59:27.0679 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/20 13:59:27.0711 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/12/20 13:59:27.0804 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/20 13:59:27.0913 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/20 13:59:27.0960 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/20 13:59:28.0023 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/20 13:59:28.0054 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/20 13:59:28.0163 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/20 13:59:28.0210 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/12/20 13:59:28.0272 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/20 13:59:28.0381 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/20 13:59:28.0444 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/20 13:59:28.0506 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/20 13:59:28.0553 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/20 13:59:28.0647 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/20 13:59:28.0725 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/20 13:59:28.0818 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/20 13:59:28.0912 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/20 13:59:28.0974 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/20 13:59:29.0052 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/20 13:59:29.0193 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/20 13:59:29.0286 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/20 13:59:29.0364 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/20 13:59:29.0458 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/20 13:59:29.0505 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/20 13:59:29.0614 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/20 13:59:29.0692 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/20 13:59:29.0957 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/12/20 13:59:30.0113 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/20 13:59:30.0160 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/20 13:59:30.0238 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/20 13:59:30.0363 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/20 13:59:30.0487 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/20 13:59:30.0519 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/20 13:59:30.0550 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/20 13:59:30.0597 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/20 13:59:30.0643 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/12/20 13:59:30.0862 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/20 13:59:30.0924 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/20 13:59:30.0987 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/20 13:59:31.0080 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/20 13:59:31.0143 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
2010/12/20 13:59:31.0205 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/20 13:59:31.0236 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/12/20 13:59:31.0283 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/20 13:59:31.0392 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/20 13:59:31.0439 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
2010/12/20 13:59:31.0517 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/20 13:59:31.0735 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/20 13:59:31.0782 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/20 13:59:31.0845 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/20 13:59:31.0907 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/20 13:59:32.0016 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/20 13:59:32.0141 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/20 13:59:32.0203 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/20 13:59:32.0235 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/20 13:59:32.0297 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/20 13:59:32.0422 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/20 13:59:32.0453 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/20 13:59:32.0515 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/20 13:59:32.0625 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/20 13:59:32.0703 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/12/20 13:59:32.0812 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/20 13:59:32.0874 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/20 13:59:32.0968 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/12/20 13:59:33.0077 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2010/12/20 13:59:33.0171 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/20 13:59:33.0233 RTL8023xp (8de22fb05e4a0f797b1e442eb4b3b51c) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2010/12/20 13:59:33.0327 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/20 13:59:33.0420 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/20 13:59:33.0467 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/20 13:59:33.0514 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/20 13:59:33.0576 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/20 13:59:33.0701 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/12/20 13:59:33.0748 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/20 13:59:33.0779 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/20 13:59:33.0826 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/20 13:59:33.0904 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/12/20 13:59:33.0997 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/20 13:59:34.0044 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/20 13:59:34.0122 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/20 13:59:34.0216 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/20 13:59:34.0309 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/20 13:59:34.0387 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/20 13:59:34.0403 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/20 13:59:34.0497 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/20 13:59:34.0606 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
2010/12/20 13:59:34.0762 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/20 13:59:34.0793 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/20 13:59:34.0840 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/20 13:59:34.0980 SynTP (3d6316279c3540aa268bf025f4621ef3) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/20 13:59:35.0121 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/20 13:59:35.0261 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/20 13:59:35.0355 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\Windows\system32\drivers\tcpipBM.sys
2010/12/20 13:59:35.0417 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/20 13:59:35.0464 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/20 13:59:35.0511 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/20 13:59:35.0620 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/20 13:59:35.0682 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/20 13:59:35.0791 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/20 13:59:35.0901 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/20 13:59:35.0963 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/20 13:59:36.0010 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/20 13:59:36.0088 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/20 13:59:36.0228 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/20 13:59:36.0259 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/20 13:59:36.0306 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/20 13:59:36.0431 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/20 13:59:36.0509 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/20 13:59:36.0587 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/20 13:59:36.0696 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/20 13:59:36.0759 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/20 13:59:36.0821 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/20 13:59:36.0899 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/20 13:59:36.0977 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/12/20 13:59:37.0071 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/20 13:59:37.0133 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/20 13:59:37.0258 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/20 13:59:37.0305 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/20 13:59:37.0336 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/12/20 13:59:37.0429 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/20 13:59:37.0476 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/12/20 13:59:37.0554 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/20 13:59:37.0617 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/20 13:59:37.0710 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/20 13:59:37.0773 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/20 13:59:37.0835 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/20 13:59:37.0882 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/20 13:59:37.0897 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/20 13:59:38.0053 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/20 13:59:38.0116 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/20 13:59:38.0287 winachsf (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/20 13:59:38.0506 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/20 13:59:38.0584 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/20 13:59:38.0646 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/20 13:59:38.0724 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/20 13:59:38.0833 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/20 13:59:38.0974 ================================================================================
2010/12/20 13:59:38.0974 Scan finished
2010/12/20 13:59:38.0974 ================================================================================
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Thank you for posting the log.
I assume you are having problems doing the rest of my directions? If so, please let me know what problem(s) you are having.
(Now 2 from 2)
Edited by crunchie because: n/a
abilroth 0 Newbie Poster
I am not having problems doing the rest of your directions. You did not say that the directions to which you refer were in response to something you saw in the MBR.txt I sent you, So I assumed you were taking a different approach that did not include the tdss, since you believed I could not figure out how to find and send it to you.
Admittedly, I do not know what you mean by, "(Now 2 from 2)." Please let me know. Sincerely! Thanks, again.
abilroth 0 Newbie Poster
Oh, and I forgot to mention that I have not yet had time to work on this problem since your last post other than to send you the tdss report.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
You said in your first post that you can follow directions. So far you haven't managed any from my replies, hence 2 from 2.
My last directions were in response to the MBR log you posted and details how to fix the MBR.
abilroth 0 Newbie Poster
Quote from Crunchie- "You said in your first post that you can follow directions. So far you haven't managed ANY (emphasis is mine) from my replies, hence 2 from 2."
I think I now understand your '2 from 2'. I take that to mean I have failed to follow 2 OF 2 instructions from you. In clear contradiction to your assertion, however, the sentence you follow that jab at my perceived inability to follow instructions with is, "My (meaning Crunchie's) last directions were in response to the MBR log you (me, abilroth) posted and details how to fix the MBR."
So because you are clearly admitting that I properly submitted the MBR report you requested, but not the tdss, my entire response, including the MBR report represented a total failure on my part to follow your (perfect) instructions.
We can certainly agree to disagree that what you see as none of 2, I see as 2 of 2 after I searched for a 'report' option, because you had not been clear as to where the report could be found, I did send you the tdss report.
And if you are considering my failure to following your instruction to download the NBR fixer, that would be 0 from 3. From my side, however, I did not follow that instruction because I do not appreciate your insulting, offensive approach under the guise of trying to help someone, and I have no intention of asking for any more help from you. It seems that many people, gifted IT folks such as yourself, have an overblown ego and sense of self and arrogance and mean-spiritedness toward those less gifted, and feel the need to belittle those you are supposedly trying to help. I regret having sought help from you and I am sorry to have taken any of your time. But I do remain grateful for your prompt responses. I will simply move on to another such site and seek assistance from a kinder, gentler, less ego-centric, person. The problem I am seeking help on is not a showstopper. Peace and Godspeed! Sincerely, Abilroth.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Sorry you feel that way. I am merely pointing out that YOU made the statement that you could follow directions but on two occasions, failed to do so by;
1/ Failing to post the TDDSKiller log as requested.
2/Failing to follow directions regarding the NTBR fix.
You still have a corrupt MBR. NTBR would have fixed it. There is no reason whatsoever that simple requests can not be followed without having to have a series of posts in between, requesting logs that have already been requested.
If you feel that I have belittled you, then I apologise as that was not my intent.
My intent is to get your PC up and running as quickly as possible so that I can get on with the next one.
Remember that it is YOU who got your PC infected and so it is incumbent of YOU, when you request assistance, to follow ALL directions given.
If you are unable to do so, you should have the courtesy to inform the helper. The longer that the clean-up takes, the more likely it is that the PC will be re-infected.
Edited by crunchie because: n/a
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.