google chrome search redirects to middle search engine

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

google chrome search redirects to middle search engineThu Aug 19, 2010 3:32 pm

hello, before to post I read the procedure and did the appropriate updates before to run OTL.exe

I have a problem, I don't have enough characters space to post the logs and when I try to upload the zip file contains the 2 log files it says:

Could not upload file : exceeded total storage space. (Free space : 8)

Tks a lot for your great support and site!!

Re: google chrome search redirects to middle search engineThu Aug 19, 2010 3:56 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see this topic.
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

google chrome search redirects to middle search engine Bf_new

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

Re: google chrome search redirects to middle search engineThu Aug 19, 2010 4:54 pm

malwarebytes logs after updated it like you asked:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4450

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

2010-08-19 19:07:52
mbam-log-2010-08-19 (19-07-52).txt

Scan type: Quick scan
Objects scanned: 169630
Time elapsed: 11 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Re: google chrome search redirects to middle search engineFri Aug 20, 2010 4:27 am

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
Once inside the interface, do not fix anything. Click on the Report tab.
Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

Re: google chrome search redirects to middle search engineMon Aug 23, 2010 2:42 pm

find in attachment the log file.
I stopped the scan on my D: drive cause the scan ran during 3 days...
let me know please... cause malware byte didnt remove it..

Re: google chrome search redirects to middle search engineMon Aug 23, 2010 3:06 pm

I dont see where is my attachment file in this post?

Re: google chrome search redirects to middle search engineTue Aug 24, 2010 4:32 pm

Please download RootRepeal from GooglePages.com.

Extract the program file to your Desktop.
Run the program RootRepeal.exe.
Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
Go to the Report tab and click on the Scan button.
Select ALL of the checkboxes and then click OK and it will start scanning your system.
If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
When done, click on Save Report
Save it to the Desktop.
Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

Re: google chrome search redirects to middle search engineThu Aug 26, 2010 2:20 pm

Hi, sorry for the delay but I tried to run RootRepeal without any success...

It always crashes when it scans Windows folder.
But I ran Combofix.exe and it shows interesting results.

ComboFix 10-08-25.01 - Maritxu 2010-08-26 12:18:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2037.1059 [GMT -4:00]
Lancé depuis: c:\users\Maritxu\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ib2055.tmp
C:\ib2056.tmp
C:\ib2067.tmp
C:\ib2077.tmp
C:\ib2153.tmp
c:\users\Maritxu\AppData\Roaming\75EDF89DB58BBDF4BE35F0C00B1F0D7A
c:\users\Maritxu\AppData\Roaming\75EDF89DB58BBDF4BE35F0C00B1F0D7A\enemies-names.txt
c:\users\Maritxu\AppData\Roaming\75EDF89DB58BBDF4BE35F0C00B1F0D7A\local.ini
c:\users\Maritxu\AppData\Roaming\75EDF89DB58BBDF4BE35F0C00B1F0D7A\lsrslt.ini
c:\users\Maritxu\Flyff_Eu_Fr_Setup.exe
c:\windows\system32\%appdata%
c:\windows\system32\config\systemprofile\a.exe

c:\windows\system32\wininit.exe . . . est infecté!!

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-07-26 au 2010-08-26 ))))))))))))))))))))))))))))))))))))
.

2010-08-26 16:48 . 2010-08-26 17:41 -------- d-----w- c:\users\Maritxu\AppData\Local\temp
2010-08-26 16:48 . 2010-08-26 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-26 16:48 . 2010-08-26 16:48 -------- d-----w- c:\users\FredChou\AppData\Local\temp
2010-08-20 12:21 . 2010-08-20 12:21 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed
2010-08-19 18:49 . 2010-08-19 18:48 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-10 17:42 . 2010-08-10 17:42 -------- d-----w- c:\program files\RealVNC
2010-08-10 12:47 . 2010-08-10 12:47 61440 ---ha-w- C:\SZKGFS.dat
2010-08-10 12:45 . 2010-08-10 12:45 -------- d-----w- c:\programdata\SITEguard
2010-08-10 12:44 . 2010-08-10 12:44 -------- d-----w- c:\program files\Common Files\iS3
2010-08-10 12:44 . 2010-08-23 20:39 -------- d-----w- c:\programdata\STOPzilla!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 17:36 . 2008-09-25 23:28 -------- d-----w- c:\programdata\VMware
2010-08-23 20:34 . 2010-08-23 20:34 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-23 20:30 . 2010-06-03 03:03 -------- d-----w- c:\programdata\DivX
2010-08-23 20:30 . 2010-01-10 14:06 -------- d-----w- c:\program files\DivX
2010-08-23 20:16 . 2010-07-25 02:06 -------- d-----w- c:\program files\Neffy
2010-08-23 20:16 . 2010-03-02 07:58 -------- d-----w- c:\program files\Core Services
2010-08-23 20:15 . 2008-10-09 12:44 -------- d-----w- c:\programdata\eMule
2010-08-23 18:28 . 2010-02-21 09:40 -------- d-----w- c:\programdata\CanonIJPLM
2010-08-19 23:20 . 2009-09-16 01:12 -------- d-----w- c:\programdata\NOS
2010-08-19 18:49 . 2008-02-11 23:26 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 01:37 . 2010-05-05 23:21 -------- d-----w- c:\programdata\Sonic
2010-08-04 01:23 . 2009-02-17 13:30 -------- d-----w- c:\users\Maritxu\AppData\Roaming\Skype
2010-08-03 21:48 . 2009-02-17 13:31 -------- d-----w- c:\users\Maritxu\AppData\Roaming\skypePM
2010-08-02 23:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-08-02 23:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-02 23:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-08-02 23:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-08-02 23:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-07-27 12:41 . 2008-02-12 00:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-25 15:02 . 2008-09-26 02:06 -------- d-----w- c:\users\Maritxu\AppData\Roaming\BitTorrent
2010-07-25 13:33 . 2010-07-25 13:33 -------- d-----w- c:\programdata\WindowsSearch
2010-07-25 13:20 . 2010-07-25 13:20 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-07-25 02:22 . 2010-07-25 02:22 -------- d-----w- c:\program files\gPotato.eu
2010-07-22 22:00 . 2010-03-13 10:51 -------- d-----w- c:\users\Maritxu\AppData\Roaming\ArcSoft
2010-07-22 01:56 . 2010-06-05 18:18 -------- d-----w- c:\users\Maritxu\AppData\Roaming\DivX
2010-07-21 15:10 . 2008-09-25 11:15 -------- d-----w- c:\program files\Google
2010-07-20 02:25 . 2010-07-20 02:25 -------- d-----w- c:\users\Maritxu\AppData\Roaming\Malwarebytes
2010-07-20 02:24 . 2010-07-20 02:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 02:24 . 2010-07-20 02:24 -------- d-----w- c:\programdata\Malwarebytes
2010-07-19 18:13 . 2008-02-12 00:44 -------- d-----w- c:\programdata\Microsoft Help
2010-07-11 23:06 . 2010-05-05 23:14 -------- d-----w- c:\programdata\Roxio
2010-07-09 15:34 . 2010-06-05 21:13 -------- d-----w- c:\programdata\Norton
2010-07-09 15:33 . 2008-09-24 16:36 -------- d-----w- c:\programdata\Symantec
2010-07-07 21:30 . 2008-09-24 16:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-27 22:26 . 2010-01-10 15:08 -------- d-----w- c:\users\FredChou\AppData\Roaming\uTorrent
2010-06-27 22:04 . 2008-02-12 00:46 -------- d-----w- c:\program files\Microsoft.NET
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2008-06-26 03:51 . 2008-06-26 03:51 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MotionSD STUDIO - Auto-activation Navigateur SD -.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MotionSD STUDIO - Auto-activation Navigateur SD -.lnk
backup=c:\windows\pss\MotionSD STUDIO - Auto-activation Navigateur SD -.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-01-22 18:25 712704 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 10:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-09-28 22:47 289088 ----a-w- c:\users\FredChou\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-25 21:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 15:50 84464 ----a-w- c:\program files\Roxio 2010\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 05:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 13:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-09-29 17:02 2054360 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2009-02-06 04:00 843776 ------w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-21 23:09 136176 ----atw- c:\users\Maritxu\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-05 03:24 154136 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 02:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-05 03:24 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 06:23 191552 ------w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBSCATS]
2007-02-22 10:52 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbstime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2009-03-03 09:02 107248 ----a-w- c:\program files\OrangeHSS\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-05 03:24 129560 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-07-07 07:34 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
2008-08-24 12:01 4067328 ----a-w- c:\program files\Rainlendar2\Rainlendar2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 12:33 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-29 10:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 01:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-17 02:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 20:27 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-05-19 23:26 3561720 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-09-19 03:05 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 310(Réseau)]
2008-11-17 09:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFHA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):eb,e2,cc,d1,95,32,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'

2010-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-26 17:37]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 17:38]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 17:38]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2232037431-2964614985-331068940-1004Core.job
- c:\users\Maritxu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 23:09]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2232037431-2964614985-331068940-1004UA.job
- c:\users\Maritxu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 23:09]

2010-07-29 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2009-06-24 02:21]

2010-08-08 c:\windows\Tasks\User_Feed_Synchronization-{81511348-69B2-4950-B207-B0B211F4A384}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.shoptoshiba.ca/welcome
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\users\Maritxu\AppData\Roaming\Mozilla\Firefox\Profiles\f21u6tsv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\users\Maritxu\AppData\Roaming\Mozilla\Firefox\Profiles\f21u6tsv.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv86win32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Maritxu\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Maritxu\AppData\Roaming\Mozilla\Firefox\Profiles\f21u6tsv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {237043A4-9BC4-47BA-A616-DBCAE792EB05} - c:\windows\system32\config\systemprofile\AppData\Local\{237043A4-9BC4-47BA-A616-DBCAE792EB05}\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-ipadxxxxxx.exe - c:\ipadxxxxxx.exe\ipadxxxxxx.exe
MSConfigStartUp-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
MSConfigStartUp-NDSTray - NDSTray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 13:40
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys >>UNKNOWN [0x8698DB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82b0c322
\Driver\ACPI -> acpi.sys @ 0x80694d4c
\Driver\atapi -> ataport.SYS @ 0x826e29a8
\Driver\iaStor -> iaStor.sys @ 0x82649002
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(5768)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\System32\bgsvcgen.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\program files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
c:\windows\system32\lktsrv.exe
c:\windows\system32\lxbscoms.exe
c:\memcached\memcached.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\vmnat.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Heure de fin: 2010-08-26 13:56:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-08-26 17:56

Avant-CF: 33 104 289 792 bytes free
Après-CF: 38 328 479 744 bytes free

- - End Of File - - 566E6E4B2DC84C99417A8D73AA1FF845

Re: google chrome search redirects to middle search engineThu Aug 26, 2010 4:16 pm

You have a severe infection on the system.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:

Back up all important data on the machine.
If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:

Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
Take any other steps you think appropriate for potential identity theft caused by the infections.

=====================================

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Re: google chrome search redirects to middle search engineFri Aug 27, 2010 12:10 am

2010/08/27 00:06:40.0493 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/27 00:06:40.0493 ================================================================================
2010/08/27 00:06:40.0493 SystemInfo:
2010/08/27 00:06:40.0493
2010/08/27 00:06:40.0493 OS Version: 6.0.6001 ServicePack: 1.0
2010/08/27 00:06:40.0494 Product type: Workstation
2010/08/27 00:06:40.0494 ComputerName: FREDCHOU-PC
2010/08/27 00:06:40.0494 UserName: Maritxu
2010/08/27 00:06:40.0494 Windows directory: C:\Windows
2010/08/27 00:06:40.0494 System windows directory: C:\Windows
2010/08/27 00:06:40.0494 Processor architecture: Intel x86
2010/08/27 00:06:40.0494 Number of processors: 2
2010/08/27 00:06:40.0494 Page size: 0x1000
2010/08/27 00:06:40.0494 Boot type: Normal boot
2010/08/27 00:06:40.0494 ================================================================================
2010/08/27 00:06:41.0338 Initialize success
2010/08/27 00:06:45.0881 ================================================================================
2010/08/27 00:06:45.0881 Scan started
2010/08/27 00:06:45.0881 Mode: Manual;
2010/08/27 00:06:45.0881 ================================================================================
2010/08/27 00:06:47.0785 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/08/27 00:06:48.0023 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
2010/08/27 00:06:48.0430 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/08/27 00:06:48.0723 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/08/27 00:06:48.0808 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/08/27 00:06:49.0037 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/08/27 00:06:49.0621 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/08/27 00:06:50.0396 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/27 00:06:50.0641 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/08/27 00:06:50.0712 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/27 00:06:50.0939 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/08/27 00:06:51.0215 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/08/27 00:06:51.0538 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/08/27 00:06:51.0809 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/08/27 00:06:52.0038 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/08/27 00:06:52.0291 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/08/27 00:06:52.0587 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/08/27 00:06:52.0778 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/27 00:06:52.0860 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/08/27 00:06:53.0403 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
2010/08/27 00:06:57.0715 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/27 00:06:58.0125 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/08/27 00:06:58.0399 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/27 00:06:58.0494 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/27 00:06:58.0813 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/27 00:06:59.0238 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/27 00:06:59.0695 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/27 00:06:59.0791 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/27 00:07:00.0307 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/27 00:07:00.0584 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/08/27 00:07:00.0851 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/27 00:07:01.0307 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
2010/08/27 00:07:01.0697 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/27 00:07:02.0052 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/08/27 00:07:02.0246 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/08/27 00:07:02.0553 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/27 00:07:02.0984 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/08/27 00:07:03.0425 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/27 00:07:03.0851 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/08/27 00:07:04.0046 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/08/27 00:07:04.0508 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\Windows\system32\drivers\cvintdrv.sys
2010/08/27 00:07:05.0035 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/08/27 00:07:05.0291 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/08/27 00:07:05.0717 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/27 00:07:06.0045 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/27 00:07:06.0303 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/27 00:07:06.0513 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\Windows\system32\DRIVERS\eamon.sys
2010/08/27 00:07:07.0289 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/08/27 00:07:07.0765 ehdrv (a4241545ecff3ee97041847d83936e1f) C:\Windows\system32\DRIVERS\ehdrv.sys
2010/08/27 00:07:08.0326 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/08/27 00:07:08.0502 epfwwfpr (c7d800414eb8b87e835b5b236b118461) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2010/08/27 00:07:08.0617 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/08/27 00:07:09.0162 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/08/27 00:07:09.0533 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/08/27 00:07:09.0769 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/27 00:07:10.0255 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/27 00:07:10.0530 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/27 00:07:10.0719 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/27 00:07:13.0752 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/08/27 00:07:14.0224 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/27 00:07:14.0563 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2010/08/27 00:07:14.0811 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/27 00:07:15.0122 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/08/27 00:07:15.0437 hcmon (68d0c3b105721c850d35817aadb8dfd3) C:\Windows\system32\drivers\hcmon.sys
2010/08/27 00:07:15.0703 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/08/27 00:07:16.0089 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/27 00:07:16.0323 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/08/27 00:07:16.0549 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/27 00:07:16.0821 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/27 00:07:17.0237 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/08/27 00:07:18.0124 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/08/27 00:07:18.0517 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/08/27 00:07:18.0878 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/27 00:07:19.0233 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2010/08/27 00:07:19.0560 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/08/27 00:07:20.0167 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/08/27 00:07:20.0615 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/27 00:07:21.0054 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/27 00:07:21.0347 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/08/27 00:07:21.0575 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/27 00:07:21.0940 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/27 00:07:22.0207 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/27 00:07:22.0497 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/27 00:07:22.0697 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/27 00:07:22.0952 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/08/27 00:07:23.0509 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/27 00:07:23.0824 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/27 00:07:24.0136 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/27 00:07:24.0388 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
2010/08/27 00:07:24.0582 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/27 00:07:24.0803 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/08/27 00:07:25.0838 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/27 00:07:26.0145 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/27 00:07:26.0445 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/27 00:07:26.0750 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/27 00:07:27.0004 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/27 00:07:27.0314 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/27 00:07:27.0613 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\Windows\system32\drivers\mbamswissarmy.sys
2010/08/27 00:07:28.0007 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/08/27 00:07:28.0206 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/08/27 00:07:28.0363 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/27 00:07:28.0476 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/27 00:07:28.0642 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/27 00:07:29.0144 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/27 00:07:29.0385 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/27 00:07:29.0655 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/08/27 00:07:29.0862 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/27 00:07:30.0069 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/27 00:07:30.0446 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/08/27 00:07:30.0682 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/27 00:07:30.0854 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/27 00:07:31.0070 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/27 00:07:31.0300 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/08/27 00:07:31.0506 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/08/27 00:07:31.0771 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/27 00:07:32.0105 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/27 00:07:32.0305 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/27 00:07:32.0486 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/27 00:07:32.0928 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/27 00:07:33.0111 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/08/27 00:07:33.0385 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/27 00:07:33.0950 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/27 00:07:34.0332 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/08/27 00:07:34.0619 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/27 00:07:35.0179 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/08/27 00:07:35.0560 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/27 00:07:35.0909 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/27 00:07:36.0042 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/27 00:07:36.0304 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/27 00:07:36.0620 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/27 00:07:36.0974 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/27 00:07:37.0343 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/27 00:07:37.0746 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/08/27 00:07:37.0982 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/27 00:07:38.0224 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/08/27 00:07:38.0629 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/27 00:07:39.0021 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/27 00:07:39.0405 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/08/27 00:07:39.0766 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/08/27 00:07:39.0936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/08/27 00:07:40.0271 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/08/27 00:07:40.0930 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/08/27 00:07:41.0176 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/08/27 00:07:41.0316 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/08/27 00:07:41.0600 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
2010/08/27 00:07:42.0100 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2010/08/27 00:07:43.0040 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/08/27 00:07:43.0281 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/08/27 00:07:43.0621 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/08/27 00:07:43.0811 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/27 00:07:44.0263 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/27 00:07:44.0614 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/08/27 00:07:45.0178 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/27 00:07:45.0604 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/27 00:07:46.0030 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/08/27 00:07:46.0487 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/27 00:07:46.0609 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/27 00:07:46.0664 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/27 00:07:46.0747 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/27 00:07:46.0911 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/27 00:07:46.0970 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/27 00:07:47.0288 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/27 00:07:47.0484 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/27 00:07:47.0816 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/08/27 00:07:48.0200 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/27 00:07:48.0475 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/08/27 00:07:48.0756 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/27 00:07:48.0839 RTL8169 (8cca591019216e9523e3cb385ce643e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/08/27 00:07:49.0019 RTSTOR (01c64783db1f40e1e3df67dd36199b35) C:\Windows\system32\drivers\RTSTOR.SYS
2010/08/27 00:07:49.0336 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\Windows\system32\Drivers\SahdIa32.sys
2010/08/27 00:07:49.0575 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\Windows\system32\Drivers\SaibIa32.sys
2010/08/27 00:07:49.0811 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\Windows\system32\Drivers\SaibVd32.sys
2010/08/27 00:07:49.0876 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/27 00:07:50.0219 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\Windows\system32\drivers\SCDEmu.sys
2010/08/27 00:07:50.0407 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/27 00:07:50.0584 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/27 00:07:50.0630 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/27 00:07:50.0723 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/27 00:07:50.0914 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/08/27 00:07:51.0269 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/27 00:07:51.0424 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/27 00:07:51.0462 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/27 00:07:51.0705 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/08/27 00:07:51.0805 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/08/27 00:07:52.0079 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/08/27 00:07:52.0341 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/08/27 00:07:52.0588 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/27 00:07:52.0859 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
2010/08/27 00:07:53.0302 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/27 00:07:53.0638 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/27 00:07:53.0980 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/27 00:07:54.0334 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/27 00:07:54.0390 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/27 00:07:54.0556 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/27 00:07:54.0723 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/27 00:07:55.0947 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
2010/08/27 00:07:56.0825 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/27 00:07:57.0184 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/27 00:07:57.0513 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2010/08/27 00:07:57.0616 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/27 00:07:57.0802 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/27 00:07:57.0985 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/27 00:07:58.0307 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/27 00:07:58.0869 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2010/08/27 00:07:59.0754 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/27 00:08:00.0344 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/27 00:08:00.0584 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/27 00:08:01.0013 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2010/08/27 00:08:01.0443 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/08/27 00:08:01.0589 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/27 00:08:01.0936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/27 00:08:02.0399 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/08/27 00:08:02.0757 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/27 00:08:03.0264 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/27 00:08:03.0576 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/27 00:08:04.0357 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/27 00:08:04.0736 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/27 00:08:05.0359 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/27 00:08:06.0032 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/27 00:08:06.0582 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/08/27 00:08:06.0710 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/27 00:08:07.0049 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/27 00:08:07.0610 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/27 00:08:07.0964 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/27 00:08:08.0273 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/27 00:08:08.0570 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2010/08/27 00:08:09.0031 VClone (cefaa7d630b653be5f831da1f49780c5) C:\Windows\system32\DRIVERS\VClone.sys
2010/08/27 00:08:09.0476 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/27 00:08:10.0075 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/27 00:08:10.0408 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/08/27 00:08:10.0513 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/08/27 00:08:10.0772 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/08/27 00:08:10.0920 vmci (4ec7e1cb7c4dfdb96a2caf99c8e64f06) C:\Windows\system32\Drivers\vmci.sys
2010/08/27 00:08:11.0243 vmkbd (32284452cdd740cc0999003aede76fa8) C:\Windows\system32\drivers\VMkbd.sys
2010/08/27 00:08:11.0561 VMnetAdapter (898706a05d20b706848a440961c52436) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2010/08/27 00:08:11.0733 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2010/08/27 00:08:12.0289 VMnetuserif (be849a8d86f422df07dfaf4dba1b82b5) C:\Windows\system32\drivers\vmnetuserif.sys
2010/08/27 00:08:12.0844 vmx86 (5ea298d3d843e5a3d751634381bf5f67) C:\Windows\system32\Drivers\vmx86.sys
2010/08/27 00:08:13.0317 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/27 00:08:14.0067 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/08/27 00:08:14.0570 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/08/27 00:08:15.0114 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/08/27 00:08:15.0419 vstor2-ws60 (e511cfb4b43b72cf9d1497e7c5bd1534) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
2010/08/27 00:08:15.0658 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/27 00:08:16.0166 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/27 00:08:16.0222 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/27 00:08:16.0695 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/08/27 00:08:17.0388 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/27 00:08:17.0959 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/08/27 00:08:18.0170 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/27 00:08:18.0557 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/27 00:08:19.0012 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/08/27 00:08:19.0424 WSDScan (9f6fa85e84d0a42d86a9dbb79d76b0ed) C:\Windows\system32\DRIVERS\WSDScan.sys
2010/08/27 00:08:19.0839 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/27 00:08:19.0972 ================================================================================
2010/08/27 00:08:19.0972 Scan finished
2010/08/27 00:08:19.0972 ================================================================================
2010/08/27 00:08:35.0514 ================================================================================
2010/08/27 00:08:35.0514 Scan started
2010/08/27 00:08:35.0514 Mode: Manual;
2010/08/27 00:08:35.0514 ================================================================================
2010/08/27 00:08:36.0192 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/08/27 00:08:36.0575 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\Windows\system32\drivers\adfs.sys
2010/08/27 00:08:36.0882 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/08/27 00:08:37.0075 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/08/27 00:08:37.0160 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/08/27 00:08:37.0457 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/08/27 00:08:37.0874 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/08/27 00:08:38.0215 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/27 00:08:38.0471 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/08/27 00:08:38.0709 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/27 00:08:39.0458 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/08/27 00:08:39.0811 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/08/27 00:08:40.0112 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/08/27 00:08:40.0317 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/08/27 00:08:40.0434 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/08/27 00:08:40.0643 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/08/27 00:08:40.0883 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/08/27 00:08:41.0063 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/27 00:08:41.0146 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/08/27 00:08:41.0565 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
2010/08/27 00:08:41.0798 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/27 00:08:42.0059 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/08/27 00:08:42.0340 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/27 00:08:42.0590 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/27 00:08:42.0832 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/27 00:08:43.0078 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/27 00:08:43.0213 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/27 00:08:43.0254 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/27 00:08:43.0492 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/27 00:08:43.0580 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/08/27 00:08:43.0791 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/27 00:08:44.0108 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
2010/08/27 00:08:44.0427 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/27 00:08:44.0800 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/08/27 00:08:44.0938 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/08/27 00:08:45.0256 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/27 00:08:45.0481 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/08/27 00:08:45.0800 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/27 00:08:46.0048 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/08/27 00:08:46.0221 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/08/27 00:08:46.0455 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\Windows\system32\drivers\cvintdrv.sys
2010/08/27 00:08:46.0616 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/08/27 00:08:46.0894 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/08/27 00:08:47.0159 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/27 00:08:47.0587 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/27 00:08:47.0923 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/27 00:08:48.0088 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\Windows\system32\DRIVERS\eamon.sys
2010/08/27 00:08:48.0420 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/08/27 00:08:48.0663 ehdrv (a4241545ecff3ee97041847d83936e1f) C:\Windows\system32\DRIVERS\ehdrv.sys
2010/08/27 00:08:49.0002 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/08/27 00:08:49.0221 epfwwfpr (c7d800414eb8b87e835b5b236b118461) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2010/08/27 00:08:49.0515 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/08/27 00:08:49.0625 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/08/27 00:08:49.0752 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/08/27 00:08:49.0910 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/27 00:08:50.0107 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/27 00:08:50.0260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/27 00:08:50.0327 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/27 00:08:50.0571 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/08/27 00:08:50.0765 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/27 00:08:50.0982 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2010/08/27 00:08:51.0341 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/27 00:08:51.0740 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/08/27 00:08:52.0356 hcmon (68d0c3b105721c850d35817aadb8dfd3) C:\Windows\system32\drivers\hcmon.sys
2010/08/27 00:08:52.0722 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/08/27 00:08:52.0997 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/27 00:08:53.0187 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/08/27 00:08:53.0257 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/27 00:08:53.0484 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/27 00:08:53.0811 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/08/27 00:08:54.0241 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/08/27 00:08:54.0514 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/08/27 00:08:55.0264 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/27 00:08:55.0608 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2010/08/27 00:08:55.0801 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/08/27 00:08:56.0042 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/08/27 00:08:56.0334 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/27 00:08:56.0784 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/27 00:08:57.0068 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/08/27 00:08:57.0576 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/27 00:08:57.0798 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/27 00:08:58.0176 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/27 00:08:58.0365 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/27 00:08:58.0434 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/27 00:08:58.0531 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/08/27 00:08:58.0744 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/27 00:08:58.0859 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/27 00:08:59.0033 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/27 00:08:59.0307 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
2010/08/27 00:08:59.0568 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/27 00:09:00.0066 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/08/27 00:09:00.0446 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/27 00:09:00.0652 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/27 00:09:01.0075 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/27 00:09:01.0369 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/27 00:09:01.0657 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/27 00:09:01.0833 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/27 00:09:01.0910 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\Windows\system32\drivers\mbamswissarmy.sys
2010/08/27 00:09:02.0126 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/08/27 00:09:03.0358 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/08/27 00:09:03.0627 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/27 00:09:03.0784 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/27 00:09:03.0905 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/27 00:09:04.0108 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/27 00:09:04.0316 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/27 00:09:04.0496 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/08/27 00:09:04.0530 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/27 00:09:04.0710 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/27 00:09:04.0976 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/08/27 00:09:05.0890 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/27 00:09:06.0140 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/27 00:09:06.0400 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/27 00:09:06.0542 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/08/27 00:09:06.0725 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/08/27 00:09:07.0001 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/27 00:09:07.0168 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/27 00:09:07.0324 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/27 00:09:07.0605 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/27 00:09:07.0836 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/27 00:09:07.0941 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/08/27 00:09:08.0326 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/27 00:09:08.0680 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/27 00:09:09.0340 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/08/27 00:09:09.0849 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/27 00:09:10.0576 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/08/27 00:09:10.0901 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/27 00:09:11.0294 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/27 00:09:11.0638 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/27 00:09:11.0902 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/27 00:09:12.0550 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/27 00:09:12.0849 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/27 00:09:13.0140 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/27 00:09:13.0431 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/08/27 00:09:13.0745 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/27 00:09:14.0055 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/08/27 00:09:14.0370 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/27 00:09:14.0663 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/27 00:09:14.0914 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/08/27 00:09:15.0396 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/08/27 00:09:15.0611 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/08/27 00:09:15.0934 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/08/27 00:09:16.0149 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/08/27 00:09:16.0384 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/08/27 00:09:16.0513 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/08/27 00:09:16.0808 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
2010/08/27 00:09:16.0954 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2010/08/27 00:09:17.0392 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/08/27 00:09:17.0633 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/08/27 00:09:17.0929 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/08/27 00:09:18.0096 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/27 00:09:18.0415 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/27 00:09:18.0610 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/08/27 00:09:18.0842 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/27 00:09:19.0101 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/27 00:09:19.0461 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/08/27 00:09:19.0772 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/27 00:09:20.0328 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/27 00:09:20.0660 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/27 00:09:20.0933 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/27 00:09:21.0308 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/27 00:09:21.0689 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/27 00:09:22.0196 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/27 00:09:22.0448 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/27 00:09:22.0536 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/08/27 00:09:22.0797 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/27 00:09:23.0005 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/08/27 00:09:23.0586 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/27 00:09:23.0703 RTL8169 (8cca591019216e9523e3cb385ce643e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/08/27 00:09:23.0960 RTSTOR (01c64783db1f40e1e3df67dd36199b35) C:\Windows\system32\drivers\RTSTOR.SYS
2010/08/27 00:09:24.0755 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\Windows\system32\Drivers\SahdIa32.sys
2010/08/27 00:09:25.0038 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\Windows\system32\Drivers\SaibIa32.sys
2010/08/27 00:09:25.0163 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\Windows\system32\Drivers\SaibVd32.sys
2010/08/27 00:09:25.0216 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/27 00:09:25.0437 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\Windows\system32\drivers\SCDEmu.sys
2010/08/27 00:09:25.0715 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/27 00:09:26.0047 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/27 00:09:26.0415 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/27 00:09:26.0775 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/27 00:09:27.0044 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/08/27 00:09:27.0266 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/27 00:09:27.0343 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/27 00:09:27.0469 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/27 00:09:27.0602 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/08/27 00:09:27.0702 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/08/27 00:09:27.0742 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/08/27 00:09:28.0027 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/08/27 00:09:28.0807 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/27 00:09:29.0001 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
2010/08/27 00:09:29.0254 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/27 00:09:29.0679 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/27 00:09:29.0944 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/27 00:09:30.0142 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/27 00:09:30.0220 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/27 00:09:30.0719 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/27 00:09:31.0753 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/27 00:09:32.0400 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
2010/08/27 00:09:32.0933 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/27 00:09:33.0170 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/27 00:09:33.0398 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2010/08/27 00:09:33.0657 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/27 00:09:34.0099 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/27 00:09:34.0626 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/27 00:09:34.0948 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/27 00:09:35.0721 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2010/08/27 00:09:36.0495 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/27 00:09:36.0919 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/27 00:09:37.0058 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/27 00:09:37.0154 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2010/08/27 00:09:37.0562 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/08/27 00:09:38.0140 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/27 00:09:38.0388 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/27 00:09:38.0574 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/08/27 00:09:38.0698 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/27 00:09:39.0061 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/27 00:09:39.0195 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/27 00:09:39.0287 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/27 00:09:39.0410 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/27 00:09:39.0644 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/27 00:09:39.0852 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/27 00:09:40.0057 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/08/27 00:09:40.0896 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/27 00:09:41.0246 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/27 00:09:41.0540 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/27 00:09:41.0760 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/27 00:09:42.0014 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/27 00:09:42.0255 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2010/08/27 00:09:42.0416 VClone (cefaa7d630b653be5f831da1f49780c5) C:\Windows\system32\DRIVERS\VClone.sys
2010/08/27 00:09:42.0761 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/27 00:09:43.0061 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/27 00:09:43.0660 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/08/27 00:09:43.0754 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/08/27 00:09:43.0947 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/08/27 00:09:44.0350 vmci (4ec7e1cb7c4dfdb96a2caf99c8e64f06) C:\Windows\system32\Drivers\vmci.sys
2010/08/27 00:09:44.0506 vmkbd (32284452cdd740cc0999003aede76fa8) C:\Windows\system32\drivers\VMkbd.sys
2010/08/27 00:09:44.0625 VMnetAdapter (898706a05d20b706848a440961c52436) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2010/08/27 00:09:44.0763 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2010/08/27 00:09:44.0919 VMnetuserif (be849a8d86f422df07dfaf4dba1b82b5) C:\Windows\system32\drivers\vmnetuserif.sys
2010/08/27 00:09:45.0041 vmx86 (5ea298d3d843e5a3d751634381bf5f67) C:\Windows\system32\Drivers\vmx86.sys
2010/08/27 00:09:45.0280 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/27 00:09:45.0741 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/08/27 00:09:46.0078 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/08/27 00:09:46.0311 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/08/27 00:09:46.0560 vstor2-ws60 (e511cfb4b43b72cf9d1497e7c5bd1534) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
2010/08/27 00:09:46.0910 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/27 00:09:47.0151 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/27 00:09:47.0207 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/27 00:09:47.0658 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/08/27 00:09:48.0130 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/27 00:09:48.0378 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/08/27 00:09:48.0533 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/27 00:09:48.0721 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/27 00:09:48.0808 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/08/27 00:09:49.0288 WSDScan (9f6fa85e84d0a42d86a9dbb79d76b0ed) C:\Windows\system32\DRIVERS\WSDScan.sys
2010/08/27 00:09:49.0524 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/27 00:09:49.0637 ================================================================================
2010/08/27 00:09:49.0637 Scan finished
2010/08/27 00:09:49.0637 ================================================================================

Re: google chrome search redirects to middle search engineFri Aug 27, 2010 12:11 am

it found nothing Sad tearing

I rebooted the machine and started tdsskiller.

Re: google chrome search redirects to middle search engineFri Aug 27, 2010 4:07 pm

Re-running ComboFix:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:
Code:
killall:: srpeek:: c:\windows\system32\wininit.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: google chrome search redirects to middle search engineSat Aug 28, 2010 11:03 pm

Here are the logs, so far the virus hasn't been destroyed.

ComboFix 10-08-27.03 - Maritxu 2010-08-28 18:20:30.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2037.988 [GMT -4:00]
Lancé depuis: c:\users\Maritxu\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Maritxu\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-28 au 2010-08-29 ))))))))))))))))))))))))))))))))))))
.

2010-08-28 22:44 . 2010-08-29 02:26 -------- d-----w- c:\users\Maritxu\AppData\Local\temp
2010-08-28 22:44 . 2010-08-28 22:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-28 22:44 . 2010-08-28 22:44 -------- d-----w- c:\users\FredChou\AppData\Local\temp
2010-08-28 22:44 . 2010-08-28 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-27 04:22 . 2010-08-28 17:58 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-20 12:21 . 2010-08-20 12:21 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed
2010-08-19 18:49 . 2010-08-19 18:48 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-10 17:42 . 2010-08-10 17:42 -------- d-----w- c:\program files\RealVNC
2010-08-10 12:47 . 2010-08-10 12:47 61440 ---ha-w- C:\SZKGFS.dat
2010-08-10 12:45 . 2010-08-10 12:45 -------- d-----w- c:\programdata\SITEguard
2010-08-10 12:44 . 2010-08-10 12:44 -------- d-----w- c:\program files\Common Files\iS3
2010-08-10 12:44 . 2010-08-23 20:39 -------- d-----w- c:\programdata\STOPzilla!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 02:25 . 2008-09-25 23:28 -------- d-----w- c:\programdata\VMware
2010-08-27 22:14 . 2008-09-23 13:20 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2010-08-23 20:34 . 2010-08-23 20:34 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-23 20:30 . 2010-06-03 03:03 -------- d-----w- c:\programdata\DivX
2010-08-23 20:30 . 2010-01-10 14:06 -------- d-----w- c:\program files\DivX
2010-08-23 20:16 . 2010-07-25 02:06 -------- d-----w- c:\program files\Neffy
2010-08-23 20:16 . 2010-03-02 07:58 -------- d-----w- c:\program files\Core Services
2010-08-23 20:15 . 2008-10-09 12:44 -------- d-----w- c:\programdata\eMule
2010-08-23 18:28 . 2010-02-21 09:40 -------- d-----w- c:\programdata\CanonIJPLM
2010-08-19 23:20 . 2009-09-16 01:12 -------- d-----w- c:\programdata\NOS
2010-08-19 18:49 . 2008-02-11 23:26 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 01:37 . 2010-05-05 23:21 -------- d-----w- c:\programdata\Sonic
2010-08-04 01:23 . 2009-02-17 13:30 -------- d-----w- c:\users\Maritxu\AppData\Roaming\Skype
2010-08-03 21:48 . 2009-02-17 13:31 -------- d-----w- c:\users\Maritxu\AppData\Roaming\skypePM
2010-08-02 23:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-08-02 23:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-02 23:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-08-02 23:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-08-02 23:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-07-27 12:41 . 2008-02-12 00:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-25 15:02 . 2008-09-26 02:06 -------- d-----w- c:\users\Maritxu\AppData\Roaming\BitTorrent
2010-07-25 13:33 . 2010-07-25 13:33 -------- d-----w- c:\programdata\WindowsSearch
2010-07-25 13:20 . 2010-07-25 13:20 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-07-25 02:22 . 2010-07-25 02:22 -------- d-----w- c:\program files\gPotato.eu
2010-07-22 22:00 . 2010-03-13 10:51 -------- d-----w- c:\users\Maritxu\AppData\Roaming\ArcSoft
2010-07-22 01:56 . 2010-06-05 18:18 -------- d-----w- c:\users\Maritxu\AppData\Roaming\DivX
2010-07-21 15:10 . 2008-09-25 11:15 -------- d-----w- c:\program files\Google
2010-07-20 02:25 . 2010-07-20 02:25 -------- d-----w- c:\users\Maritxu\AppData\Roaming\Malwarebytes
2010-07-20 02:24 . 2010-07-20 02:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 02:24 . 2010-07-20 02:24 -------- d-----w- c:\programdata\Malwarebytes
2010-07-19 18:13 . 2008-02-12 00:44 -------- d-----w- c:\programdata\Microsoft Help
2010-07-11 23:06 . 2010-05-05 23:14 -------- d-----w- c:\programdata\Roxio
2010-07-09 15:34 . 2010-06-05 21:13 -------- d-----w- c:\programdata\Norton
2010-07-09 15:33 . 2008-09-24 16:36 -------- d-----w- c:\programdata\Symantec
2010-07-07 21:30 . 2008-09-24 16:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2008-06-26 03:51 . 2008-06-26 03:51 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MotionSD STUDIO - Auto-activation Navigateur SD -.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MotionSD STUDIO - Auto-activation Navigateur SD -.lnk
backup=c:\windows\pss\MotionSD STUDIO - Auto-activation Navigateur SD -.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-01-22 18:25 712704 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 10:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-09-28 22:47 289088 ----a-w- c:\users\FredChou\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-10-25 21:41 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 15:50 84464 ----a-w- c:\program files\Roxio 2010\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 05:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 13:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-09-29 17:02 2054360 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2009-02-06 04:00 843776 ------w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-21 23:09 136176 ----atw- c:\users\Maritxu\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-05 03:24 154136 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 02:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-05 03:24 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 20:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2007-01-09 06:23 191552 ------w- c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBSCATS]
2007-02-22 10:52 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbstime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2009-03-03 09:02 107248 ----a-w- c:\program files\OrangeHSS\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-05 03:24 129560 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-07-07 07:34 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
2008-08-24 12:01 4067328 ----a-w- c:\program files\Rainlendar2\Rainlendar2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-24 12:33 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-29 10:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 01:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-17 02:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-01-17 20:27 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-05-19 23:26 3561720 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-09-19 03:05 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 310(Réseau)]
2008-11-17 09:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFHA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):eb,e2,cc,d1,95,32,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-08-27 41928]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-07-28 1935656]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-08-27 72808]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'

2010-08-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-26 17:37]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 17:38]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 17:38]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2232037431-2964614985-331068940-1004Core.job
- c:\users\Maritxu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 23:09]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2232037431-2964614985-331068940-1004UA.job
- c:\users\Maritxu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 23:09]

2010-07-29 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2009-06-24 02:21]

2010-08-08 c:\windows\Tasks\User_Feed_Synchronization-{81511348-69B2-4950-B207-B0B211F4A384}.job
- c:\windows\system32\msfeedssync.exe [2010-06-09 04:30]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.shoptoshiba.ca/welcome
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\users\Maritxu\AppData\Roaming\Mozilla\Firefox\Profiles\f21u6tsv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\users\Maritxu\AppData\Roaming\Mozilla\Firefox\Profiles\f21u6tsv.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv86win32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Maritxu\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Maritxu\AppData\Roaming\Mozilla\Firefox\Profiles\f21u6tsv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\users\Maritxu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Maritxu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {237043A4-9BC4-47BA-A616-DBCAE792EB05} - c:\windows\system32\config\systemprofile\AppData\Local\{237043A4-9BC4-47BA-A616-DBCAE792EB05}\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 22:26
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwOpenFile

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\TMP000000139FF8415661B377F0 524288 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys >>UNKNOWN [0x86988B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82b11322
\Driver\ACPI -> acpi.sys @ 0x80698d4c
\Driver\atapi -> ataport.SYS @ 0x826df9a8
\Driver\iaStor -> iaStor.sys @ 0x82646002
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4900)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\System32\bgsvcgen.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\lkcitdl.exe
c:\program files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\windows\system32\lxbscoms.exe
c:\memcached\memcached.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\vmnat.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Heure de fin: 2010-08-28 22:43:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-08-29 02:43
ComboFix2.txt 2010-08-26 17:57

Avant-CF: 38 189 461 504 bytes free
Après-CF: 38 232 043 520 bytes free

- - End Of File - - FF5612CC78D3373E782977A3A608791A

Re: google chrome search redirects to middle search engineSun Aug 29, 2010 4:34 pm

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:filefind iastor.sys wininit.exe atapi.sys
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

google chrome search redirects to middle search engine

descriptiongoogle chrome search redirects to middle search engineThu Aug 19, 2010 3:32 pm

descriptionRe: google chrome search redirects to middle search engineThu Aug 19, 2010 3:56 pm

descriptionRe: google chrome search redirects to middle search engineThu Aug 19, 2010 4:54 pm

descriptionRe: google chrome search redirects to middle search engineFri Aug 20, 2010 4:27 am

descriptionRe: google chrome search redirects to middle search engineMon Aug 23, 2010 2:42 pm

descriptionRe: google chrome search redirects to middle search engineMon Aug 23, 2010 3:06 pm

descriptionRe: google chrome search redirects to middle search engineTue Aug 24, 2010 4:32 pm

descriptionRe: google chrome search redirects to middle search engineThu Aug 26, 2010 2:20 pm

descriptionRe: google chrome search redirects to middle search engineThu Aug 26, 2010 4:16 pm

descriptionRe: google chrome search redirects to middle search engineFri Aug 27, 2010 12:10 am

descriptionRe: google chrome search redirects to middle search engineFri Aug 27, 2010 12:11 am

descriptionRe: google chrome search redirects to middle search engineFri Aug 27, 2010 4:07 pm

descriptionRe: google chrome search redirects to middle search engineSat Aug 28, 2010 11:03 pm

descriptionRe: google chrome search redirects to middle search engineSun Aug 29, 2010 4:34 pm

descriptionRe: google chrome search redirects to middle search engine