Solved Google Search selections being redirected

Dell / Optiplex 980
July 28, 2011 at 04:27:03
Specs: Windows 7, 2.8 GHz/8 GB Ram 64 Bit O.S.
Internet Search Redirecting Viruses
Every time I select a web reference from results of a google search, it does not go to the selected web address. Instead it redirects to other addresses that provide multiple choices of subjects none of which are the web site selected.

How do I get it to stop and just go to the selected web site from the google search result?


See More: Google Search selections being redirected

Report •


#1
July 28, 2011 at 08:20:58
✔ Best Answer
Duffer Tom,

Please do the following:

Download TDSSKiller.zip:
http://support.kaspersky.com/downlo...

Save to your Desktop

Execute TDSSKiller.exe by double-clicking on it.
Press 'Start Scan'

If Malicious objects are found, do NOT allow it to fix anything, and select: Skip
Need to see the report first.

Next, click 'Continue'
Once the tool finishes, a log is produced at the root drive which is typically C:\

For example, C:\TDSSKiller.<version_date_time_log.txt

Please post the contents of that report directly in your reply.

Also download aswMBR:
http://public.avast.com/~gmerek/asw...

Save it to your Desktop.

Right-click aswMBR.exe and select ‘Run as Administrator‘ to run the tool.
Next, click: ‘Scan’

Upon completion of the scan, click ‘Save log’
Save it to your Desktop

Also post that log in your reply for review.

Note - do NOT attempt any Fix!!

Another file is created by aswMBR, and it is located on the Desktop. It is named MBR.dat.

Please store the MBR.dat file, to a USB flash drive for safe keeping.
This is very important!!

The two programs above are being run in diagnostic mode, for now.
Based on their results, we will take whatever action is needed to get rid of the malware and the redirections.

Thank for your patience!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#2
July 28, 2011 at 21:50:11
I have run both TDSSKiller and aswMBR. TDSSKiller did not find anything. This is all Greek to me. Hopefully you can guide me from here. Following are the print outs of the two files: Thank you,

MBR.dat first:
2011/07/29 00:43:26.0283 8856 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/29 00:43:26.0907 8856 ================================================================================
2011/07/29 00:43:26.0907 8856 SystemInfo:
2011/07/29 00:43:26.0907 8856
2011/07/29 00:43:26.0907 8856 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/29 00:43:26.0907 8856 Product type: Workstation
2011/07/29 00:43:26.0907 8856 ComputerName: TMJDELL
2011/07/29 00:43:26.0907 8856 UserName: Tom Jubb
2011/07/29 00:43:26.0907 8856 Windows directory: C:\Windows
2011/07/29 00:43:26.0907 8856 System windows directory: C:\Windows
2011/07/29 00:43:26.0907 8856 Running under WOW64
2011/07/29 00:43:26.0907 8856 Processor architecture: Intel x64
2011/07/29 00:43:26.0907 8856 Number of processors: 8
2011/07/29 00:43:26.0907 8856 Page size: 0x1000
2011/07/29 00:43:26.0907 8856 Boot type: Normal boot
2011/07/29 00:43:26.0907 8856 ================================================================================
2011/07/29 00:43:27.0297 8856 Initialize success
2011/07/29 00:43:30.0229 8884 ================================================================================
2011/07/29 00:43:30.0229 8884 Scan started
2011/07/29 00:43:30.0229 8884 Mode: Manual;
2011/07/29 00:43:30.0229 8884 ================================================================================
2011/07/29 00:43:30.0744 8884 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/29 00:43:30.0963 8884 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/29 00:43:31.0009 8884 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/29 00:43:31.0072 8884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/29 00:43:31.0087 8884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/29 00:43:31.0087 8884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/29 00:43:31.0181 8884 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/29 00:43:31.0212 8884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/29 00:43:31.0243 8884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/29 00:43:31.0275 8884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/29 00:43:31.0275 8884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/29 00:43:31.0290 8884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/29 00:43:31.0337 8884 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/29 00:43:31.0353 8884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/29 00:43:31.0384 8884 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/29 00:43:31.0431 8884 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/29 00:43:31.0477 8884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/29 00:43:31.0493 8884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/29 00:43:31.0524 8884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/29 00:43:31.0571 8884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/29 00:43:31.0633 8884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/29 00:43:31.0649 8884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/29 00:43:31.0665 8884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/29 00:43:31.0711 8884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/29 00:43:31.0743 8884 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/29 00:43:31.0758 8884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/29 00:43:31.0758 8884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/29 00:43:31.0789 8884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/29 00:43:31.0789 8884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/29 00:43:31.0805 8884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/29 00:43:31.0821 8884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/29 00:43:31.0821 8884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/29 00:43:31.0836 8884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/29 00:43:31.0867 8884 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/07/29 00:43:31.0899 8884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/29 00:43:31.0930 8884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/29 00:43:31.0977 8884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/29 00:43:31.0992 8884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/29 00:43:32.0055 8884 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/29 00:43:32.0086 8884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/29 00:43:32.0133 8884 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/29 00:43:32.0164 8884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/29 00:43:32.0211 8884 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/07/29 00:43:32.0257 8884 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/29 00:43:32.0273 8884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/29 00:43:32.0289 8884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/29 00:43:32.0351 8884 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/29 00:43:32.0398 8884 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
2011/07/29 00:43:32.0429 8884 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/29 00:43:32.0476 8884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/29 00:43:32.0507 8884 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/29 00:43:32.0569 8884 e1kexpress (60c5b36e07be8b3af3911c3d10303cfe) C:\Windows\system32\DRIVERS\e1k62x64.sys
2011/07/29 00:43:32.0647 8884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/29 00:43:32.0694 8884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/29 00:43:32.0710 8884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/29 00:43:32.0741 8884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/29 00:43:32.0757 8884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/29 00:43:32.0772 8884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/29 00:43:32.0788 8884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/29 00:43:32.0803 8884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/29 00:43:32.0819 8884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/29 00:43:32.0866 8884 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/29 00:43:32.0881 8884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/29 00:43:32.0944 8884 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/29 00:43:33.0022 8884 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/29 00:43:33.0053 8884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/29 00:43:33.0178 8884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/29 00:43:33.0225 8884 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/29 00:43:33.0256 8884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/29 00:43:33.0271 8884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/29 00:43:33.0271 8884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/29 00:43:33.0334 8884 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/29 00:43:33.0365 8884 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/29 00:43:33.0443 8884 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/29 00:43:33.0490 8884 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/29 00:43:33.0521 8884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/29 00:43:33.0568 8884 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/29 00:43:33.0661 8884 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/29 00:43:33.0693 8884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/29 00:43:33.0786 8884 IntcAzAudAddService (9f61c293284a2435badb78a4e287ae88) C:\Windows\system32\drivers\RTDVHD64.sys
2011/07/29 00:43:33.0817 8884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/29 00:43:33.0833 8884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/29 00:43:33.0895 8884 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/29 00:43:33.0942 8884 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/29 00:43:33.0973 8884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/29 00:43:33.0989 8884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/29 00:43:34.0020 8884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/29 00:43:34.0020 8884 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/29 00:43:34.0051 8884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/29 00:43:34.0083 8884 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/29 00:43:34.0098 8884 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/29 00:43:34.0129 8884 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/29 00:43:34.0161 8884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/29 00:43:34.0239 8884 LEqdUsb (8817aba3a9180f6c4b8938842925b1e1) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
2011/07/29 00:43:34.0285 8884 LHidEqd (8bcb069c2b6da65b5f6f561293ee447c) C:\Windows\system32\DRIVERS\LHidEqd.Sys
2011/07/29 00:43:34.0317 8884 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/29 00:43:34.0348 8884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/29 00:43:34.0363 8884 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/29 00:43:34.0379 8884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/29 00:43:34.0395 8884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/29 00:43:34.0395 8884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/29 00:43:34.0410 8884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/29 00:43:34.0441 8884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/29 00:43:34.0457 8884 LUsbFilt (da3494df01c62d821911ed91ce5e1642) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/07/29 00:43:34.0488 8884 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/07/29 00:43:34.0504 8884 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/07/29 00:43:34.0613 8884 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/07/29 00:43:34.0722 8884 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/07/29 00:43:34.0769 8884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/29 00:43:34.0800 8884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/29 00:43:34.0816 8884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/29 00:43:34.0831 8884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/29 00:43:34.0863 8884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/29 00:43:34.0909 8884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/29 00:43:34.0956 8884 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/29 00:43:35.0003 8884 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/29 00:43:35.0050 8884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/29 00:43:35.0097 8884 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/29 00:43:35.0175 8884 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/29 00:43:35.0237 8884 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/29 00:43:35.0268 8884 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/29 00:43:35.0284 8884 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/29 00:43:35.0315 8884 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/29 00:43:35.0346 8884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/29 00:43:35.0362 8884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/29 00:43:35.0393 8884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/29 00:43:35.0440 8884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/29 00:43:35.0440 8884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/29 00:43:35.0455 8884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/29 00:43:35.0502 8884 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/29 00:43:35.0533 8884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/29 00:43:35.0549 8884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/29 00:43:35.0565 8884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/29 00:43:35.0580 8884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/29 00:43:35.0627 8884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/29 00:43:35.0674 8884 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/29 00:43:35.0705 8884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/29 00:43:35.0721 8884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/29 00:43:35.0767 8884 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/29 00:43:35.0799 8884 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/29 00:43:35.0830 8884 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/29 00:43:35.0845 8884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/29 00:43:35.0877 8884 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/29 00:43:35.0939 8884 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
2011/07/29 00:43:35.0986 8884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/29 00:43:36.0017 8884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/29 00:43:36.0033 8884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/29 00:43:36.0126 8884 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/29 00:43:36.0173 8884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/29 00:43:36.0204 8884 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
2011/07/29 00:43:36.0376 8884 nvlddmkm (5d4ea4617c649258ddf6f0890c22e93a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/29 00:43:36.0469 8884 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/29 00:43:36.0547 8884 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/29 00:43:36.0579 8884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/29 00:43:36.0610 8884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/29 00:43:36.0672 8884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/29 00:43:36.0688 8884 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/29 00:43:36.0719 8884 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
2011/07/29 00:43:36.0750 8884 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/29 00:43:36.0766 8884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/29 00:43:36.0797 8884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/29 00:43:36.0797 8884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/29 00:43:36.0844 8884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/29 00:43:36.0937 8884 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\Windows\SysWOW64\drivers\pmemnt.sys
2011/07/29 00:43:36.0984 8884 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
2011/07/29 00:43:37.0047 8884 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
2011/07/29 00:43:37.0109 8884 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/29 00:43:37.0125 8884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/29 00:43:37.0171 8884 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/29 00:43:37.0234 8884 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
2011/07/29 00:43:37.0281 8884 pwipf6 (d3fa8c7b798f919360baf1ad095df2bf) C:\Windows\system32\DRIVERS\pwipf6.sys
2011/07/29 00:43:37.0296 8884 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/29 00:43:37.0421 8884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/29 00:43:37.0452 8884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/29 00:43:37.0468 8884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/29 00:43:37.0468 8884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/29 00:43:37.0499 8884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/29 00:43:37.0546 8884 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/29 00:43:37.0577 8884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/29 00:43:37.0593 8884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/29 00:43:37.0608 8884 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/29 00:43:37.0624 8884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/29 00:43:37.0655 8884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/29 00:43:37.0702 8884 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/07/29 00:43:37.0733 8884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/29 00:43:37.0749 8884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/29 00:43:37.0780 8884 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/29 00:43:37.0827 8884 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/29 00:43:37.0905 8884 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/07/29 00:43:37.0936 8884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/29 00:43:37.0967 8884 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/07/29 00:43:37.0998 8884 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/29 00:43:38.0029 8884 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/29 00:43:38.0092 8884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/29 00:43:38.0123 8884 Ser2pl (ef7b5ec21e7c0f6e4237424a41fa720e) C:\Windows\system32\DRIVERS\ser2pl64.sys
2011/07/29 00:43:38.0154 8884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/29 00:43:38.0185 8884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/29 00:43:38.0201 8884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/29 00:43:38.0232 8884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/29 00:43:38.0248 8884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/29 00:43:38.0248 8884 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/29 00:43:38.0263 8884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/29 00:43:38.0295 8884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/29 00:43:38.0310 8884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/29 00:43:38.0326 8884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/29 00:43:38.0357 8884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/29 00:43:38.0435 8884 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/29 00:43:38.0482 8884 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/29 00:43:38.0529 8884 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/29 00:43:38.0622 8884 ssfmonm (23bf9353520ca427bfc8e021ea948011) C:\Windows\system32\DRIVERS\ssfmonm.sys
2011/07/29 00:43:38.0653 8884 ssidrv (5012dfc0920f61ef842abb5d07df59d5) C:\Windows\system32\DRIVERS\ssidrv.sys
2011/07/29 00:43:38.0669 8884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/29 00:43:38.0685 8884 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/29 00:43:38.0731 8884 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/07/29 00:43:38.0747 8884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/29 00:43:38.0856 8884 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/29 00:43:38.0887 8884 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/29 00:43:38.0934 8884 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/29 00:43:38.0965 8884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/29 00:43:38.0981 8884 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/29 00:43:39.0012 8884 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/29 00:43:39.0028 8884 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/29 00:43:39.0090 8884 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/29 00:43:39.0121 8884 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/29 00:43:39.0153 8884 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/29 00:43:39.0184 8884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/29 00:43:39.0215 8884 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/29 00:43:39.0246 8884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/29 00:43:39.0262 8884 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/29 00:43:39.0277 8884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/29 00:43:39.0340 8884 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/07/29 00:43:39.0387 8884 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/29 00:43:39.0402 8884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/29 00:43:39.0449 8884 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/29 00:43:39.0527 8884 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/29 00:43:39.0543 8884 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/29 00:43:39.0574 8884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/29 00:43:39.0605 8884 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/29 00:43:39.0621 8884 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/29 00:43:39.0667 8884 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/29 00:43:39.0714 8884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/29 00:43:39.0730 8884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/29 00:43:39.0745 8884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/29 00:43:39.0777 8884 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/29 00:43:39.0808 8884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/29 00:43:39.0823 8884 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/07/29 00:43:39.0839 8884 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/29 00:43:39.0855 8884 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/29 00:43:39.0917 8884 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/29 00:43:39.0948 8884 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/29 00:43:39.0979 8884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/29 00:43:39.0995 8884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/29 00:43:40.0026 8884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/29 00:43:40.0042 8884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/29 00:43:40.0089 8884 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/29 00:43:40.0104 8884 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/29 00:43:40.0151 8884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/29 00:43:40.0167 8884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/29 00:43:40.0245 8884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/29 00:43:40.0276 8884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/29 00:43:40.0369 8884 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/29 00:43:40.0385 8884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/29 00:43:40.0541 8884 wrssweep (efa6f5a0e72d574659e0711f346940ba) C:\PROGRA~2\Webroot\Security\Current\plugins\cleanup\wrssweep.sys
2011/07/29 00:43:40.0557 8884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/29 00:43:40.0603 8884 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/29 00:43:40.0635 8884 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/29 00:43:40.0697 8884 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/07/29 00:43:40.0697 8884 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
2011/07/29 00:43:40.0759 8884 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk6\DR6
2011/07/29 00:43:40.0775 8884 Boot (0x1200) (29c118ba598bb1fa0e77f21240806e14) \Device\Harddisk0\DR0\Partition0
2011/07/29 00:43:40.0791 8884 Boot (0x1200) (661351a488a4688570b8a5b79dc1fe18) \Device\Harddisk0\DR0\Partition1
2011/07/29 00:43:40.0791 8884 Boot (0x1200) (1c63f48d109320a9b8650ff7c1ff3c69) \Device\Harddisk5\DR5\Partition0
2011/07/29 00:43:40.0806 8884 Boot (0x1200) (bbaf8b2c48229594199830da81ed3542) \Device\Harddisk6\DR6\Partition0
2011/07/29 00:43:40.0806 8884 ================================================================================
2011/07/29 00:43:40.0806 8884 Scan finished
2011/07/29 00:43:40.0806 8884 ================================================================================
2011/07/29 00:43:40.0822 8768 Detected object count: 0
2011/07/29 00:43:40.0822 8768 Actual detected object count: 0


Now the aswMBR:
aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-29 00:28:53
-----------------------------
00:28:53.273 OS Version: Windows x64 6.1.7601 Service Pack 1
00:28:53.273 Number of processors: 8 586 0x1E05
00:28:53.283 ComputerName: TMJDELL UserName:
00:28:53.843 Initialize success
00:29:10.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
00:29:10.483 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8
00:29:10.483 Disk 0 MBR read successfully
00:29:10.493 Disk 0 MBR scan
00:29:10.493 Disk 0 Windows VISTA default MBR code
00:29:10.503 Service scanning
00:29:11.273 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED**
00:29:11.873 Modules scanning
00:29:11.873 Disk 0 trace - called modules:
00:29:11.893 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:29:11.903 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800672a790]
00:29:11.913 3 CLASSPNP.SYS[fffff8800186c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8008319050]
00:29:11.913 Scan finished successfully
00:30:12.883 Disk 0 MBR has been saved successfully to "C:\Users\Tom Jubb\Desktop\MBR.dat"
00:30:12.903 The log file has been saved successfully to "C:\Users\Tom Jubb\Desktop\aswMBR.txt"


aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-29 00:45:27
-----------------------------
00:45:27.448 OS Version: Windows x64 6.1.7601 Service Pack 1
00:45:27.448 Number of processors: 8 586 0x1E05
00:45:27.448 ComputerName: TMJDELL UserName:
00:45:28.275 Initialize success
00:45:35.357 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
00:45:35.372 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8
00:45:35.372 Disk 0 MBR read successfully
00:45:35.372 Disk 0 MBR scan
00:45:35.372 Disk 0 Windows VISTA default MBR code
00:45:35.372 Service scanning
00:45:35.840 Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED**
00:45:36.433 Modules scanning
00:45:36.433 Disk 0 trace - called modules:
00:45:36.449 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:45:36.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800672a790]
00:45:36.449 3 CLASSPNP.SYS[fffff8800186c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8008319050]
00:45:36.464 Scan finished successfully
00:46:02.860 Disk 0 MBR has been saved successfully to "C:\Users\Tom Jubb\Desktop\MBR.dat"
00:46:02.875 The log file has been saved successfully to "C:\Users\Tom Jubb\Desktop\aswMBR.txt"



Report •

#3
July 28, 2011 at 22:31:04
Duffer Tom,

No ace in the hole there. Might have to play some extra holes and see if we find the culprit...

Please download DDS from one of these locations:
http://download.bleepingcomputer.co...
http://download.bleepingcomputer.co...


Save it to your Desktop

Disable any script blocker, and then double-click dds.scr to run the tool.

When done, DDS opens two (2) logs:
-DDS.txt
-Attach.txt
Save both reports to your Desktop.

Since these reports are quite large, please go to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the DDS.txt, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)
Please copy the 'Download link'.

Do the same for the Attach.txt

Please copy the 'Download link', for each report, and provide them in your reply.


Also, do you use Internet Explorer or FireFox as your browser, or both?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

Related Solutions

#4
August 17, 2011 at 19:47:18
First off, I am using Internet Explorer 8 as my browser.

Second: Following are the links for Attach.txt and DDS.txt files in order of:
1st line= file link, 2nd line = forum link, and 3rd =HTML link

http://uploading.com/files/d2f452dm...
[url=http://uploading.com/files/d2f452dm/Attach.txt/]Attach.txt - 6.2 KB[/url]
Attach.txt - 6.2 KB

http://uploading.com/files/77177a3d...
[url=http://uploading.com/files/77177a3d/DDS.txt/]DDS.txt - 24.1 KB[/url]
DDS.txt - 24.1 KB

I believe that is all that was requested.

Thanks


Report •

#5
August 19, 2011 at 08:40:53
Duffer Tom,

Sorry for the delay.

Will be looking at the information provided, and will get back with you later today.

Thank you for your patience.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE


Report •

#6
August 19, 2011 at 12:17:47

Can't see an indication of a Rootkit at first glance, but would appreciate your doing the following…

Please do exactly as follows, and nothing else. Do not delete or change anything in the Registry!! The consequences are not good.


Go to Start and type regedit in the search box above the Start globe.
Right-click and select: Run as Administrator

When the Registry opens, navigate it as follows:

Click the [>] on the left of each of the following:
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Control
Session Manager
SubSystems

The 'SubSystems' folder remains open.

Right-click the open SubSystems folder and select: 'Export'

In the Export Registry File prompt:
Save in: Desktop
File name: subsys
Save as type: Text Files (*.txt)
Click: Save

Close the Registry: Go to File > Exit

Please post the 'subsys' info (located on the Desktop) in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE


Report •

#7
August 20, 2011 at 05:22:58
Here is the subsys:

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems
Class Name: <NO CLASS>
Last Write Time: 7/14/2009 - 12:49 AM
Value 0
Name: Debug
Type: REG_EXPAND_SZ
Data:

Value 1
Name: <NO NAME>
Type: REG_SZ
Data: mnmsrvc

Value 2
Name: Kmode
Type: REG_EXPAND_SZ
Data: \SystemRoot\System32\win32k.sys

Value 3
Name: Optional
Type: REG_MULTI_SZ
Data: Posix

Value 4
Name: Posix
Type: REG_EXPAND_SZ
Data: %SystemRoot%\system32\psxss.exe

Value 5
Name: Required
Type: REG_MULTI_SZ
Data: Debug
Windows

Value 6
Name: Windows
Type: REG_EXPAND_SZ
Data: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16



Report •


Ask Question