Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Requesting help to stop browser redirects.


  • Please log in to reply
9 replies to this topic

#1 red402

red402

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 22 January 2012 - 02:56 PM

Hello everyone, I've been having a problem with what I think is some kind of browser redirecting virus, or hijack. I was hoping you guys could help me.
Here's what happens:
When I open Google chrome on windows 7 pro 64 bit instead of going to my default homepage of "http://www.google.com/" it takes me to "http://www.google.com/search.php"
and the page says "404. Thatís an error. The requested URL /search.php was not found on this server. Thatís all we know.
At first I assumed that this was just a simple google error but it didn't go away so I checked my history and instead of showing me visiting google at start up it shows me as visiting "urlseek.vmn.net" after some time reading internet forums i downloaded and ran CCleaner and it fixed the problem but for only about a week then it came back and has been coming back almost daily. And not only does it take me to this page but also something along the line of my domain advisor.com.
So running ccleaner temporarily fixes this but I'm looking for something permanent. Thanks in advanced!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 22 January 2012 - 03:38 PM

Hello and welcome. Let's do these and see.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>
Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 red402

red402
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 23 January 2012 - 10:57 AM

Thanks for the quick reply!
Here's the results for the scans:

MiniToolBox:


MiniToolBox by Farbar Version: 18-01-2012
Ran by Mando's Machine (administrator) on 23-01-2012 at 09:22:50
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 802.11g Network Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MandosMachine
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : att.net

Ethernet adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Anchorfree HSS Adapter
Physical Address. . . . . . . . . : 00-FF-C7-19-B1-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : att.net
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-12-17-65-F0-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 23, 2012 7:57:46 AM
Lease Expires . . . . . . . . . . : Tuesday, January 24, 2012 7:57:46 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 20-CF-30-3D-06-C8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: dsldevice.att.net
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.52
74.125.227.50
74.125.227.49
74.125.227.51
74.125.227.48


Pinging google.com [74.125.227.18] with 32 bytes of data:
Reply from 74.125.227.18: bytes=32 time=25ms TTL=51
Reply from 74.125.227.18: bytes=32 time=25ms TTL=51

Ping statistics for 74.125.227.18:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 25ms, Average = 25ms
Server: dsldevice.att.net
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=84ms TTL=55
Reply from 98.137.149.56: bytes=32 time=97ms TTL=55

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 84ms, Maximum = 97ms, Average = 90ms
Server: dsldevice.att.net
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
25...00 ff c7 19 b1 a4 ......Anchorfree HSS Adapter
23...00 12 17 65 f0 49 ......Broadcom 802.11g Network Adapter
15...20 cf 30 3d 06 c8 ......Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.72 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.72 281
192.168.1.72 255.255.255.255 On-link 192.168.1.72 281
192.168.1.255 255.255.255.255 On-link 192.168.1.72 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.72 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.72 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/21/2012 09:22:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: adawarebp.dll_unloaded, version: 0.0.0.0, time stamp: 0x4e9c9820
Exception code: 0xc0000005
Fault offset: 0x100158fd
Faulting process id: 0x448
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/18/2012 01:44:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/13/2012 08:22:43 PM) (Source: Application Hang) (User: )
Description: The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d4

Start Time: 01ccd263549bd4a3

Termination Time: 40

Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe

Report Id: 9f33e76d-3e56-11e1-a5aa-20cf303d06c8

Error: (01/02/2012 04:33:03 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 16.0.912.63 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a14

Start Time: 01ccc99d7d6a4117

Termination Time: 2

Application Path: C:\Users\Mando's Machine\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: b7d60fb9-3591-11e1-a85d-20cf303d06c8

Error: (01/02/2012 10:53:40 AM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 16.0.912.63 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1390

Start Time: 01ccc9691c44b0eb

Termination Time: 3

Application Path: C:\Users\Mando's Machine\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: 4e4397c3-3562-11e1-8750-20cf303d06c8

Error: (12/27/2011 11:15:26 PM) (Source: Application Hang) (User: )
Description: The program Vue9.eon version 7.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 154c

Start Time: 01ccc51c9c8a1e8b

Termination Time: 270

Application Path: C:\Program Files\e-on software\Vue 9\Application\Vue9.eon

Report Id: ec34b3e2-3112-11e1-80c4-20cf303d06c8

Error: (12/27/2011 01:02:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/17/2011 08:08:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: Prince of Persia.exe, version: 1.0.0.0, time stamp: 0x492309b0
Faulting module name: Prince of Persia.exe, version: 1.0.0.0, time stamp: 0x492309b0
Exception code: 0xc0000005
Fault offset: 0x00049d39
Faulting process id: 0x770
Faulting application start time: 0xPrince of Persia.exe0
Faulting application path: Prince of Persia.exe1
Faulting module path: Prince of Persia.exe2
Report Id: Prince of Persia.exe3

Error: (12/17/2011 08:07:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: Prince of Persia.exe, version: 1.0.0.0, time stamp: 0x492309b0
Faulting module name: Prince of Persia.exe, version: 1.0.0.0, time stamp: 0x492309b0
Exception code: 0xc0000005
Fault offset: 0x00049d39
Faulting process id: 0x10d4
Faulting application start time: 0xPrince of Persia.exe0
Faulting application path: Prince of Persia.exe1
Faulting module path: Prince of Persia.exe2
Report Id: Prince of Persia.exe3

Error: (12/17/2011 08:07:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: Prince of Persia.exe, version: 1.0.0.0, time stamp: 0x492309b0
Faulting module name: Prince of Persia.exe, version: 1.0.0.0, time stamp: 0x492309b0
Exception code: 0xc0000005
Fault offset: 0x00049d39
Faulting process id: 0xf50
Faulting application start time: 0xPrince of Persia.exe0
Faulting application path: Prince of Persia.exe1
Faulting module path: Prince of Persia.exe2
Report Id: Prince of Persia.exe3


System errors:
=============
Error: (01/23/2012 07:57:48 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ntiomin
TfFsMon
TfSysMon

Error: (01/23/2012 07:57:45 AM) (Source: Service Control Manager) (User: )
Description: The Nero BackItUp Scheduler 4.0 service failed to start due to the following error:
%%3

Error: (01/22/2012 11:59:09 AM) (Source: Service Control Manager) (User: )
Description: The mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit service terminated unexpectedly. It has done this 1 time(s).

Error: (01/22/2012 11:59:09 AM) (Source: Service Control Manager) (User: )
Description: The mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit service terminated unexpectedly. It has done this 1 time(s).

Error: (01/22/2012 11:58:49 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ntiomin
TfFsMon
TfSysMon

Error: (01/22/2012 11:58:46 AM) (Source: Service Control Manager) (User: )
Description: The Nero BackItUp Scheduler 4.0 service failed to start due to the following error:
%%3

Error: (01/22/2012 11:57:48 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/22/2012 11:55:42 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/22/2012 11:55:42 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/22/2012 11:53:03 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (01/21/2012 09:22:40 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912adawarebp.dll_unloaded0.0.0.04e9c9820c0000005100158fd44801ccd8b51810bf36C:\Program Files (x86)\Internet Explorer\iexplore.exeadawarebp.dll567232ab-44a8-11e1-a90f-20cf303d06c8

Error: (01/18/2012 01:44:54 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Mando's Machine\Downloads\SoftonicDownloader_for_xvid-codec.exe

Error: (01/13/2012 08:22:43 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.1751415d401ccd263549bd4a340C:\Program Files (x86)\Windows Media Player\wmplayer.exe9f33e76d-3e56-11e1-a5aa-20cf303d06c8

Error: (01/02/2012 04:33:03 PM) (Source: Application Hang)(User: )
Description: chrome.exe16.0.912.63a1401ccc99d7d6a41172C:\Users\Mando's Machine\AppData\Local\Google\Chrome\Application\chrome.exeb7d60fb9-3591-11e1-a85d-20cf303d06c8

Error: (01/02/2012 10:53:40 AM) (Source: Application Hang)(User: )
Description: chrome.exe16.0.912.63139001ccc9691c44b0eb3C:\Users\Mando's Machine\AppData\Local\Google\Chrome\Application\chrome.exe4e4397c3-3562-11e1-8750-20cf303d06c8

Error: (12/27/2011 11:15:26 PM) (Source: Application Hang)(User: )
Description: Vue9.eon7.0.0.0154c01ccc51c9c8a1e8b270C:\Program Files\e-on software\Vue 9\Application\Vue9.eonec34b3e2-3112-11e1-80c4-20cf303d06c8

Error: (12/27/2011 01:02:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Mando's Machine\Downloads\SoftonicDownloader_for_xvid-codec.exe

Error: (12/17/2011 08:08:54 PM) (Source: Application Error)(User: )
Description: Prince of Persia.exe1.0.0.0492309b0Prince of Persia.exe1.0.0.0492309b0c000000500049d3977001ccbd29fb1948c0G:\GameFly\games\Ubisoft\Prince Of Persia\Prince of Persia.exeG:\GameFly\games\Ubisoft\Prince Of Persia\Prince of Persia.exe3c14352b-291d-11e1-8a89-20cf303d06c8

Error: (12/17/2011 08:07:34 PM) (Source: Application Error)(User: )
Description: Prince of Persia.exe1.0.0.0492309b0Prince of Persia.exe1.0.0.0492309b0c000000500049d3910d401ccbd29cb88f6bcG:\GameFly\games\Ubisoft\Prince Of Persia\Prince of Persia.exeG:\GameFly\games\Ubisoft\Prince Of Persia\Prince of Persia.exe0c63ce1f-291d-11e1-8a89-20cf303d06c8

Error: (12/17/2011 08:07:15 PM) (Source: Application Error)(User: )
Description: Prince of Persia.exe1.0.0.0492309b0Prince of Persia.exe1.0.0.0492309b0c000000500049d39f5001ccbd29bdf11238\\Mandosmachine\g\GameFly\games\Ubisoft\Prince Of Persia\Prince of Persia.exe\\Mandosmachine\g\GameFly\games\Ubisoft\Prince Of Persia\Prince of Persia.exe01376b72-291d-11e1-8a89-20cf303d06c8


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Download Assistant (Version: 1.0.2)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Akamai NetSession Interface
Akamai NetSession Interface Service
aniMate 2 DS3 (64bit) (Version: 2.0.0.7)
Apple Application Support (Version: 1.5.1)
Apple Software Update (Version: 2.1.1.116)
Applian Director (Version: 2.0)
Applian Director (Version: 2.01)
Autodesk 3ds Max 2011 64-bit (Version: 13.1.0.114)
Autodesk 3ds Max 2011 64-bit Components (Version: 13.0)
Autodesk 3ds Max 2012 64-bit - English (Version: 14.0)
Autodesk Backburner 2012.0.0 (Version: 2012.0.0)
Autodesk DirectConnect 2010 R1 (64-bit) (Version: 4.0.296.0)
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
Autodesk FBX Plug-in 2012.1 - 3ds Max 2012 64-bit
Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010 64-bit
Autodesk Material Library 2011 (Version: 2.0.0.100)
Autodesk Material Library 2011 Base Image library (Version: 2.0.0.49)
Autodesk Material Library 2011 Medium Image library (Version: 2.0.0.49)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.2109)
AVG 2012 (Version: 2012.0.1901)
Battlefield Heroes (Mando's Machine)
Brekel Kinect MoBu Device
Bryce 6.3 (Version: 6.3.0.84)
Bryce 7.0 (Version: 7.0.1.34)
Bryce Lightning 7.0 (Version: 7.0.1.34)
BurnInTest v6.0 Standard (Version: 6.0)
bvhacker (Version: 1.7.003)
Carrara 6 Pro
Carrara 6 Render Node
CCleaner (Version: 3.14)
CDBurnerXP (Version: 4.3.8.2568)
Celtx (2.7) (Version: 2.7 (en-US))
CPUID CPU-Z 1.57.1
CR2 Exporter DS3 (64bit) (Version: 1.0.6.23)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.1.0236)
DAZ Content Management Service (Version: 4.8.1.6)
DAZ Studio 3 (64bit) (Version: 3.1.1.73)
DAZ Studio 3 (64bit) (Version: 3.1.2.24)
DAZ Studio 3 (Version: 3.1.0.148)
DAZ Studio 4 (Version: 4.0.0.335)
DAZ|Mimic 3.1
DC Universe Online Live
DivX Setup (Version: 2.6.1.3)
DVD Architect Studio 5.0 (Version: 5.0.128)
Expat Shield 2.21 (Version: 2.21)
Fantasy Voice Pack (Version: 1.3.0)
Favorite Places
Female Voice Pack (Version: 3.3.1)
Free NaturalReader (Version: 9.0)
FXhome VisionLab Studio (remove only)
GameFly (Version: 1.0.1342)
GameMaker 8.1
Google Chrome (Version: 16.0.912.75)
Google SketchUp 8 (Version: 3.0.4811)
GraphicsGale FreeEdition version 1.93.17
ImagXpress (Version: 7.0.74.0)
InfraRecorder
iPi Desktop Motion Capture (Version: 1.2.0.114)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 26 (64-bit) (Version: 6.0.260)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ SE Development Kit 6 Update 26 (64-bit) (Version: 1.6.0.260)
Joint Editor DS3 (64bit) (Version: 1.0.6.23)
K-Lite Codec Pack 7.2.0 (Basic) (Version: 7.2.0)
LEGO Universe
LightScribe System Software (Version: 1.18.8.1)
magicJack (Version: 2.0.6073.4252)
Male Voice Pack (Version: 1.3.0)
Malwarebytes' Anti-Malware
Marvell Miniport Driver (Version: 11.24.10.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.3205.0)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft IntelliType Pro 8.0 (Version: 8.0.225.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Morph Loader DS3 (64bit) (Version: 1.4.5.119)
Morph Loader DS3 (64bit) (Version: 1.4.6.23)
MorphVOX Pro (Version: 4.3.8)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0)
neroxml (Version: 1.0.0)
Nitro PDF Professional (Version: 6.2.3.6)
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller Driver 275.33 (Version: 275.33)
NVIDIA 3D Vision Driver 275.33 (Version: 275.33)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Display Control Panel (Version: 6.14.12.5721)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.7533)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
OpenNI 1.1.0.41 for Windows (Version: 1.1.0.41)
OpenOffice.org 3.3 (Version: 3.3.9567)
Panda Cloud Antivirus (Version: 1.05.01.0000)
Panda Cloud Antivirus (Version: 1.5.1)
Panda Identity Protect 3.0.44 (Version: 3.0.44)
Panda Security Toolbar (Version: 2.0.0.10)
Panda Security URL Filtering (Version: 2.0.0.9)
Platform (Version: 1.34)
Poser 8 (8.0.0.10157) (Version: 8.0.0)
PrimeSense - NITE 1.3.1.5 for Windows (Version: 1.3.1.5)
PrimeSense Sensor KinectMod 5.0.1.32 for Windows (Version: 5.0.1.32)
PunkBuster Services (Version: 0.990)
QuickTime (Version: 7.69.80.9)
Quidam3 (Version: 3.15)
Realtek High Definition Audio Driver (Version: 6.0.1.6132)
Replay AV 8 (Version: 8.82)
Replay Converter 3 (Version: 3.60)
Replay Converter 4 (Version: 4.07)
Replay Media Catcher 4 (Version: 4.1.6)
Replay Media Splitter 1.7.1004 (Version: 1.7.1004)
Replay Music (Version: 3.95)
Replay Music (Version: 3.98)
Replay Music (Version: 4.05)
Replay Telecorder for Skype 1.1.0.0 (Version: 1.1.0.0)
Replay Video Capture (Version: 4.2)
Sci-Fi Voice Pack (Version: 1.3.0)
Serif DrawPlus Starter Edition (Version: 2.0.1.008)
Serif PhotoPlus 9.0 (Version: 9.01)
Skeleton Setup DS3 (64bit) (Version: 1.0.6.23)
Sound Forge Audio Studio 10.0 (Version: 10.0.152)
SpeedFan (remove only)
SpyNet Field Office (Version: 1.0)
TempoPerfect Metronome Software
The UnderGarden (Version: 1.0)
Uniblue DriverScanner (Version: 4.0.1.9)
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Unity Web Player (Version: )
Unreal Development Kit: 2011-06
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Vegas Movie Studio HD Platinum 10.0 (Version: 10.0.179)
VIA Platform Device Manager (Version: 1.34)
Video Padlock (Version: 1.14)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Vue 7 (Version: 7)
Vue 9 64bit (Version: 9)
Windows Driver Package - PrimeSense (psdrv3) PrimeSense (02/16/2011 3.1.2.0) (Version: 02/16/2011 3.1.2.0)
Windows Driver Package - PrimeSense (psdrv3) PrimeSensor (07/13/2010 3.1.0.4) (Version: 07/13/2010 3.1.0.4)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
WinPcap 4.0.2 (Version: 4.0.0.1040)
WinZip (Version: 10.0 (7245))
World of Goo (Version: 1.0)
WOT for Internet Explorer (Version: 10.3.3.0)
Xvid Video Codec (Version: 1.3.2)
YouSendIt Express (Version: 1.5.1)

========================= Devices: ================================

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 8190.18 MB
Available physical RAM: 6092.75 MB
Total Pagefile: 20472.37 MB
Available Pagefile: 18228.21 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.19 MB

========================= Partitions: =====================================

1 Drive c: (Local Disk) (Fixed) (Total:119.14 GB) (Free:16.14 GB) NTFS
5 Drive g: (Raid Storage) (Fixed) (Total:298.1 GB) (Free:156.33 GB) NTFS

========================= Users: ========================================

User accounts for \\MANDOSMACHINE

Administrator Guest Mando's Machine
UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****




GooredFix:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 09:25 on 23/01/2012 (Mando's Machine)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"widgetruntime@surfsecret.com"="C:\Program Files (x86)\Panda Security\Panda ID Protect\Firefox" [17:26 18/05/2011]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [04:10 21/12/2011]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG\AVG2012\Firefox4\" [18:34 22/01/2012]
"avg@toolbar"="C:\ProgramData\AVG Secure Search\9.0.0.23\" [18:34 22/01/2012]

-=E.O.F=-



TDSSKiller:


09:28:01.0641 4876 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
09:28:02.0109 4876 ============================================================
09:28:02.0109 4876 Current date / time: 2012/01/23 09:28:02.0109
09:28:02.0109 4876 SystemInfo:
09:28:02.0109 4876
09:28:02.0109 4876 OS Version: 6.1.7601 ServicePack: 1.0
09:28:02.0109 4876 Product type: Workstation
09:28:02.0109 4876 ComputerName: MANDOSMACHINE
09:28:02.0109 4876 UserName: Mando's Machine
09:28:02.0109 4876 Windows directory: C:\Windows
09:28:02.0109 4876 System windows directory: C:\Windows
09:28:02.0109 4876 Running under WOW64
09:28:02.0109 4876 Processor architecture: Intel x64
09:28:02.0109 4876 Number of processors: 6
09:28:02.0109 4876 Page size: 0x1000
09:28:02.0109 4876 Boot type: Normal boot
09:28:02.0109 4876 ============================================================
09:28:02.0390 4876 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:28:02.0406 4876 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:28:02.0437 4876 Drive \Device\Harddisk2\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:28:02.0437 4876 Initialize success
09:28:19.0238 1384 ============================================================
09:28:19.0238 1384 Scan started
09:28:19.0238 1384 Mode: Manual;
09:28:19.0238 1384 ============================================================
09:28:19.0722 1384 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:28:19.0737 1384 1394ohci - ok
09:28:19.0753 1384 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:28:19.0753 1384 ACPI - ok
09:28:19.0753 1384 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:28:19.0768 1384 AcpiPmi - ok
09:28:19.0784 1384 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:28:19.0784 1384 adp94xx - ok
09:28:19.0800 1384 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:28:19.0800 1384 adpahci - ok
09:28:19.0815 1384 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:28:19.0815 1384 adpu320 - ok
09:28:19.0831 1384 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
09:28:19.0846 1384 AFD - ok
09:28:19.0846 1384 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:28:19.0846 1384 agp440 - ok
09:28:19.0862 1384 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:28:19.0862 1384 aliide - ok
09:28:19.0878 1384 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:28:19.0878 1384 amdide - ok
09:28:19.0893 1384 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:28:19.0893 1384 AmdK8 - ok
09:28:19.0909 1384 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:28:19.0909 1384 AmdPPM - ok
09:28:19.0909 1384 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:28:19.0909 1384 amdsata - ok
09:28:19.0924 1384 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:28:19.0924 1384 amdsbs - ok
09:28:19.0940 1384 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:28:19.0940 1384 amdxata - ok
09:28:19.0956 1384 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:28:19.0956 1384 AppID - ok
09:28:19.0971 1384 appliand (1b1a533f3be2a540c8f58f14b2886a97) C:\Windows\system32\DRIVERS\appliand.sys
09:28:19.0971 1384 appliand - ok
09:28:19.0971 1384 appliandMP (1b1a533f3be2a540c8f58f14b2886a97) C:\Windows\system32\DRIVERS\appliand.sys
09:28:19.0971 1384 appliandMP - ok
09:28:19.0987 1384 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:28:19.0987 1384 arc - ok
09:28:20.0002 1384 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:28:20.0002 1384 arcsas - ok
09:28:20.0018 1384 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:28:20.0018 1384 AsyncMac - ok
09:28:20.0034 1384 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:28:20.0034 1384 atapi - ok
09:28:20.0049 1384 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:28:20.0049 1384 AVGIDSDriver - ok
09:28:20.0065 1384 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:28:20.0065 1384 AVGIDSEH - ok
09:28:20.0065 1384 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:28:20.0065 1384 AVGIDSFilter - ok
09:28:20.0080 1384 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
09:28:20.0096 1384 Avgldx64 - ok
09:28:20.0096 1384 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:28:20.0096 1384 Avgmfx64 - ok
09:28:20.0112 1384 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
09:28:20.0112 1384 Avgrkx64 - ok
09:28:20.0127 1384 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
09:28:20.0143 1384 Avgtdia - ok
09:28:20.0158 1384 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:28:20.0158 1384 b06bdrv - ok
09:28:20.0174 1384 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:28:20.0174 1384 b57nd60a - ok
09:28:20.0205 1384 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:28:20.0205 1384 BCM43XX - ok
09:28:20.0221 1384 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:28:20.0221 1384 Beep - ok
09:28:20.0236 1384 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:28:20.0236 1384 blbdrive - ok
09:28:20.0252 1384 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:28:20.0252 1384 bowser - ok
09:28:20.0268 1384 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:28:20.0268 1384 BrFiltLo - ok
09:28:20.0268 1384 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:28:20.0268 1384 BrFiltUp - ok
09:28:20.0283 1384 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:28:20.0283 1384 BridgeMP - ok
09:28:20.0299 1384 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:28:20.0314 1384 Brserid - ok
09:28:20.0314 1384 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:28:20.0314 1384 BrSerWdm - ok
09:28:20.0330 1384 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:28:20.0330 1384 BrUsbMdm - ok
09:28:20.0346 1384 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:28:20.0346 1384 BrUsbSer - ok
09:28:20.0346 1384 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:28:20.0361 1384 BTHMODEM - ok
09:28:20.0361 1384 catchme - ok
09:28:20.0377 1384 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:28:20.0377 1384 cdfs - ok
09:28:20.0392 1384 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:28:20.0392 1384 cdrom - ok
09:28:20.0408 1384 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:28:20.0408 1384 circlass - ok
09:28:20.0408 1384 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:28:20.0424 1384 CLFS - ok
09:28:20.0439 1384 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:28:20.0439 1384 CmBatt - ok
09:28:20.0439 1384 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:28:20.0439 1384 cmdide - ok
09:28:20.0455 1384 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
09:28:20.0470 1384 CNG - ok
09:28:20.0470 1384 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:28:20.0470 1384 Compbatt - ok
09:28:20.0486 1384 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:28:20.0486 1384 CompositeBus - ok
09:28:20.0502 1384 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
09:28:20.0502 1384 cpuz135 - ok
09:28:20.0517 1384 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:28:20.0517 1384 crcdisk - ok
09:28:20.0533 1384 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
09:28:20.0533 1384 CSC - ok
09:28:20.0564 1384 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:28:20.0564 1384 DfsC - ok
09:28:20.0564 1384 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:28:20.0564 1384 discache - ok
09:28:20.0580 1384 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:28:20.0580 1384 Disk - ok
09:28:20.0595 1384 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:28:20.0595 1384 drmkaud - ok
09:28:20.0611 1384 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:28:20.0611 1384 dtsoftbus01 - ok
09:28:20.0642 1384 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:28:20.0642 1384 DXGKrnl - ok
09:28:20.0689 1384 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:28:20.0720 1384 ebdrv - ok
09:28:20.0736 1384 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:28:20.0736 1384 elxstor - ok
09:28:20.0751 1384 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:28:20.0751 1384 ErrDev - ok
09:28:20.0767 1384 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:28:20.0767 1384 exfat - ok
09:28:20.0798 1384 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:28:20.0798 1384 fastfat - ok
09:28:20.0814 1384 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:28:20.0814 1384 fdc - ok
09:28:20.0814 1384 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:28:20.0829 1384 FileInfo - ok
09:28:20.0829 1384 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:28:20.0829 1384 Filetrace - ok
09:28:20.0845 1384 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:28:20.0845 1384 flpydisk - ok
09:28:20.0860 1384 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:28:20.0860 1384 FltMgr - ok
09:28:20.0876 1384 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:28:20.0876 1384 FsDepends - ok
09:28:20.0892 1384 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:28:20.0892 1384 Fs_Rec - ok
09:28:20.0923 1384 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:28:20.0923 1384 fvevol - ok
09:28:20.0923 1384 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:28:20.0923 1384 gagp30kx - ok
09:28:20.0938 1384 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:28:20.0938 1384 hcw85cir - ok
09:28:20.0954 1384 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:28:20.0954 1384 HdAudAddService - ok
09:28:20.0970 1384 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:28:20.0970 1384 HDAudBus - ok
09:28:20.0985 1384 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:28:20.0985 1384 HidBatt - ok
09:28:20.0985 1384 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:28:21.0001 1384 HidBth - ok
09:28:21.0001 1384 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:28:21.0001 1384 HidIr - ok
09:28:21.0016 1384 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:28:21.0016 1384 HidUsb - ok
09:28:21.0032 1384 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:28:21.0032 1384 HpSAMD - ok
09:28:21.0048 1384 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:28:21.0063 1384 HTTP - ok
09:28:21.0063 1384 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:28:21.0063 1384 hwpolicy - ok
09:28:21.0079 1384 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:28:21.0079 1384 i8042prt - ok
09:28:21.0094 1384 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:28:21.0094 1384 iaStorV - ok
09:28:21.0110 1384 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:28:21.0110 1384 iirsp - ok
09:28:21.0157 1384 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys
09:28:21.0188 1384 IntcAzAudAddService - ok
09:28:21.0188 1384 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:28:21.0188 1384 intelide - ok
09:28:21.0204 1384 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:28:21.0204 1384 intelppm - ok
09:28:21.0219 1384 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:28:21.0219 1384 IpFilterDriver - ok
09:28:21.0235 1384 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:28:21.0235 1384 IPMIDRV - ok
09:28:21.0250 1384 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:28:21.0250 1384 IPNAT - ok
09:28:21.0250 1384 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:28:21.0250 1384 IRENUM - ok
09:28:21.0266 1384 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:28:21.0266 1384 isapnp - ok
09:28:21.0282 1384 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:28:21.0282 1384 iScsiPrt - ok
09:28:21.0297 1384 JRAID (50de7dd7edb1b512b13666588aefbf6f) C:\Windows\system32\DRIVERS\jraid.sys
09:28:21.0297 1384 JRAID - ok
09:28:21.0313 1384 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:28:21.0313 1384 kbdclass - ok
09:28:21.0328 1384 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
09:28:21.0328 1384 kbdhid - ok
09:28:21.0344 1384 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
09:28:21.0344 1384 KSecDD - ok
09:28:21.0344 1384 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
09:28:21.0360 1384 KSecPkg - ok
09:28:21.0360 1384 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:28:21.0360 1384 ksthunk - ok
09:28:21.0375 1384 libusb0 (285954c6c6ef43b78ab84034750fac6a) C:\Windows\system32\DRIVERS\libusb0.sys
09:28:21.0391 1384 libusb0 - ok
09:28:21.0406 1384 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:28:21.0406 1384 lltdio - ok
09:28:21.0422 1384 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:28:21.0422 1384 LSI_FC - ok
09:28:21.0422 1384 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:28:21.0438 1384 LSI_SAS - ok
09:28:21.0438 1384 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:28:21.0438 1384 LSI_SAS2 - ok
09:28:21.0453 1384 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:28:21.0453 1384 LSI_SCSI - ok
09:28:21.0469 1384 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:28:21.0469 1384 luafv - ok
09:28:21.0484 1384 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:28:21.0484 1384 megasas - ok
09:28:21.0500 1384 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:28:21.0500 1384 MegaSR - ok
09:28:21.0516 1384 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:28:21.0516 1384 Modem - ok
09:28:21.0531 1384 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:28:21.0531 1384 monitor - ok
09:28:21.0531 1384 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:28:21.0531 1384 mouclass - ok
09:28:21.0547 1384 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:28:21.0547 1384 mouhid - ok
09:28:21.0562 1384 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:28:21.0562 1384 mountmgr - ok
09:28:21.0578 1384 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:28:21.0578 1384 mpio - ok
09:28:21.0578 1384 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:28:21.0594 1384 mpsdrv - ok
09:28:21.0594 1384 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:28:21.0609 1384 MRxDAV - ok
09:28:21.0609 1384 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:28:21.0609 1384 mrxsmb - ok
09:28:21.0625 1384 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:28:21.0640 1384 mrxsmb10 - ok
09:28:21.0640 1384 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:28:21.0640 1384 mrxsmb20 - ok
09:28:21.0656 1384 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:28:21.0656 1384 msahci - ok
09:28:21.0672 1384 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:28:21.0672 1384 msdsm - ok
09:28:21.0687 1384 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:28:21.0687 1384 Msfs - ok
09:28:21.0703 1384 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:28:21.0703 1384 mshidkmdf - ok
09:28:21.0703 1384 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:28:21.0703 1384 msisadrv - ok
09:28:21.0718 1384 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:28:21.0718 1384 MSKSSRV - ok
09:28:21.0734 1384 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:28:21.0734 1384 MSPCLOCK - ok
09:28:21.0750 1384 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:28:21.0750 1384 MSPQM - ok
09:28:21.0765 1384 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:28:21.0765 1384 MsRPC - ok
09:28:21.0781 1384 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:28:21.0781 1384 mssmbios - ok
09:28:21.0781 1384 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:28:21.0781 1384 MSTEE - ok
09:28:21.0796 1384 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:28:21.0796 1384 MTConfig - ok
09:28:21.0812 1384 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
09:28:21.0812 1384 MTsensor - ok
09:28:21.0812 1384 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:28:21.0828 1384 Mup - ok
09:28:21.0843 1384 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:28:21.0843 1384 NativeWifiP - ok
09:28:21.0859 1384 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:28:21.0874 1384 NDIS - ok
09:28:21.0874 1384 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:28:21.0890 1384 NdisCap - ok
09:28:21.0890 1384 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:28:21.0890 1384 NdisTapi - ok
09:28:21.0906 1384 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:28:21.0906 1384 Ndisuio - ok
09:28:21.0921 1384 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:28:21.0921 1384 NdisWan - ok
09:28:21.0937 1384 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:28:21.0937 1384 NDProxy - ok
09:28:21.0952 1384 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:28:21.0952 1384 NetBIOS - ok
09:28:21.0952 1384 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:28:21.0968 1384 NetBT - ok
09:28:21.0984 1384 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:28:21.0984 1384 nfrd960 - ok
09:28:21.0999 1384 NPF (3ceee0be85d24d911b9c02714817774c) C:\Windows\system32\drivers\npf.sys
09:28:21.0999 1384 NPF - ok
09:28:22.0015 1384 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:28:22.0015 1384 Npfs - ok
09:28:22.0030 1384 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:28:22.0030 1384 nsiproxy - ok
09:28:22.0062 1384 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:28:22.0077 1384 Ntfs - ok
09:28:22.0077 1384 ntiomin - ok
09:28:22.0093 1384 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:28:22.0093 1384 Null - ok
09:28:22.0108 1384 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
09:28:22.0108 1384 nusb3hub - ok
09:28:22.0124 1384 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
09:28:22.0124 1384 nusb3xhc - ok
09:28:22.0140 1384 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
09:28:22.0140 1384 NVHDA - ok
09:28:22.0280 1384 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:28:22.0389 1384 nvlddmkm - ok
09:28:22.0405 1384 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:28:22.0405 1384 nvraid - ok
09:28:22.0405 1384 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:28:22.0420 1384 nvstor - ok
09:28:22.0436 1384 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:28:22.0436 1384 nv_agp - ok
09:28:22.0436 1384 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:28:22.0436 1384 ohci1394 - ok
09:28:22.0452 1384 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:28:22.0452 1384 Parport - ok
09:28:22.0467 1384 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:28:22.0467 1384 partmgr - ok
09:28:22.0483 1384 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:28:22.0483 1384 pci - ok
09:28:22.0498 1384 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:28:22.0498 1384 pciide - ok
09:28:22.0514 1384 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:28:22.0514 1384 pcmcia - ok
09:28:22.0530 1384 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:28:22.0530 1384 pcw - ok
09:28:22.0545 1384 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:28:22.0545 1384 PEAUTH - ok
09:28:22.0576 1384 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
09:28:22.0576 1384 Point64 - ok
09:28:22.0592 1384 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:28:22.0592 1384 PptpMiniport - ok
09:28:22.0608 1384 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:28:22.0608 1384 Processor - ok
09:28:22.0623 1384 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:28:22.0623 1384 Psched - ok
09:28:22.0639 1384 psdrv3 (5f6085e17866c1bf098c42d30a894ded) C:\Windows\system32\Drivers\psdrv3.sys
09:28:22.0639 1384 psdrv3 - ok
09:28:22.0654 1384 PSINAflt (d1901df2df073e1eb1c264a3905f4f77) C:\Windows\system32\DRIVERS\PSINAflt.sys
09:28:22.0654 1384 PSINAflt - ok
09:28:22.0670 1384 PSINFile (2377f49c39725ed0021d75136fb0f746) C:\Windows\system32\DRIVERS\PSINFile.sys
09:28:22.0670 1384 PSINFile - ok
09:28:22.0686 1384 PSINKNC (2dd99f249699d69bb5fb455a405e724a) C:\Windows\system32\DRIVERS\psinknc.sys
09:28:22.0686 1384 PSINKNC - ok
09:28:22.0701 1384 PSINProc (f8d7465cdd2a4ecae761ba8a0577d151) C:\Windows\system32\DRIVERS\PSINProc.sys
09:28:22.0701 1384 PSINProc - ok
09:28:22.0717 1384 PSINProt (8ce7ccb7ba1e79d78d25cb964dd5393e) C:\Windows\system32\DRIVERS\PSINProt.sys
09:28:22.0717 1384 PSINProt - ok
09:28:22.0748 1384 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:28:22.0748 1384 ql2300 - ok
09:28:22.0764 1384 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:28:22.0764 1384 ql40xx - ok
09:28:22.0779 1384 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:28:22.0779 1384 QWAVEdrv - ok
09:28:22.0795 1384 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:28:22.0795 1384 RasAcd - ok
09:28:22.0795 1384 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:28:22.0810 1384 RasAgileVpn - ok
09:28:22.0810 1384 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:28:22.0826 1384 Rasl2tp - ok
09:28:22.0826 1384 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:28:22.0826 1384 RasPppoe - ok
09:28:22.0842 1384 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:28:22.0842 1384 RasSstp - ok
09:28:22.0857 1384 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:28:22.0857 1384 rdbss - ok
09:28:22.0873 1384 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:28:22.0873 1384 rdpbus - ok
09:28:22.0888 1384 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:28:22.0888 1384 RDPCDD - ok
09:28:22.0904 1384 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
09:28:22.0904 1384 RDPDR - ok
09:28:22.0920 1384 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:28:22.0920 1384 RDPENCDD - ok
09:28:22.0935 1384 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:28:22.0935 1384 RDPREFMP - ok
09:28:22.0935 1384 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
09:28:22.0951 1384 RDPWD - ok
09:28:22.0951 1384 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:28:22.0966 1384 rdyboost - ok
09:28:22.0982 1384 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:28:22.0982 1384 rspndr - ok
09:28:22.0998 1384 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:28:22.0998 1384 RTL8167 - ok
09:28:23.0013 1384 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
09:28:23.0013 1384 s3cap - ok
09:28:23.0013 1384 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:28:23.0029 1384 sbp2port - ok
09:28:23.0029 1384 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:28:23.0029 1384 scfilter - ok
09:28:23.0044 1384 ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys
09:28:23.0044 1384 ScreamBAudioSvc - ok
09:28:23.0060 1384 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:28:23.0060 1384 secdrv - ok
09:28:23.0076 1384 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:28:23.0076 1384 Serenum - ok
09:28:23.0091 1384 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:28:23.0091 1384 Serial - ok
09:28:23.0107 1384 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:28:23.0107 1384 sermouse - ok
09:28:23.0122 1384 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:28:23.0122 1384 sffdisk - ok
09:28:23.0122 1384 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:28:23.0122 1384 sffp_mmc - ok
09:28:23.0138 1384 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:28:23.0138 1384 sffp_sd - ok
09:28:23.0154 1384 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:28:23.0154 1384 sfloppy - ok
09:28:23.0169 1384 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:28:23.0169 1384 SiSRaid2 - ok
09:28:23.0185 1384 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:28:23.0185 1384 SiSRaid4 - ok
09:28:23.0185 1384 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:28:23.0185 1384 Smb - ok
09:28:23.0200 1384 speedfan - ok
09:28:23.0216 1384 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:28:23.0216 1384 spldr - ok
09:28:23.0232 1384 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:28:23.0232 1384 srv - ok
09:28:23.0247 1384 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:28:23.0263 1384 srv2 - ok
09:28:23.0263 1384 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:28:23.0263 1384 srvnet - ok
09:28:23.0278 1384 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:28:23.0278 1384 stexstor - ok
09:28:23.0294 1384 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
09:28:23.0294 1384 storflt - ok
09:28:23.0310 1384 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
09:28:23.0310 1384 storvsc - ok
09:28:23.0325 1384 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:28:23.0325 1384 swenum - ok
09:28:23.0341 1384 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
09:28:23.0341 1384 taphss - ok
09:28:23.0372 1384 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:28:23.0388 1384 Tcpip - ok
09:28:23.0419 1384 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:28:23.0419 1384 TCPIP6 - ok
09:28:23.0434 1384 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:28:23.0434 1384 tcpipreg - ok
09:28:23.0450 1384 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:28:23.0450 1384 TDPIPE - ok
09:28:23.0450 1384 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:28:23.0466 1384 TDTCP - ok
09:28:23.0466 1384 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:28:23.0466 1384 tdx - ok
09:28:23.0481 1384 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:28:23.0481 1384 TermDD - ok
09:28:23.0497 1384 TfFsMon - ok
09:28:23.0497 1384 TfNetMon - ok
09:28:23.0512 1384 TfSysMon - ok
09:28:23.0528 1384 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:28:23.0528 1384 tssecsrv - ok
09:28:23.0544 1384 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:28:23.0544 1384 TsUsbFlt - ok
09:28:23.0559 1384 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:28:23.0559 1384 tunnel - ok
09:28:23.0575 1384 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:28:23.0575 1384 uagp35 - ok
09:28:23.0590 1384 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:28:23.0590 1384 udfs - ok
09:28:23.0606 1384 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:28:23.0606 1384 uliagpkx - ok
09:28:23.0622 1384 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:28:23.0622 1384 umbus - ok
09:28:23.0622 1384 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:28:23.0637 1384 UmPass - ok
09:28:23.0637 1384 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
09:28:23.0653 1384 usbaudio - ok
09:28:23.0653 1384 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:28:23.0653 1384 usbccgp - ok
09:28:23.0668 1384 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:28:23.0668 1384 usbcir - ok
09:28:23.0684 1384 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:28:23.0684 1384 usbehci - ok
09:28:23.0700 1384 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:28:23.0700 1384 usbhub - ok
09:28:23.0715 1384 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
09:28:23.0715 1384 usbohci - ok
09:28:23.0731 1384 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:28:23.0731 1384 usbprint - ok
09:28:23.0746 1384 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:28:23.0746 1384 usbscan - ok
09:28:23.0746 1384 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:28:23.0762 1384 USBSTOR - ok
09:28:23.0762 1384 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:28:23.0762 1384 usbuhci - ok
09:28:23.0778 1384 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:28:23.0778 1384 vdrvroot - ok
09:28:23.0793 1384 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:28:23.0793 1384 vga - ok
09:28:23.0809 1384 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:28:23.0809 1384 VgaSave - ok
09:28:23.0824 1384 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:28:23.0824 1384 vhdmp - ok
09:28:23.0840 1384 VIAHdAudAddService (dfdf7f9caa50ee72a633ea4bbd65a557) C:\Windows\system32\drivers\viahduaa.sys
09:28:23.0871 1384 VIAHdAudAddService - ok
09:28:23.0871 1384 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:28:23.0871 1384 viaide - ok
09:28:23.0887 1384 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
09:28:23.0887 1384 vmbus - ok
09:28:23.0902 1384 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
09:28:23.0902 1384 VMBusHID - ok
09:28:23.0918 1384 VMfilt (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\VMfilt64.sys
09:28:23.0918 1384 VMfilt - ok
09:28:23.0934 1384 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:28:23.0934 1384 volmgr - ok
09:28:23.0949 1384 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:28:23.0949 1384 volmgrx - ok
09:28:23.0965 1384 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:28:23.0965 1384 volsnap - ok
09:28:23.0980 1384 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:28:23.0980 1384 vsmraid - ok
09:28:23.0996 1384 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:28:23.0996 1384 vwifibus - ok
09:28:24.0012 1384 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:28:24.0012 1384 vwififlt - ok
09:28:24.0027 1384 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:28:24.0027 1384 WacomPen - ok
09:28:24.0043 1384 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:28:24.0043 1384 WANARP - ok
09:28:24.0043 1384 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:28:24.0043 1384 Wanarpv6 - ok
09:28:24.0058 1384 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:28:24.0058 1384 Wd - ok
09:28:24.0074 1384 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:28:24.0090 1384 Wdf01000 - ok
09:28:24.0105 1384 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:28:24.0105 1384 WfpLwf - ok
09:28:24.0121 1384 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:28:24.0121 1384 WIMMount - ok
09:28:24.0136 1384 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:28:24.0136 1384 WinUsb - ok
09:28:24.0152 1384 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:28:24.0152 1384 WmiAcpi - ok
09:28:24.0168 1384 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:28:24.0168 1384 ws2ifsl - ok
09:28:24.0183 1384 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:28:24.0199 1384 WudfPf - ok
09:28:24.0199 1384 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:28:24.0214 1384 WUDFRd - ok
09:28:24.0230 1384 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
09:28:24.0230 1384 xusb21 - ok
09:28:24.0246 1384 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
09:28:24.0246 1384 yukonw7 - ok
09:28:24.0261 1384 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:28:24.0261 1384 \Device\Harddisk0\DR0 - ok
09:28:24.0277 1384 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
09:28:24.0277 1384 \Device\Harddisk1\DR1 - ok
09:28:24.0308 1384 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
09:28:24.0308 1384 \Device\Harddisk2\DR2 - ok
09:28:24.0308 1384 Boot (0x1200) (bff5fc093e0a3f5098e467d9b80e6fec) \Device\Harddisk0\DR0\Partition0
09:28:24.0308 1384 \Device\Harddisk0\DR0\Partition0 - ok
09:28:24.0308 1384 Boot (0x1200) (ef7479135f6458a755cce20dd07d85a6) \Device\Harddisk0\DR0\Partition1
09:28:24.0308 1384 \Device\Harddisk0\DR0\Partition1 - ok
09:28:24.0308 1384 ============================================================
09:28:24.0308 1384 Scan finished
09:28:24.0308 1384 ============================================================
09:28:24.0324 6000 Detected object count: 0
09:28:24.0324 6000 Actual detected object count: 0




And lastly MBAM:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4345

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

1/23/2012 9:44:47 AM
mbam-log-2012-01-23 (09-44-47).txt

Scan type: Quick scan
Objects scanned: 143684
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




I Believe that's everything. Thanks for the help and I hope we can get this beat!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 23 January 2012 - 08:54 PM

Hello, first MBAM did not update, you show Ver 1.46 its at 1.60

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 red402

red402
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 24 January 2012 - 02:29 PM

Hello, sorry about the update problem.
I don't use firefox regularly but do occasionally, my main browser is Google Chrome and I access the internet from my neighbors router, from which he gave me the password to use, and I'm not currently on a router system, sorry if I forgot to mention that stuff.

Here's the MBAM log,


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mando's Machine :: MANDOSMACHINE [administrator]

1/24/2012 1:14:06 PM
mbam-log-2012-01-24 (13-14-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206763
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Mando's Machine\Downloads\SoftonicDownloader_for_xvid-codec.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.

(end)



Now this is something I now just remembered after reading the log, I used to have problems with it taking me to a site called startsear.ch as seen in the log file
" Bad: (http://startsear.ch/?aff=1)" so I was thinking it was fixed, but after MBAM rebooted my pc to finish removing the malware I opening google chrome and it still took me to "http://www.google.com/search.php" or "urlseek.vmn.net" as its mysteriously called in my browsing history...

Well anyway I hope this helps. Thanks for the reply and I hope to soon be Hijack free!

Edited by red402, 24 January 2012 - 02:43 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 24 January 2012 - 09:27 PM

do you know if the neighbor has redirects? If he does than the router is the carrier.

we should still look for rootkits.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 red402

red402
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 25 January 2012 - 03:59 PM

Hello! Firstly, to answer your question i don't know if my neighbor is having the redirect problems or not since he rarely uses the internet. Something interesting did happen though when trying to go to my homepage yesterday a new website showed up it was called pandadomainadvisor.com or something like that, So I uninstalled Panda cloud antivirus and it no longer redirected me. I tried changing my homepage to nfl.com and so far no redirects to weird websites. In regard to the GMER scan it found a bunch of stuff and then froze and had to be closed then when i tried to rerun it the scan and log came up empty because it didn't find anything.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 25 January 2012 - 05:04 PM

I say it's OK as everything else was clean.. Remove All the older java apps I see,reboot and install Java 7 for 64 bit.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 red402

red402
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 26 January 2012 - 03:39 PM

Thanks for the help i really appreciated it I'll uninstall my old java and install java 7. Thanks again!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 26 January 2012 - 07:10 PM

You are very welcome! Once you have all that done you have a clean and updated machine. Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users