Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet Another Google Redirect!


  • Please log in to reply
9 replies to this topic

#1 Wufflykins

Wufflykins

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 26 December 2011 - 05:39 AM

I'll just start this out by thanking anyone in advance for the help; I'm fixing my little brother's PC and I'm in a little over my head, it seems he's contracted a Google redirect virus (affecting both Firefox and IE) and nothing seems to pick up the little sucker. In addition to that I'm also getting the occasional popup (even as I type this) little boxes telling me I've won an iPad two and other such lunacy.

Posting below logs from: Security Check, MiniToolBox, GMER, Goored and Three logs from MBAM (becuase two of the scans at different times showed infections and one from today is clean).

Addendum: The PC is operating 64bit Windows 7 and Avast! Free AntiVirus. Symptoms of the virus are the popups (they are plain text describing offers and congratulations) and the Google link redirects (basically click on a google link and get sent to some advertising).

Here goes:

Security Check

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
King's Bounty: Armored Princess
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 23
Java™ SE Development Kit 6 Update 20
Out of date Java installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

MiniToolBox

MiniToolBox by Farbar
Ran by Broxigar (administrator) on 26-12-2011 at 18:59:34
Microsoft Windows 7 Professional (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

0.0.0.0 sams.nikonimaging.com

127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com

There are 2 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

RangeMax Wireless-N USB Adapter WN111v2 = Wireless Network Connection 3 (Connected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) = Local Area Connection (Hardware not present)
MAC Bridge Miniport = Network Bridge (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Wireless Network Connection 3" nexthop=10.0.0.138 publish=Yes
add address name="Wireless Network Connection 3" address=10.0.0.44


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mustavei
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : RangeMax Wireless-N USB Adapter WN111v2
Physical Address. . . . . . . . . : 00-24-B2-51-2C-10
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d428:c110:deeb:ab99%15(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.44(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.138
DHCPv6 IAID . . . . . . . . . . . : 318776498
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-5F-17-B3-00-24-8C-9B-26-A9
DNS Servers . . . . . . . . . . . : 211.29.132.12
198.142.0.51
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2030:11a6:8344:f2a4(Preferred)
Link-local IPv6 Address . . . . . : fe80::2030:11a6:8344:f2a4%25(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{0EB3C2D1-DD51-4B7A-A572-4117F4482AE0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 211.29.132.12

Name: google.com
Addresses: 74.125.237.148
74.125.237.144
74.125.237.145
74.125.237.146
74.125.237.147


Pinging google.com [74.125.237.16] with 32 bytes of data:
Reply from 74.125.237.16: bytes=32 time=36ms TTL=51
Reply from 74.125.237.16: bytes=32 time=36ms TTL=51

Ping statistics for 74.125.237.16:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 36ms, Average = 36ms
Server: dns.mas.optusnet.com.au
Address: 211.29.132.12

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=260ms TTL=46
Reply from 209.191.122.70: bytes=32 time=261ms TTL=46

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 260ms, Maximum = 261ms, Average = 260ms
Server: dns.mas.optusnet.com.au
Address: 211.29.132.12

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 24 b2 51 2c 10 ......RangeMax Wireless-N USB Adapter WN111v2
1...........................Software Loopback Interface 1
25...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.44 281
10.0.0.0 255.255.255.0 On-link 10.0.0.44 281
10.0.0.44 255.255.255.255 On-link 10.0.0.44 281
10.0.0.255 255.255.255.255 On-link 10.0.0.44 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.44 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.44 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.0.0.138 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
25 58 ::/0 On-link
1 306 ::1/128 On-link
25 58 2001::/32 On-link
25 306 2001:0:4137:9e76:2030:11a6:8344:f2a4/128
On-link
15 281 fe80::/64 On-link
25 306 fe80::/64 On-link
25 306 fe80::2030:11a6:8344:f2a4/128
On-link
15 281 fe80::d428:c110:deeb:ab99/128
On-link
1 306 ff00::/8 On-link
25 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 17 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 18 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [449496] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/26/2011 03:10:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (12/26/2011 03:08:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/25/2011 06:53:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 9.0.1.4371, time stamp: 0x4ef15e74
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00278c67
Faulting process id: 0x2284
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/25/2011 06:53:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 9.0.1.4371, time stamp: 0x4ef15e74
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00438c67
Faulting process id: 0x1484
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/25/2011 06:52:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 9.0.1.4371, time stamp: 0x4ef15e74
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x005e8c67
Faulting process id: 0x1f80
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/25/2011 06:51:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 9.0.1.4371, time stamp: 0x4ef15e74
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00428c67
Faulting process id: 0x175c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/25/2011 02:34:22 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (12/25/2011 02:32:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/24/2011 10:05:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 2.0.4.0, time stamp: 0x4cae1be1
Faulting module name: PCTLsp.dll, version: 1.0.112.0, time stamp: 0x4d069f3a
Exception code: 0xc0000005
Fault offset: 0x00004a84
Faulting process id: 0x828
Faulting application start time: 0xmDNSResponder.exe0
Faulting application path: mDNSResponder.exe1
Faulting module path: mDNSResponder.exe2
Report Id: mDNSResponder.exe3

Error: (12/24/2011 01:40:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.


System errors:
=============
Error: (12/26/2011 06:51:34 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (12/26/2011 06:51:34 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (12/26/2011 06:51:30 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (12/26/2011 06:51:30 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (12/26/2011 06:51:22 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (12/26/2011 06:51:22 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (12/26/2011 06:51:19 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (12/26/2011 06:51:19 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (12/25/2011 09:06:21 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (12/25/2011 09:00:44 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe Acrobat 9 Pro - English, Russian (Version: 9.3.4)
Adobe AIR (Version: 1.5.3.9130)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Community Help (Version: 2.5.2)
Adobe Community Help (Version: 2.5.2.320)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.50.426)
Adobe Flash Player 10 Plugin (Version: 10.1.50.426)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Player (Version: 1.8)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop Lightroom 3.2 64-bit (Version: 3.2.1)
Adobe Reader 9.4.1 (Version: 9.4.1)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000)
Age of Empires III - The WarChiefs (Version: 1.00.0000)
Age of Empires III (Version: 1.00.0000)
Air Video Server 2.4.3 (Version: 2.4.3)
Aiseesoft DVD to iPhone Suite
Alien Swarm
AN VPN Tool 2.2.1 (Version: 2.2.1)
ANIWZCS2 Service
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.2.120)
ArcSoft TotalMedia 3.5
ArtMoney SE v7.37.2 (Version: 7.37)
Assassin's Creed (Version: 1.02)
Assassin's Creed II
µTorrent (Version: 2.2.0)
Audiosurf
AV Voice Changer Software DIAMOND 6.0
avast! Free Antivirus (Version: 6.0.1367.0)
BANDITS - Phoenix Rising
Beat Hazard
BioShock
BioShock 2
BIT.TRIP BEAT
Bonjour (Version: 2.0.4.0)
Call of Duty® - World at War™ (Version: 1.0)
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Call of Juarez: Bound in Blood
Call of Pripyat Complete v1.0
Canon Inkjet Printer Driver Add-On Module
Capture NX 2 (Version: 2.2.4)
CCleaner (Version: 3.14)
CDDRV_Installer (Version: 4.60)
Cheat Engine 5.6
Click to Call with Skype (Version: 5.6.8153)
Command and Conquer 4: Tiberian Twilight
D-Link Wireless G DWA-110
Darkest Hour Server
Darkest Hour: Europe '44-'45
dBpoweramp FLAC Codec
dBpoweramp m4a Codec (Version: Release 14)
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec (Version: Release 21 (Vorbis v1.3.2))
Dead Island
Demolition, Inc.
Deus Ex: Game of the Year Edition
Deus Ex: Human Revolution
Deus Ex: Invisible War
Diablo II
Digital Guitar Tuner 2.3
Dragon Age II (Version: 1.02)
Driver Install 64-bit (Version: 1.00.0000)
Dungeon Siege III
DVD Decrypter (Remove Only)
DVDx 2 (Version: 2.20)
e-tax 2010 (Version: 1.0.682)
e-tax 2011 (Version: 9.1.650)
Emperor: Battle For Dune
Empire: Total War
erLT (Version: 1.20.137.31)
Eschalon Book 1 v1.0
EXPERTool 7.11
Fallout Mod Manager 0.11.9
Fallout Mod Manager 0.13.21
Fallout: New Vegas
FastStone Image Viewer 4.6 (Version: 4.6)
Free M4a to MP3 Converter 6.1
Free Video to iPhone Converter version 3.3.4.920
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Guitar Pro 5.2
Haali Media Splitter
Hero Editor V1.03
HiJackThis (Version: 1.0.0)
Hitman Pro 3.5 (Version: 3.5.9.131)
HP USB Disk Storage Format Tool
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (64-bit) (Version: 6.0.230)
Java™ 6 Update 23 (Version: 6.0.230)
Java™ SE Development Kit 6 Update 20 (Version: 1.6.0.200)
K-Lite Mega Codec Pack 6.5.0 (Version: 6.5.0)
KhalInstallWrapper (Version: 2.00.0000)
Killing Floor
King's Bounty: Armored Princess
King's Bounty: The Legend
Lead and Gold: Gangs of the Wild West
Left 4 Dead
Logitech G35 (Version: 1.1.178)
Logitech SetPoint (Version: 4.80)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Magicka
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Mare Nostrum
Mass Effect
Mass Effect 2
Mass Effect 2 (Version: 1.02)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft DirectX SDK (March 2009) (Version: 9.26.1590.0)
Microsoft Games for Windows - LIVE (Version: 3.3.24.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.2.3.0)
Microsoft Halo
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft_VC80_ATL_x86 (Version: 1.00.0000)
Microsoft_VC80_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC80_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MorphVOX Pro (Version: 4.3.3)
Mount & Blade: With Fire and Sword
Mount and Blade
Mount&Blade: Warband
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Neverwinter Nights 2: Platinum
Nexus Mod Manager (Version: 0.12.18)
Nikon Message Center (Version: 0.92.000)
Notepad++ (Version: 5.8.7)
NVIDIA 3D Vision Driver 266.58 (Version: 266.58)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA HD Audio Driver 1.1.13.1 (Version: 1.1.13.1)
NVIDIA Install Application (Version: 2.265.36.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6658)
Oblivion mod manager 1.1.12
OpenAL
Patrician III
Patrician IV: Steam Special Edition
PDF Settings (Version: 1.0)
PDF Settings CS5 (Version: 10.0)
Picture Control Utility (Version: 1.1.9)
Platform (Version: 1.34)
Portal
Prince of Persia: The Forgotten Sands
PunkBuster Services (Version: 0.988)
PxMergeModule (Version: 1.00.0000)
QuickTime (Version: 7.69.80.9)
RangeMax Wireless-N USB Adapter WN111v2 (Version: 3.0.0.3)
Red Orchestra: Ostfront 41-45
Rhythm Zone
S.T.A.L.K.E.R.: Call of Pripyat
S.T.A.L.K.E.R.: Shadow of Chernobyl
Serviio
Sibelius 5 (Version: 5.0.0)
Skype™ 5.5 (Version: 5.5.119)
Smart Technology Programming Software 7.0.2.7 (Version: 7.0.2.7)
Spyware Doctor 8.0 (Version: 8.0)
Stalker Complete 2009 v1.4.4
Steam (Version: 1.0.0.0)
Supreme Commander 2
Switch Sound File Converter
Synthesia (remove only)
System Requirements Lab
The Elder Scrolls IV: Oblivion
The Polynomial
The Witcher 2 (Version: 1.00.0000)
Thief: Deadly Shadows
Tom Clancy's Splinter Cell: Conviction
Torchlight
TreeSize Free V2.5 (Version: 2.5)
TVersity Codec Pack 1.4 (Version: 1.4)
Ubisoft Game Launcher (Version: 1.0.0.0)
UE3Redist (Version: 1.00.0000)
Unofficial Oblivion Patch v3.2.0 (Version: 3.2.0)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
VIA Platform Device Manager (Version: 1.34)
VLC media player 1.0.5 (Version: 1.0.5)
Vuze (Version: 4.7)
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
Warzone 2100 (Version: 2.3.4)
Winamp (Version: 5.622 )
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
Windows7 RTM 7600 x86 & 64bit (Version: 1.0)
WinRAR archiver
Worms Reloaded
Your Freedom 20101218-01

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 4095.18 MB
Available physical RAM: 2258.83 MB
Total Pagefile: 8188.51 MB
Available Pagefile: 5698.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.92 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.76 GB) (Free:18.26 GB) NTFS
3 Drive d: () (Fixed) (Total:465.76 GB) (Free:15.85 GB) NTFS
8 Drive i: (CS5 Master Coll1) (CDROM) (Total:5.13 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\MUSTAVEI

Administrator Broxigar Guest


**** End of log ****

GMER.EXE

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-26 20:06:19
Windows 6.1.7600
Running: 4yvjoy80.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002720fea8c
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x77 0x7B 0x30 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF0 0x9E 0xE7 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0xD7 0x5E 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xEF 0xCE 0x71 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xEF 0xCE 0x71 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xEF 0xCE 0x71 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002720fea8c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x26 0x9D 0xC5 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF0 0x9E 0xE7 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0xD7 0x5E 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xEF 0xCE 0x71 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0xEF 0xCE 0x71 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0xEF 0xCE 0x71 0x95 ...

---- EOF - GMER 1.0.15 ----

And the logs from MBAM!

Log One:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8384

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/12/2011 9:11:37 AM
mbam-log-2011-12-18 (09-11-37).txt

Scan type: Quick scan
Objects scanned: 182575
Time elapsed: 10 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Log Two:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8385

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/12/2011 8:38:39 AM
mbam-log-2011-12-19 (08-38-39).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 571222
Time elapsed: 2 hour(s), 13 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\dragon age 2\bin_ship\dragon age ii v1.02 + 11 trainer.exe (HackTool.GamesCheat) -> Not selected for removal.
c:\Users\Broxigar\AppData\LocalLow\Sun\Java\deployment\cache\6.0\25\c015bd9-2ccdc7dc (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Broxigar\AppData\LocalLow\Sun\Java\deployment\cache\6.0\39\d988767-6e712980 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Broxigar\AppData\LocalLow\Sun\Java\deployment\cache\6.0\57\69c67a39-31ecf2b5 (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Broxigar\downloads\sibelius v5.0\BLESSiNG.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\documents\my downloads\setupregkill2702.exe (Adware.CommonName) -> Quarantined and deleted successfully.
d:\isos and install files\adobe photoshop cs5 extended 12.0.0 final [multi][www.zonatorrent.com]\keygen ps.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Log 3:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122602

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26/12/2011 7:10:27 PM
mbam-log-2011-12-26 (19-10-27).txt

Scan type: Quick scan
Objects scanned: 181481
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And Goored:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:35 on 26/12/2011 (Broxigar)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [11:06 02/06/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:42 21/12/2011]

C:\Users\Broxigar\Application Data\Mozilla\Firefox\Profiles\3drtyrgh.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}"="C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}" [04:24 06/10/2011]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [01:51 15/12/2011]

-=E.O.F=-

Edited by Wufflykins, 26 December 2011 - 05:52 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 PM

Posted 26 December 2011 - 03:37 PM

Hello and welcome.. Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

Lets do these and see how it is after.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Wufflykins

Wufflykins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 27 December 2011 - 04:07 AM

Thanks for the quick response Boopme;

Couldn't get TDSSkiller to run unfortunately, will need a little guidance with that one. I tried running it before and after the ESET Scan as well just for safe measure.
The computer has been on a network, though it's isolated now and no other computers connected have produced symptoms. It is running firefox as (I'm guessing) it's primary browser.

After a cursory check it seems the redirects have stopped, but I'll do a more thorough check later tonight when I'm home next.

Addendum: Upon restarting the PC the redirects are back in full swing, if they ever stopped.


Logs for ESET Online are as follows:

C:\Program Files (x86)\The Witcher 2\bin\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6d0f390c-1938b8b8 multiple threats deleted - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\748117de-4f855d52 Java/Exploit.CVE-2011-3544.D trojan deleted - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\ece84e3-6ad2b00c Java/Exploit.CVE-2009-3867.AL trojan deleted - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\4f2583eb-2e0cadc9 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan deleted - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78b71d6b-2073f69b Java/Agent.DW trojan deleted - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\3d6120b0-723428ef a variant of Java/TrojanDownloader.OpenConnection.AQ trojan deleted - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\52614f75-4e3eb674 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\68c2ab38-5edac79c multiple threats deleted - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\30c92f3c-532f0a9f a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4a5bb93f-227cebbf multiple threats deleted - quarantined
C:\Users\Broxigar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\75b565bf-441be2e9 Java/TrojanDownloader.Agent.NBE trojan deleted - quarantined
C:\Users\Broxigar\Downloads\cnet_ev020hsw_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\Documents\Random Executables\COMMAND.AND.CONQUER.3.TW.KE.PLUS3TRN.RAZOR1911.ZIP probably a variant of Win32/Agent.JEIYBJM trojan deleted - quarantined
D:\Documents\Random Executables\pwz-nwn2.exe probably a variant of Win32/VB.KTTUDTT trojan cleaned by deleting - quarantined
D:\ISOS and Install Files\Aircrack\Windows 7\SLIC_Dump_ToolKit.EXE a variant of Win32/Packed.FlyStudio application cleaned by deleting - quarantined
D:\ISOS and Install Files\The.Witcher.2.Assassins.of.Kings-SKIDROW\DVD2\sr-tw2b.iso a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined

Edited by Wufflykins, 27 December 2011 - 08:46 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 PM

Posted 27 December 2011 - 11:39 AM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or

turn on Windows XP System Restore

Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Wufflykins

Wufflykins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 28 December 2011 - 07:44 AM

I've run the Fix and the Scan Results I got was as follows:

"***Infected MBR Detected"

The options it gives me are repair and close, going to click close for now (better to wait for your response I feel).

Addendum: After closing the Fixer without repairing I've started to get BSOD's, about three in the last hour.

Edited by Wufflykins, 28 December 2011 - 09:13 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 PM

Posted 28 December 2011 - 11:22 AM

Do the repair please.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Wufflykins

Wufflykins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 28 December 2011 - 12:38 PM

Repair was successful and was now able to scan with TDSSKiller; the program did not request a restart/reboot.

Report for TDSSKiller is as follows:

03:34:05.0969 5048 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
03:34:06.0967 5048 ============================================================
03:34:06.0967 5048 Current date / time: 2011/12/29 03:34:06.0967
03:34:06.0967 5048 SystemInfo:
03:34:06.0967 5048
03:34:06.0967 5048 OS Version: 6.1.7600 ServicePack: 0.0
03:34:06.0967 5048 Product type: Workstation
03:34:06.0967 5048 ComputerName: MUSTAVEI
03:34:06.0967 5048 UserName: Broxigar
03:34:06.0967 5048 Windows directory: C:\Windows
03:34:06.0967 5048 System windows directory: C:\Windows
03:34:06.0967 5048 Running under WOW64
03:34:06.0967 5048 Processor architecture: Intel x64
03:34:06.0967 5048 Number of processors: 4
03:34:06.0967 5048 Page size: 0x1000
03:34:06.0967 5048 Boot type: Normal boot
03:34:06.0967 5048 ============================================================
03:34:22.0365 5048 Initialize success
03:34:36.0171 2252 ============================================================
03:34:36.0171 2252 Scan started
03:34:36.0171 2252 Mode: Manual;
03:34:36.0171 2252 ============================================================
03:34:38.0402 2252 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
03:34:38.0433 2252 1394ohci - ok
03:34:38.0995 2252 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
03:34:39.0010 2252 ACPI - ok
03:34:39.0151 2252 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
03:34:39.0151 2252 AcpiPmi - ok
03:34:39.0354 2252 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
03:34:39.0369 2252 adp94xx - ok
03:34:39.0915 2252 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
03:34:39.0962 2252 adpahci - ok
03:34:40.0773 2252 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
03:34:40.0836 2252 adpu320 - ok
03:34:40.0898 2252 Afc - ok
03:34:41.0678 2252 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
03:34:41.0740 2252 AFD - ok
03:34:42.0427 2252 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
03:34:42.0614 2252 agp440 - ok
03:34:43.0893 2252 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
03:34:44.0127 2252 aliide - ok
03:34:45.0141 2252 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
03:34:45.0219 2252 amdide - ok
03:34:46.0389 2252 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
03:34:46.0452 2252 AmdK8 - ok
03:34:47.0310 2252 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
03:34:47.0388 2252 AmdPPM - ok
03:34:48.0355 2252 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
03:34:48.0386 2252 amdsata - ok
03:34:49.0119 2252 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
03:34:49.0197 2252 amdsbs - ok
03:34:50.0008 2252 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
03:34:50.0055 2252 amdxata - ok
03:34:50.0773 2252 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
03:34:50.0835 2252 AppID - ok
03:34:51.0834 2252 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
03:34:51.0958 2252 arc - ok
03:34:52.0520 2252 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
03:34:52.0567 2252 arcsas - ok
03:34:53.0487 2252 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
03:34:53.0487 2252 aswFsBlk - ok
03:34:54.0704 2252 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
03:34:54.0704 2252 aswMonFlt - ok
03:34:55.0874 2252 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
03:34:55.0936 2252 aswRdr - ok
03:34:57.0886 2252 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
03:34:57.0886 2252 aswSnx - ok
03:34:59.0072 2252 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
03:34:59.0072 2252 aswSP - ok
03:35:00.0336 2252 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
03:35:00.0429 2252 aswTdi - ok
03:35:01.0474 2252 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
03:35:01.0568 2252 AsyncMac - ok
03:35:02.0800 2252 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
03:35:02.0800 2252 atapi - ok
03:35:04.0111 2252 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
03:35:04.0111 2252 atksgt - ok
03:35:06.0123 2252 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
03:35:06.0326 2252 b06bdrv - ok
03:35:07.0777 2252 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
03:35:07.0902 2252 b57nd60a - ok
03:35:09.0524 2252 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
03:35:09.0587 2252 Beep - ok
03:35:10.0959 2252 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
03:35:11.0022 2252 blbdrive - ok
03:35:12.0145 2252 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
03:35:12.0192 2252 bowser - ok
03:35:13.0159 2252 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:35:13.0221 2252 BrFiltLo - ok
03:35:14.0095 2252 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:35:14.0111 2252 BrFiltUp - ok
03:35:15.0203 2252 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
03:35:15.0218 2252 Bridge - ok
03:35:15.0296 2252 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
03:35:15.0296 2252 BridgeMP - ok
03:35:15.0561 2252 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
03:35:15.0561 2252 Brserid - ok
03:35:15.0655 2252 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
03:35:15.0686 2252 BrSerWdm - ok
03:35:15.0951 2252 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:35:15.0967 2252 BrUsbMdm - ok
03:35:16.0279 2252 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
03:35:16.0341 2252 BrUsbSer - ok
03:35:16.0809 2252 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
03:35:16.0856 2252 BthEnum - ok
03:35:17.0215 2252 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
03:35:17.0215 2252 BTHMODEM - ok
03:35:17.0714 2252 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
03:35:17.0777 2252 BthPan - ok
03:35:18.0120 2252 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
03:35:18.0182 2252 BTHPORT - ok
03:35:18.0510 2252 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
03:35:18.0541 2252 BTHUSB - ok
03:35:19.0243 2252 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS
03:35:19.0243 2252 Cardex - ok
03:35:19.0805 2252 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
03:35:19.0820 2252 cdfs - ok
03:35:20.0179 2252 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
03:35:20.0226 2252 cdrom - ok
03:35:20.0663 2252 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
03:35:20.0709 2252 circlass - ok
03:35:21.0505 2252 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
03:35:21.0599 2252 CLFS - ok
03:35:22.0051 2252 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
03:35:22.0067 2252 CmBatt - ok
03:35:22.0223 2252 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
03:35:22.0238 2252 cmdide - ok
03:35:22.0347 2252 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
03:35:22.0394 2252 CNG - ok
03:35:22.0441 2252 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
03:35:22.0441 2252 Compbatt - ok
03:35:22.0503 2252 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
03:35:22.0503 2252 CompositeBus - ok
03:35:22.0566 2252 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
03:35:22.0566 2252 crcdisk - ok
03:35:22.0706 2252 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
03:35:22.0737 2252 CSC - ok
03:35:22.0831 2252 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
03:35:22.0831 2252 DfsC - ok
03:35:22.0893 2252 DFUBTUSB (b49e99c0860e73cd3d54ecba1f236dfd) C:\Windows\system32\Drivers\frmupgr.sys
03:35:22.0909 2252 DFUBTUSB - ok
03:35:23.0018 2252 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
03:35:23.0018 2252 discache - ok
03:35:23.0159 2252 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
03:35:23.0159 2252 Disk - ok
03:35:23.0221 2252 DNIMp50a64 - ok
03:35:23.0268 2252 DNISp50a64 - ok
03:35:23.0471 2252 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
03:35:23.0471 2252 drmkaud - ok
03:35:23.0533 2252 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
03:35:23.0580 2252 DXGKrnl - ok
03:35:24.0141 2252 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
03:35:24.0204 2252 ebdrv - ok
03:35:24.0282 2252 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
03:35:24.0313 2252 elxstor - ok
03:35:24.0329 2252 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
03:35:24.0329 2252 ErrDev - ok
03:35:24.0407 2252 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
03:35:24.0407 2252 exfat - ok
03:35:24.0469 2252 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
03:35:24.0469 2252 fastfat - ok
03:35:24.0547 2252 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
03:35:24.0547 2252 fdc - ok
03:35:24.0609 2252 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
03:35:24.0625 2252 FileInfo - ok
03:35:24.0672 2252 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
03:35:24.0687 2252 Filetrace - ok
03:35:24.0750 2252 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
03:35:24.0765 2252 flpydisk - ok
03:35:24.0812 2252 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
03:35:24.0828 2252 FltMgr - ok
03:35:24.0890 2252 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
03:35:24.0921 2252 FsDepends - ok
03:35:24.0953 2252 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
03:35:24.0953 2252 Fs_Rec - ok
03:35:24.0984 2252 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
03:35:24.0999 2252 fvevol - ok
03:35:25.0015 2252 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:35:25.0015 2252 gagp30kx - ok
03:35:25.0109 2252 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:35:25.0109 2252 GEARAspiWDM - ok
03:35:25.0202 2252 gt98 - ok
03:35:25.0233 2252 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
03:35:25.0249 2252 hcw85cir - ok
03:35:25.0343 2252 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
03:35:25.0358 2252 HdAudAddService - ok
03:35:25.0421 2252 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:35:25.0421 2252 HDAudBus - ok
03:35:25.0452 2252 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
03:35:25.0452 2252 HidBatt - ok
03:35:25.0499 2252 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
03:35:25.0499 2252 HidBth - ok
03:35:25.0514 2252 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
03:35:25.0514 2252 HidIr - ok
03:35:25.0592 2252 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
03:35:25.0608 2252 HidUsb - ok
03:35:25.0639 2252 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
03:35:25.0639 2252 HpSAMD - ok
03:35:25.0686 2252 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
03:35:25.0701 2252 HTTP - ok
03:35:25.0733 2252 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
03:35:25.0733 2252 hwpolicy - ok
03:35:25.0748 2252 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
03:35:25.0764 2252 i8042prt - ok
03:35:25.0779 2252 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
03:35:25.0795 2252 iaStorV - ok
03:35:25.0842 2252 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
03:35:25.0842 2252 iirsp - ok
03:35:25.0889 2252 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
03:35:25.0904 2252 intelide - ok
03:35:25.0920 2252 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
03:35:25.0935 2252 intelppm - ok
03:35:25.0951 2252 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:35:25.0951 2252 IpFilterDriver - ok
03:35:25.0967 2252 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
03:35:25.0967 2252 IPMIDRV - ok
03:35:25.0998 2252 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
03:35:25.0998 2252 IPNAT - ok
03:35:26.0029 2252 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
03:35:26.0029 2252 IRENUM - ok
03:35:26.0060 2252 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
03:35:26.0060 2252 isapnp - ok
03:35:26.0123 2252 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
03:35:26.0138 2252 iScsiPrt - ok
03:35:26.0279 2252 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
03:35:26.0279 2252 JSWPSLWF - ok
03:35:26.0310 2252 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
03:35:26.0310 2252 kbdclass - ok
03:35:26.0341 2252 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
03:35:26.0341 2252 kbdhid - ok
03:35:26.0372 2252 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
03:35:26.0372 2252 KSecDD - ok
03:35:26.0388 2252 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
03:35:26.0388 2252 KSecPkg - ok
03:35:26.0419 2252 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
03:35:26.0419 2252 ksthunk - ok
03:35:26.0450 2252 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
03:35:26.0466 2252 L1E - ok
03:35:26.0513 2252 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
03:35:26.0513 2252 L8042Kbd - ok
03:35:26.0544 2252 L8042mou (a6fe2e63441094074f57243fb0fdb45a) C:\Windows\system32\DRIVERS\L8042mou.Sys
03:35:26.0544 2252 L8042mou - ok
03:35:26.0606 2252 LADF_DHP2 (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
03:35:26.0606 2252 LADF_DHP2 - ok
03:35:26.0637 2252 LADF_SBVM (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
03:35:26.0637 2252 LADF_SBVM - ok
03:35:26.0762 2252 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
03:35:26.0762 2252 LHidFilt - ok
03:35:26.0840 2252 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
03:35:26.0840 2252 lirsgt - ok
03:35:26.0903 2252 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
03:35:26.0903 2252 lltdio - ok
03:35:26.0934 2252 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
03:35:26.0949 2252 LMouFilt - ok
03:35:26.0996 2252 LMouKE (f518c34c137348b7dbe5343acc646a1c) C:\Windows\system32\DRIVERS\LMouKE.Sys
03:35:27.0012 2252 LMouKE - ok
03:35:27.0043 2252 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:35:27.0043 2252 LSI_FC - ok
03:35:27.0059 2252 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:35:27.0059 2252 LSI_SAS - ok
03:35:27.0074 2252 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:35:27.0074 2252 LSI_SAS2 - ok
03:35:27.0090 2252 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:35:27.0105 2252 LSI_SCSI - ok
03:35:27.0121 2252 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
03:35:27.0121 2252 luafv - ok
03:35:27.0168 2252 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
03:35:27.0168 2252 LUsbFilt - ok
03:35:27.0308 2252 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
03:35:27.0308 2252 LVPr2M64 - ok
03:35:27.0339 2252 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
03:35:27.0339 2252 LVPr2Mon - ok
03:35:27.0480 2252 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
03:35:27.0495 2252 LVRS64 - ok
03:35:27.0979 2252 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
03:35:28.0041 2252 LVUVC64 - ok
03:35:28.0260 2252 MBAMProtector - ok
03:35:28.0353 2252 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
03:35:28.0369 2252 megasas - ok
03:35:28.0400 2252 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
03:35:28.0416 2252 MegaSR - ok
03:35:28.0603 2252 mod7700 (da02eaf8182773a3ace5e58d5b2e5007) C:\Windows\system32\DRIVERS\mod7700.sys
03:35:28.0634 2252 mod7700 - ok
03:35:28.0665 2252 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
03:35:28.0665 2252 Modem - ok
03:35:28.0743 2252 MODRC (7071044fbcb23b47177e866a4f2ee802) C:\Windows\system32\DRIVERS\modrc.sys
03:35:28.0759 2252 MODRC - ok
03:35:28.0775 2252 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
03:35:28.0775 2252 monitor - ok
03:35:28.0853 2252 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
03:35:28.0853 2252 mouclass - ok
03:35:28.0962 2252 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
03:35:28.0962 2252 mouhid - ok
03:35:28.0993 2252 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
03:35:28.0993 2252 mountmgr - ok
03:35:29.0024 2252 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
03:35:29.0040 2252 mpio - ok
03:35:29.0055 2252 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
03:35:29.0055 2252 mpsdrv - ok
03:35:29.0087 2252 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
03:35:29.0087 2252 MRxDAV - ok
03:35:29.0118 2252 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:35:29.0118 2252 mrxsmb - ok
03:35:29.0165 2252 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:35:29.0180 2252 mrxsmb10 - ok
03:35:29.0227 2252 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:35:29.0227 2252 mrxsmb20 - ok
03:35:29.0274 2252 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
03:35:29.0274 2252 msahci - ok
03:35:29.0289 2252 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
03:35:29.0289 2252 msdsm - ok
03:35:29.0352 2252 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
03:35:29.0352 2252 Msfs - ok
03:35:29.0352 2252 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
03:35:29.0367 2252 mshidkmdf - ok
03:35:29.0367 2252 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
03:35:29.0383 2252 msisadrv - ok
03:35:29.0430 2252 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
03:35:29.0445 2252 MSKSSRV - ok
03:35:29.0492 2252 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
03:35:29.0508 2252 MSPCLOCK - ok
03:35:29.0555 2252 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
03:35:29.0555 2252 MSPQM - ok
03:35:29.0789 2252 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
03:35:29.0789 2252 MsRPC - ok
03:35:29.0820 2252 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
03:35:29.0820 2252 mssmbios - ok
03:35:29.0851 2252 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
03:35:29.0867 2252 MSTEE - ok
03:35:29.0867 2252 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
03:35:29.0867 2252 MTConfig - ok
03:35:29.0976 2252 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
03:35:29.0976 2252 MTsensor - ok
03:35:30.0054 2252 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
03:35:30.0054 2252 Mup - ok
03:35:30.0101 2252 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
03:35:30.0116 2252 NativeWifiP - ok
03:35:30.0147 2252 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
03:35:30.0194 2252 NDIS - ok
03:35:30.0225 2252 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
03:35:30.0225 2252 NdisCap - ok
03:35:30.0257 2252 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
03:35:30.0257 2252 NdisTapi - ok
03:35:30.0272 2252 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
03:35:30.0272 2252 Ndisuio - ok
03:35:30.0319 2252 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
03:35:30.0319 2252 NdisWan - ok
03:35:30.0335 2252 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
03:35:30.0335 2252 NDProxy - ok
03:35:30.0413 2252 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
03:35:30.0413 2252 Netaapl - ok
03:35:30.0506 2252 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
03:35:30.0506 2252 NetBIOS - ok
03:35:30.0537 2252 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
03:35:30.0537 2252 NetBT - ok
03:35:30.0600 2252 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
03:35:30.0615 2252 netr7364 - ok
03:35:30.0647 2252 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
03:35:30.0647 2252 nfrd960 - ok
03:35:30.0693 2252 nl38 - ok
03:35:30.0725 2252 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
03:35:30.0725 2252 Npfs - ok
03:35:30.0740 2252 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
03:35:30.0740 2252 nsiproxy - ok
03:35:30.0787 2252 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
03:35:30.0818 2252 Ntfs - ok
03:35:30.0834 2252 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
03:35:30.0834 2252 Null - ok
03:35:30.0943 2252 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
03:35:30.0943 2252 NVHDA - ok
03:35:31.0895 2252 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:35:31.0973 2252 nvlddmkm - ok
03:35:32.0144 2252 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
03:35:32.0144 2252 nvraid - ok
03:35:32.0160 2252 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
03:35:32.0175 2252 nvstor - ok
03:35:32.0207 2252 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
03:35:32.0207 2252 nv_agp - ok
03:35:32.0222 2252 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
03:35:32.0222 2252 ohci1394 - ok
03:35:32.0285 2252 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
03:35:32.0285 2252 Parport - ok
03:35:32.0300 2252 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
03:35:32.0300 2252 partmgr - ok
03:35:32.0347 2252 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
03:35:32.0347 2252 PCAMp50a64 - ok
03:35:32.0363 2252 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
03:35:32.0378 2252 PCASp50a64 - ok
03:35:32.0394 2252 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
03:35:32.0394 2252 pci - ok
03:35:32.0425 2252 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
03:35:32.0441 2252 pciide - ok
03:35:32.0487 2252 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
03:35:32.0503 2252 pcmcia - ok
03:35:32.0597 2252 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
03:35:32.0612 2252 PCTCore - ok
03:35:32.0628 2252 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
03:35:32.0643 2252 pctDS - ok
03:35:32.0706 2252 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
03:35:32.0737 2252 pctEFA - ok
03:35:32.0784 2252 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
03:35:32.0799 2252 pcw - ok
03:35:32.0831 2252 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
03:35:32.0846 2252 PEAUTH - ok
03:35:32.0924 2252 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
03:35:32.0924 2252 PptpMiniport - ok
03:35:32.0940 2252 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
03:35:32.0955 2252 Processor - ok
03:35:32.0971 2252 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
03:35:32.0987 2252 Psched - ok
03:35:33.0033 2252 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
03:35:33.0049 2252 PxHlpa64 - ok
03:35:33.0111 2252 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
03:35:33.0143 2252 ql2300 - ok
03:35:33.0174 2252 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
03:35:33.0174 2252 ql40xx - ok
03:35:33.0205 2252 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
03:35:33.0205 2252 QWAVEdrv - ok
03:35:33.0221 2252 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
03:35:33.0221 2252 RasAcd - ok
03:35:33.0252 2252 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:35:33.0267 2252 RasAgileVpn - ok
03:35:33.0283 2252 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:35:33.0283 2252 Rasl2tp - ok
03:35:33.0299 2252 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
03:35:33.0314 2252 RasPppoe - ok
03:35:33.0377 2252 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
03:35:33.0377 2252 RasSstp - ok
03:35:33.0408 2252 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
03:35:33.0408 2252 rdbss - ok
03:35:33.0423 2252 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
03:35:33.0423 2252 rdpbus - ok
03:35:33.0439 2252 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:35:33.0439 2252 RDPCDD - ok
03:35:33.0455 2252 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
03:35:33.0470 2252 RDPDR - ok
03:35:33.0486 2252 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
03:35:33.0486 2252 RDPENCDD - ok
03:35:33.0501 2252 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
03:35:33.0501 2252 RDPREFMP - ok
03:35:33.0517 2252 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
03:35:33.0517 2252 RDPWD - ok
03:35:33.0548 2252 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
03:35:33.0548 2252 rdyboost - ok
03:35:33.0626 2252 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
03:35:33.0626 2252 RFCOMM - ok
03:35:33.0657 2252 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
03:35:33.0673 2252 rspndr - ok
03:35:33.0813 2252 RT73 (3b5809e9d3b8995fb65a82cb92745072) C:\Windows\system32\DRIVERS\Dr71WU.sys
03:35:33.0860 2252 RT73 - ok
03:35:33.0954 2252 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
03:35:33.0969 2252 s3cap - ok
03:35:34.0016 2252 SaiH075C (248abd858ff7dcc966e5a54529ddd225) C:\Windows\system32\DRIVERS\SaiH075C.sys
03:35:34.0016 2252 SaiH075C - ok
03:35:34.0110 2252 SaiK0CCB (7449b5949bb85742cdf247be7f9b653a) C:\Windows\system32\DRIVERS\SaiK0CCB.sys
03:35:34.0125 2252 SaiK0CCB - ok
03:35:34.0203 2252 SaiMini (9e7e53891d1747a01f491ab25b95135d) C:\Windows\system32\DRIVERS\SaiMini.sys
03:35:34.0219 2252 SaiMini - ok
03:35:34.0281 2252 SaiNtBus (b3b86be19a0caf025f679c39fd21e735) C:\Windows\system32\drivers\SaiBus.sys
03:35:34.0297 2252 SaiNtBus - ok
03:35:34.0328 2252 SaiU0CCB (325f2aab1df5f37d6aee3c1db1d9fee1) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
03:35:34.0328 2252 SaiU0CCB - ok
03:35:34.0391 2252 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
03:35:34.0391 2252 sbp2port - ok
03:35:34.0437 2252 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
03:35:34.0437 2252 scfilter - ok
03:35:34.0547 2252 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
03:35:34.0547 2252 ScreamBAudioSvc - ok
03:35:34.0593 2252 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
03:35:34.0593 2252 secdrv - ok
03:35:34.0609 2252 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
03:35:34.0609 2252 Serenum - ok
03:35:34.0640 2252 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
03:35:34.0640 2252 Serial - ok
03:35:34.0656 2252 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
03:35:34.0656 2252 sermouse - ok
03:35:34.0687 2252 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
03:35:34.0687 2252 sffdisk - ok
03:35:34.0718 2252 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
03:35:34.0718 2252 sffp_mmc - ok
03:35:34.0734 2252 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
03:35:34.0734 2252 sffp_sd - ok
03:35:34.0749 2252 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
03:35:34.0749 2252 sfloppy - ok
03:35:34.0796 2252 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:35:34.0796 2252 SiSRaid2 - ok
03:35:34.0812 2252 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
03:35:34.0812 2252 SiSRaid4 - ok
03:35:34.0827 2252 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
03:35:34.0827 2252 Smb - ok
03:35:34.0859 2252 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
03:35:34.0859 2252 spldr - ok
03:35:35.0093 2252 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
03:35:35.0093 2252 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
03:35:35.0093 2252 sptd ( LockedFile.Multi.Generic ) - warning
03:35:35.0093 2252 sptd - detected LockedFile.Multi.Generic (1)
03:35:35.0233 2252 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
03:35:35.0233 2252 srv - ok
03:35:35.0264 2252 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
03:35:35.0280 2252 srv2 - ok
03:35:35.0295 2252 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
03:35:35.0327 2252 srvnet - ok
03:35:35.0389 2252 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
03:35:35.0405 2252 stexstor - ok
03:35:35.0436 2252 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
03:35:35.0436 2252 storflt - ok
03:35:35.0467 2252 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
03:35:35.0467 2252 storvsc - ok
03:35:35.0483 2252 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
03:35:35.0483 2252 swenum - ok
03:35:35.0529 2252 TBPanel - ok
03:35:35.0701 2252 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
03:35:35.0748 2252 Tcpip - ok
03:35:35.0795 2252 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
03:35:35.0795 2252 TCPIP6 - ok
03:35:35.0841 2252 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
03:35:35.0841 2252 tcpipreg - ok
03:35:35.0857 2252 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
03:35:35.0873 2252 TDPIPE - ok
03:35:35.0904 2252 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
03:35:35.0904 2252 TDTCP - ok
03:35:35.0919 2252 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
03:35:35.0919 2252 tdx - ok
03:35:35.0935 2252 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
03:35:35.0935 2252 TermDD - ok
03:35:35.0966 2252 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:35:35.0966 2252 tssecsrv - ok
03:35:36.0013 2252 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
03:35:36.0013 2252 tunnel - ok
03:35:36.0029 2252 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
03:35:36.0029 2252 uagp35 - ok
03:35:36.0075 2252 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
03:35:36.0091 2252 udfs - ok
03:35:36.0122 2252 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
03:35:36.0122 2252 uliagpkx - ok
03:35:36.0169 2252 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
03:35:36.0185 2252 umbus - ok
03:35:36.0216 2252 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
03:35:36.0216 2252 UmPass - ok
03:35:36.0294 2252 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
03:35:36.0309 2252 USBAAPL64 - ok
03:35:36.0341 2252 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
03:35:36.0341 2252 usbaudio - ok
03:35:36.0450 2252 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
03:35:36.0465 2252 usbccgp - ok
03:35:36.0497 2252 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
03:35:36.0497 2252 usbcir - ok
03:35:36.0512 2252 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
03:35:36.0512 2252 usbehci - ok
03:35:36.0543 2252 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
03:35:36.0543 2252 usbhub - ok
03:35:36.0575 2252 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
03:35:36.0575 2252 usbohci - ok
03:35:36.0575 2252 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
03:35:36.0590 2252 usbprint - ok
03:35:36.0606 2252 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:35:36.0606 2252 USBSTOR - ok
03:35:36.0621 2252 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
03:35:36.0621 2252 usbuhci - ok
03:35:36.0637 2252 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
03:35:36.0653 2252 usbvideo - ok
03:35:36.0684 2252 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
03:35:36.0684 2252 vdrvroot - ok
03:35:36.0699 2252 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
03:35:36.0699 2252 vga - ok
03:35:36.0715 2252 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
03:35:36.0715 2252 VgaSave - ok
03:35:36.0731 2252 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
03:35:36.0731 2252 vhdmp - ok
03:35:36.0949 2252 VIAHdAudAddService (574b29f436c4c63d37020c6e570a7528) C:\Windows\system32\drivers\viahduaa.sys
03:35:36.0965 2252 VIAHdAudAddService - ok
03:35:37.0074 2252 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
03:35:37.0074 2252 viaide - ok
03:35:37.0105 2252 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
03:35:37.0105 2252 vmbus - ok
03:35:37.0121 2252 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
03:35:37.0121 2252 VMBusHID - ok
03:35:37.0136 2252 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
03:35:37.0152 2252 volmgr - ok
03:35:37.0167 2252 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
03:35:37.0167 2252 volmgrx - ok
03:35:37.0214 2252 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
03:35:37.0245 2252 volsnap - ok
03:35:37.0277 2252 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
03:35:37.0277 2252 vsmraid - ok
03:35:37.0292 2252 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
03:35:37.0292 2252 vwifibus - ok
03:35:37.0323 2252 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
03:35:37.0323 2252 vwififlt - ok
03:35:37.0339 2252 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
03:35:37.0339 2252 WacomPen - ok
03:35:37.0370 2252 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
03:35:37.0386 2252 WANARP - ok
03:35:37.0401 2252 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
03:35:37.0401 2252 Wanarpv6 - ok
03:35:37.0417 2252 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
03:35:37.0417 2252 Wd - ok
03:35:37.0479 2252 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
03:35:37.0495 2252 Wdf01000 - ok
03:35:37.0542 2252 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
03:35:37.0542 2252 WfpLwf - ok
03:35:37.0557 2252 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
03:35:37.0557 2252 WIMMount - ok
03:35:37.0651 2252 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
03:35:37.0682 2252 WinUsb - ok
03:35:37.0698 2252 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
03:35:37.0713 2252 WmiAcpi - ok
03:35:37.0823 2252 WN111v2 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
03:35:37.0838 2252 WN111v2 - ok
03:35:37.0901 2252 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
03:35:37.0901 2252 ws2ifsl - ok
03:35:37.0947 2252 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
03:35:37.0947 2252 WudfPf - ok
03:35:37.0963 2252 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:35:37.0963 2252 WUDFRd - ok
03:35:38.0025 2252 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:35:38.0088 2252 \Device\Harddisk0\DR0 - ok
03:35:38.0103 2252 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
03:35:38.0119 2252 \Device\Harddisk1\DR1 - ok
03:35:38.0119 2252 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR2
03:35:38.0135 2252 \Device\Harddisk2\DR2 - ok
03:35:38.0150 2252 Boot (0x1200) (5f4c5bfd70c651f1b64aa8958f8c068b) \Device\Harddisk0\DR0\Partition0
03:35:38.0150 2252 \Device\Harddisk0\DR0\Partition0 - ok
03:35:38.0166 2252 Boot (0x1200) (b7ade096151d5d661b1e2f73776bcf1f) \Device\Harddisk1\DR1\Partition0
03:35:38.0166 2252 \Device\Harddisk1\DR1\Partition0 - ok
03:35:38.0166 2252 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk2\DR2\Partition0
03:35:38.0166 2252 \Device\Harddisk2\DR2\Partition0 - ok
03:35:38.0166 2252 ============================================================
03:35:38.0166 2252 Scan finished
03:35:38.0166 2252 ============================================================
03:35:38.0181 4632 Detected object count: 1
03:35:38.0181 4632 Actual detected object count: 1
03:36:49.0941 4632 sptd ( LockedFile.Multi.Generic ) - skipped by user
03:36:49.0941 4632 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Edited by Wufflykins, 28 December 2011 - 12:39 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 PM

Posted 28 December 2011 - 04:17 PM

So things are good now?

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Wufflykins

Wufflykins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:16 AM

Posted 04 January 2012 - 11:06 AM

Just to follow up after week's trial run:

Things are good now, no redirects and no popups; it seems TDSSKiller worked a treat.

Can't really say it enough but thanks, wouldn't have figured it out with you mate.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 PM

Posted 04 January 2012 - 03:32 PM

Our pleasure!!
If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users