Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing a virus thats causing a lot of issues


  • Please log in to reply
8 replies to this topic

#1 DrifterUK

DrifterUK

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 28 March 2012 - 12:44 AM

Hey everyone

I need some help with removing a virus on my laptop. It started on Friday (today is the first day Ive had a chance to attempt to fix it) when I got a notification claiming to be from Windows Defender saying it had found a virus and needed to take action. I clicked accept without really thinking about it and now Im having a lot of issues with my laptop.

My google search results are being directed to junk sites with very bad Web Of Trust ratings. Its also slower than usual to boot up. My 'All Programs' list under the start menu is empty in Safe Mode, and it also restarted itself while I was typing this post out.

The worst issue Im having is that when booted normally, rougly 5-10 minutes after I reach the desktop screen, my laptop experiences a BSOD with the following details

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 839BA487
BCP3: 8249F764
BCP4: 00000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\032712-44335-01.dmp
C:\Users\Drifter\AppData\Local\Temp\WER-56487-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt


Whether the BSOD is related to the virus or not, I have no idea. It experienced the same problem last week when Spybot blocked a driver update, and was fine after I told Spybot to let it through.

So far Ive tried running Malwarebytes and Spybot S&D which have both removed a lot of malware, but the problem is still persisting and I have no clue how to fix this without help


Any help would be hugely appreciated. And I apologize if the same issue has been posted about before, Im just getting quite stressed over this

Forgot to mention Im using Windows 7 home

Drifter

Edited by DrifterUK, 28 March 2012 - 12:50 AM.


BC AdBot (Login to Remove)

 


#2 access2godzila

access2godzila

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 28 March 2012 - 01:24 AM

Can you boot in safe mode? If so, run Rkill, then run Spybot, TDSSkiller (or other programs of your choice).

Let us know what happened.

#3 TheForgottenGod

TheForgottenGod

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 28 March 2012 - 02:15 AM

A moderator will be with you shortly to help you more in depth. I advise not trying anything tell a moderator walks you through.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:33 PM

Posted 28 March 2012 - 12:01 PM

Hello, we need a bit more info. This may be an AVG crash.

Please post the MBAM log.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 DrifterUK

DrifterUK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 28 March 2012 - 12:57 PM

Thanks for the reply. Im not sure how to find the MBAM Log. My 'All Programs' section on the Start Menu is just showing as '(empty)'. The same goes for My Documents/Pictures and my C: drive is showing the same. I have no idea how to start the program now, or find the log.

However, these are the logs from Minitoolbox and TDSSKiller

Minitoolbox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Drifter (administrator) on 28-03-2012 at 10:25:48
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5B93 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Drifter-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : socal.rr.com

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1F-16-C1-28-65
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : socal.rr.com
Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
Physical Address. . . . . . . . . : 00-26-5E-71-70-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::58e6:f25:e614:44f1%2(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.146(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, March 28, 2012 9:34:17 AM
Lease Expires . . . . . . . . . . : Thursday, March 29, 2012 9:34:22 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218113630
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-C4-12-22-00-1F-16-C1-28-65
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.socal.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{723A056E-584D-4BBD-9647-04B69217C4AB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.224.227
74.125.224.228
74.125.224.229
74.125.224.230
74.125.224.231
74.125.224.232
74.125.224.233
74.125.224.238
74.125.224.224
74.125.224.225
74.125.224.226


Pinging google.com [74.125.224.227] with 32 bytes of data:
Reply from 74.125.224.227: bytes=32 time=15ms TTL=54
Reply from 74.125.224.227: bytes=32 time=17ms TTL=54

Ping statistics for 74.125.224.227:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 17ms, Average = 16ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=244ms TTL=46
Reply from 98.139.183.24: bytes=32 time=217ms TTL=47

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 217ms, Maximum = 244ms, Average = 230ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 1f 16 c1 28 65 ......Broadcom NetLink ™ Gigabit Ethernet
2...00 26 5e 71 70 46 ......Atheros AR5B93 Wireless Network Adapter
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.146 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.146 281
192.168.1.146 255.255.255.255 On-link 192.168.1.146 281
192.168.1.255 255.255.255.255 On-link 192.168.1.146 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.146 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.146 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
2 281 fe80::/64 On-link
2 281 fe80::58e6:f25:e614:44f1/128
On-link
1 306 ff00::/8 On-link
2 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/23/2012 05:03:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: wlcomm.exe, version: 14.0.8117.416, time stamp: 0x4bc91069
Faulting module name: vubjh.dll, version: 1.2.0.0, time stamp: 0x4a5c48ff
Exception code: 0xc0000005
Fault offset: 0x0000159f
Faulting process id: 0x1574
Faulting application start time: 0xwlcomm.exe0
Faulting application path: wlcomm.exe1
Faulting module path: wlcomm.exe2
Report Id: wlcomm.exe3

Error: (03/23/2012 00:46:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (03/23/2012 00:46:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/22/2012 04:03:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (03/22/2012 04:02:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/22/2012 11:19:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: msnmsgr.exe, version: 14.0.8117.416, time stamp: 0x4bc935af
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000005
Fault offset: 0x00051f2d
Faulting process id: 0x147c
Faulting application start time: 0xmsnmsgr.exe0
Faulting application path: msnmsgr.exe1
Faulting module path: msnmsgr.exe2
Report Id: msnmsgr.exe3

Error: (03/22/2012 11:19:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: msnmsgr.exe, version: 14.0.8117.416, time stamp: 0x4bc935af
Faulting module name: vubjh.dll, version: 1.2.0.0, time stamp: 0x4a5c48ff
Exception code: 0xc0000005
Fault offset: 0x00001094
Faulting process id: 0x1574
Faulting application start time: 0xmsnmsgr.exe0
Faulting application path: msnmsgr.exe1
Faulting module path: msnmsgr.exe2
Report Id: msnmsgr.exe3

Error: (03/22/2012 11:19:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: msnmsgr.exe, version: 14.0.8117.416, time stamp: 0x4bc935af
Faulting module name: vubjh.dll, version: 1.2.0.0, time stamp: 0x4a5c48ff
Exception code: 0xc0000005
Fault offset: 0x0000107b
Faulting process id: 0xa04
Faulting application start time: 0xmsnmsgr.exe0
Faulting application path: msnmsgr.exe1
Faulting module path: msnmsgr.exe2
Report Id: msnmsgr.exe3

Error: (03/22/2012 11:18:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.5.0.124, time stamp: 0x4e96a02b
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000005
Fault offset: 0x00046892
Faulting process id: 0xef8
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (03/21/2012 11:01:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (03/28/2012 10:07:03 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (03/28/2012 10:07:03 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (03/28/2012 09:34:47 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (03/28/2012 09:34:38 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/28/2012 09:34:36 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/28/2012 09:34:34 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/28/2012 09:34:29 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/28/2012 09:34:15 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswSnx
aswSP
aswTdi
discache
spldr
Wanarpv6

Error: (03/28/2012 09:34:15 AM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (03/27/2012 10:26:28 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/11/2011 06:14:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3645 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/02/2011 05:17:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/23/2010 07:50:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 161 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acer Crystal Eye (Version: 7.32.701.12a)
Acer Crystal Eye webcam Ver:1.1.74.216 (Version: 1.1.74.216)
Acer Crystal Eye Webcam Video Class Camera (Version: 5.8.33.501-1.0)
Adobe Download Manager (Version: 1.6.2.63)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Amazon MP3 Downloader 1.0.9
Audacity 1.3.14 (Unicode)
avast! Free Antivirus (Version: 6.0.1203.0)
Bamboo (Version: 5.2.4-6)
CompendiumDS3
EPSON Scan
EPSON SX100 Series Printer Uninstall
ESET Online Scanner v3
FileHippo.com Update Checker
GIMP 2.6.11 (Version: 2.6.11)
Inkscape 0.48.2 (Version: 0.48.2)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Last.fm 1.5.4.27091
LG CyberLink LabelPrint (Version: 2.5.2111)
LG CyberLink Power2Go (Version: 6.2.4009)
LG CyberLink PowerBackup (Version: 2.5.5529)
LG CyberLink YouCam (Version: 2.0.3304a)
LG ODD Auto Firmware Update (Version: 9.01.1124.01)
LG Power Tools (Version: 6.0.3316)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 10.0.2 (x86 en-GB) (Version: 10.0.2)
MSVCRT (Version: 14.0.1468.721)
QuickTime (Version: 7.70.80.34)
Rainmeter (remove only)
Secunia PSI (2.0.0.3003)
Skype™ 5.5 (Version: 5.5.124)
Spybot - Search & Destroy (Version: 1.6.2)
Sumatra PDF reader
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoLAN VLC media player 0.8.6f (Version: 0.8.6f)
WebTablet IE Plugin (Version: 1.1.0.7)
WebTablet Netscape Plugin (Version: 1.1.0.5)
Winamp (Version: 5.58 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 3000.91 MB
Available physical RAM: 1981.8 MB
Total Pagefile: 6000.1 MB
Available Pagefile: 4939.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.02 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:223.12 GB) (Free:179.13 GB) NTFS

========================= Users: ========================================

User accounts for \\DRIFTER-PC

Administrator Drifter Guest


**** End of log ****


TDSSKiller

10:24:54.0051 3816 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
10:24:54.0414 3816 ============================================================
10:24:54.0414 3816 Current date / time: 2012/03/28 10:24:54.0414
10:24:54.0414 3816 SystemInfo:
10:24:54.0414 3816
10:24:54.0414 3816 OS Version: 6.1.7600 ServicePack: 0.0
10:24:54.0414 3816 Product type: Workstation
10:24:54.0415 3816 ComputerName: DRIFTER-PC
10:24:54.0415 3816 UserName: Drifter
10:24:54.0415 3816 Windows directory: C:\Windows
10:24:54.0415 3816 System windows directory: C:\Windows
10:24:54.0415 3816 Processor architecture: Intel x86
10:24:54.0415 3816 Number of processors: 2
10:24:54.0415 3816 Page size: 0x1000
10:24:54.0415 3816 Boot type: Safe boot with network
10:24:54.0415 3816 ============================================================
10:24:55.0756 3816 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:24:55.0758 3816 \Device\Harddisk0\DR0:
10:24:55.0759 3816 MBR used
10:24:55.0759 3816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x1BE3C800
10:24:55.0793 3816 Initialize success
10:24:55.0793 3816 ============================================================
10:27:36.0027 1732 ============================================================
10:27:36.0027 1732 Scan started
10:27:36.0027 1732 Mode: Manual; TDLFS;
10:27:36.0027 1732 ============================================================
10:27:40.0379 1732 .cdrom - ok
10:27:40.0551 1732 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
10:27:40.0551 1732 1394ohci - ok
10:27:40.0597 1732 3221 - ok
10:27:40.0691 1732 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
10:27:40.0691 1732 ACPI - ok
10:27:40.0863 1732 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
10:27:40.0878 1732 AcpiPmi - ok
10:27:41.0019 1732 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:27:41.0019 1732 AdobeARMservice - ok
10:27:41.0331 1732 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:27:41.0331 1732 adp94xx - ok
10:27:41.0393 1732 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:27:41.0393 1732 adpahci - ok
10:27:41.0409 1732 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:27:41.0440 1732 adpu320 - ok
10:27:41.0502 1732 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:27:41.0502 1732 AeLookupSvc - ok
10:27:41.0736 1732 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
10:27:41.0736 1732 AFD - ok
10:27:41.0799 1732 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
10:27:41.0799 1732 agp440 - ok
10:27:41.0861 1732 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:27:41.0861 1732 aic78xx - ok
10:27:42.0173 1732 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:27:42.0173 1732 ALG - ok
10:27:42.0282 1732 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
10:27:42.0282 1732 aliide - ok
10:27:42.0329 1732 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
10:27:42.0329 1732 amdagp - ok
10:27:42.0345 1732 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
10:27:42.0345 1732 amdide - ok
10:27:42.0485 1732 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:27:42.0485 1732 AmdK8 - ok
10:27:42.0532 1732 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:27:42.0532 1732 AmdPPM - ok
10:27:42.0875 1732 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
10:27:42.0875 1732 amdsata - ok
10:27:42.0984 1732 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:27:42.0984 1732 amdsbs - ok
10:27:43.0031 1732 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
10:27:43.0031 1732 amdxata - ok
10:27:43.0062 1732 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
10:27:43.0062 1732 AppID - ok
10:27:43.0234 1732 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:27:43.0249 1732 AppIDSvc - ok
10:27:43.0405 1732 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
10:27:43.0405 1732 Appinfo - ok
10:27:43.0577 1732 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:27:43.0593 1732 arc - ok
10:27:43.0608 1732 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:27:43.0608 1732 arcsas - ok
10:27:43.0827 1732 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:27:43.0905 1732 aspnet_state - ok
10:27:44.0107 1732 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
10:27:44.0107 1732 aswFsBlk - ok
10:27:44.0139 1732 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
10:27:44.0139 1732 aswMonFlt - ok
10:27:44.0154 1732 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
10:27:44.0154 1732 aswRdr - ok
10:27:44.0232 1732 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
10:27:44.0248 1732 aswSnx - ok
10:27:44.0310 1732 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
10:27:44.0326 1732 aswSP - ok
10:27:44.0341 1732 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
10:27:44.0341 1732 aswTdi - ok
10:27:44.0404 1732 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:27:44.0404 1732 AsyncMac - ok
10:27:44.0451 1732 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
10:27:44.0451 1732 atapi - ok
10:27:44.0560 1732 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
10:27:44.0591 1732 athr - ok
10:27:45.0215 1732 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
10:27:45.0231 1732 AudioEndpointBuilder - ok
10:27:45.0246 1732 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
10:27:45.0246 1732 Audiosrv - ok
10:27:45.0340 1732 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
10:27:45.0340 1732 avast! Antivirus - ok
10:27:45.0480 1732 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
10:27:45.0480 1732 AxInstSV - ok
10:27:45.0543 1732 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:27:45.0558 1732 b06bdrv - ok
10:27:45.0621 1732 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:27:45.0621 1732 b57nd60x - ok
10:27:45.0761 1732 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:27:45.0761 1732 BDESVC - ok
10:27:45.0823 1732 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:27:45.0823 1732 Beep - ok
10:27:45.0886 1732 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
10:27:46.0057 1732 BITS - ok
10:27:46.0307 1732 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:27:46.0307 1732 blbdrive - ok
10:27:46.0354 1732 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
10:27:46.0369 1732 bowser - ok
10:27:46.0432 1732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:27:46.0432 1732 BrFiltLo - ok
10:27:46.0447 1732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:27:46.0447 1732 BrFiltUp - ok
10:27:46.0853 1732 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
10:27:46.0853 1732 Browser - ok
10:27:46.0931 1732 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:27:46.0947 1732 Brserid - ok
10:27:46.0962 1732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:27:46.0962 1732 BrSerWdm - ok
10:27:46.0993 1732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:27:46.0993 1732 BrUsbMdm - ok
10:27:47.0149 1732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:27:47.0149 1732 BrUsbSer - ok
10:27:47.0212 1732 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:27:47.0227 1732 BTHMODEM - ok
10:27:47.0274 1732 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:27:47.0290 1732 bthserv - ok
10:27:47.0352 1732 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:27:47.0352 1732 cdfs - ok
10:27:47.0461 1732 cdrom (e7afae52ac2457d234855c6e932d7e40) C:\Windows\system32\DRIVERS\cdrom.sys
10:27:47.0461 1732 cdrom - ok
10:27:47.0539 1732 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
10:27:47.0539 1732 CertPropSvc - ok
10:27:47.0586 1732 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:27:47.0602 1732 circlass - ok
10:27:47.0711 1732 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:27:47.0711 1732 CLFS - ok
10:27:47.0820 1732 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:47.0820 1732 clr_optimization_v2.0.50727_32 - ok
10:27:47.0883 1732 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:27:48.0007 1732 clr_optimization_v4.0.30319_32 - ok
10:27:48.0148 1732 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:27:48.0148 1732 CmBatt - ok
10:27:48.0179 1732 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
10:27:48.0179 1732 cmdide - ok
10:27:48.0335 1732 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
10:27:48.0351 1732 CNG - ok
10:27:48.0507 1732 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:27:48.0507 1732 Compbatt - ok
10:27:48.0538 1732 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:27:48.0538 1732 CompositeBus - ok
10:27:48.0631 1732 COMSysApp - ok
10:27:48.0694 1732 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:27:48.0694 1732 crcdisk - ok
10:27:48.0756 1732 CronService (63a7739ac9c1e38589b3edb1daeb9df5) C:\Prey\platform\windows\cronsvc.exe
10:27:48.0772 1732 CronService - ok
10:27:48.0928 1732 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
10:27:48.0928 1732 CryptSvc - ok
10:27:48.0990 1732 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
10:27:48.0990 1732 DcomLaunch - ok
10:27:49.0037 1732 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:27:49.0053 1732 defragsvc - ok
10:27:49.0177 1732 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
10:27:49.0177 1732 DfsC - ok
10:27:49.0287 1732 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
10:27:49.0287 1732 Dhcp - ok
10:27:49.0349 1732 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:27:49.0349 1732 discache - ok
10:27:49.0396 1732 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:27:49.0396 1732 Disk - ok
10:27:49.0427 1732 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
10:27:49.0427 1732 Dnscache - ok
10:27:49.0474 1732 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
10:27:49.0489 1732 dot3svc - ok
10:27:49.0505 1732 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
10:27:49.0521 1732 DPS - ok
10:27:50.0082 1732 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:27:50.0098 1732 drmkaud - ok
10:27:50.0363 1732 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
10:27:50.0394 1732 DXGKrnl - ok
10:27:50.0488 1732 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:27:50.0488 1732 EapHost - ok
10:27:50.0628 1732 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:27:50.0722 1732 ebdrv - ok
10:27:50.0753 1732 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
10:27:50.0753 1732 EFS - ok
10:27:50.0815 1732 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
10:27:50.0831 1732 ehRecvr - ok
10:27:50.0862 1732 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:27:50.0862 1732 ehSched - ok
10:27:51.0065 1732 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:27:51.0143 1732 elxstor - ok
10:27:51.0268 1732 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
10:27:51.0268 1732 EPSON_EB_RPCV4_01 - ok
10:27:51.0315 1732 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
10:27:51.0330 1732 EPSON_PM_RPCV4_01 - ok
10:27:51.0673 1732 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
10:27:51.0673 1732 ErrDev - ok
10:27:51.0767 1732 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:27:51.0767 1732 EventSystem - ok
10:27:51.0845 1732 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:27:51.0845 1732 exfat - ok
10:27:51.0861 1732 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:27:51.0861 1732 fastfat - ok
10:27:51.0939 1732 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
10:27:51.0954 1732 Fax - ok
10:27:52.0001 1732 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:27:52.0001 1732 fdc - ok
10:27:52.0048 1732 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:27:52.0048 1732 fdPHost - ok
10:27:52.0063 1732 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:27:52.0063 1732 FDResPub - ok
10:27:52.0079 1732 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:27:52.0079 1732 FileInfo - ok
10:27:52.0095 1732 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:27:52.0095 1732 Filetrace - ok
10:27:52.0141 1732 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:27:52.0141 1732 flpydisk - ok
10:27:52.0313 1732 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:27:52.0313 1732 FltMgr - ok
10:27:52.0375 1732 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
10:27:52.0422 1732 FontCache - ok
10:27:52.0687 1732 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:27:52.0687 1732 FontCache3.0.0.0 - ok
10:27:52.0781 1732 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:27:52.0781 1732 FsDepends - ok
10:27:52.0843 1732 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:27:52.0843 1732 Fs_Rec - ok
10:27:52.0906 1732 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
10:27:52.0921 1732 fvevol - ok
10:27:53.0015 1732 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:27:53.0015 1732 gagp30kx - ok
10:27:53.0093 1732 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
10:27:53.0093 1732 getPlusHelper - ok
10:27:53.0265 1732 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
10:27:53.0265 1732 gpsvc - ok
10:27:53.0358 1732 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:27:53.0358 1732 hcw85cir - ok
10:27:53.0421 1732 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
10:27:53.0436 1732 HdAudAddService - ok
10:27:53.0577 1732 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:27:53.0592 1732 HDAudBus - ok
10:27:53.0608 1732 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:27:53.0623 1732 HidBatt - ok
10:27:53.0670 1732 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:27:53.0670 1732 HidBth - ok
10:27:53.0717 1732 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:27:53.0717 1732 HidIr - ok
10:27:53.0779 1732 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:27:53.0779 1732 hidserv - ok
10:27:53.0842 1732 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
10:27:53.0842 1732 HidUsb - ok
10:27:53.0889 1732 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
10:27:53.0889 1732 hkmsvc - ok
10:27:53.0935 1732 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
10:27:53.0951 1732 HomeGroupListener - ok
10:27:53.0998 1732 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
10:27:54.0013 1732 HomeGroupProvider - ok
10:27:54.0107 1732 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:27:54.0107 1732 HpSAMD - ok
10:27:54.0154 1732 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
10:27:54.0169 1732 HTTP - ok
10:27:54.0185 1732 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
10:27:54.0185 1732 hwpolicy - ok
10:27:54.0232 1732 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
10:27:54.0232 1732 i8042prt - ok
10:27:54.0294 1732 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
10:27:54.0310 1732 iaStorV - ok
10:27:54.0622 1732 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:27:54.0637 1732 idsvc - ok
10:27:54.0981 1732 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:27:55.0183 1732 igfx - ok
10:27:55.0230 1732 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:27:55.0230 1732 iirsp - ok
10:27:55.0573 1732 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
10:27:55.0605 1732 IKEEXT - ok
10:27:55.0651 1732 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
10:27:55.0651 1732 intelide - ok
10:27:55.0729 1732 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:27:55.0729 1732 intelppm - ok
10:27:55.0776 1732 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:27:55.0776 1732 IPBusEnum - ok
10:27:55.0807 1732 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:27:55.0807 1732 IpFilterDriver - ok
10:27:55.0839 1732 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:27:55.0839 1732 IPMIDRV - ok
10:27:55.0854 1732 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:27:55.0854 1732 IPNAT - ok
10:27:55.0885 1732 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:27:55.0885 1732 IRENUM - ok
10:27:55.0932 1732 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
10:27:55.0932 1732 isapnp - ok
10:27:55.0979 1732 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
10:27:55.0979 1732 iScsiPrt - ok
10:27:56.0041 1732 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
10:27:56.0041 1732 ivusb - ok
10:27:56.0104 1732 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
10:27:56.0104 1732 k57nd60x - ok
10:27:56.0182 1732 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:27:56.0182 1732 kbdclass - ok
10:27:56.0197 1732 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
10:27:56.0213 1732 kbdhid - ok
10:27:56.0244 1732 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:27:56.0244 1732 KeyIso - ok
10:27:56.0275 1732 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
10:27:56.0275 1732 KSecDD - ok
10:27:56.0307 1732 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
10:27:56.0307 1732 KSecPkg - ok
10:27:56.0353 1732 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:27:56.0369 1732 KtmRm - ok
10:27:56.0447 1732 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
10:27:56.0447 1732 LanmanServer - ok
10:27:56.0509 1732 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
10:27:56.0509 1732 LanmanWorkstation - ok
10:27:56.0603 1732 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:27:56.0603 1732 lltdio - ok
10:27:56.0650 1732 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:27:56.0650 1732 lltdsvc - ok
10:27:56.0712 1732 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:27:56.0712 1732 lmhosts - ok
10:27:56.0821 1732 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:27:56.0821 1732 LSI_FC - ok
10:27:56.0837 1732 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:27:56.0837 1732 LSI_SAS - ok
10:27:56.0899 1732 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:27:56.0899 1732 LSI_SAS2 - ok
10:27:56.0931 1732 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:27:56.0931 1732 LSI_SCSI - ok
10:27:56.0962 1732 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:27:56.0962 1732 luafv - ok
10:27:57.0009 1732 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
10:27:57.0009 1732 Mcx2Svc - ok
10:27:57.0087 1732 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:27:57.0087 1732 megasas - ok
10:27:57.0180 1732 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:27:57.0180 1732 MegaSR - ok
10:27:57.0243 1732 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:27:57.0243 1732 MMCSS - ok
10:27:57.0274 1732 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:27:57.0274 1732 Modem - ok
10:27:57.0305 1732 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:27:57.0305 1732 monitor - ok
10:27:57.0383 1732 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:27:57.0383 1732 mouclass - ok
10:27:57.0445 1732 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:27:57.0445 1732 mouhid - ok
10:27:57.0477 1732 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
10:27:57.0477 1732 mountmgr - ok
10:27:57.0508 1732 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
10:27:57.0508 1732 mpio - ok
10:27:57.0648 1732 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:27:57.0664 1732 mpsdrv - ok
10:27:57.0711 1732 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
10:27:57.0711 1732 MRxDAV - ok
10:27:57.0789 1732 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:27:57.0789 1732 mrxsmb - ok
10:27:57.0820 1732 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:27:57.0820 1732 mrxsmb10 - ok
10:27:57.0851 1732 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:27:57.0867 1732 mrxsmb20 - ok
10:27:57.0898 1732 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
10:27:57.0913 1732 msahci - ok
10:27:57.0929 1732 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
10:27:57.0945 1732 msdsm - ok
10:27:57.0991 1732 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:27:57.0991 1732 MSDTC - ok
10:27:58.0085 1732 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:27:58.0085 1732 Msfs - ok
10:27:58.0132 1732 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:27:58.0132 1732 mshidkmdf - ok
10:27:58.0163 1732 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
10:27:58.0163 1732 msisadrv - ok
10:27:58.0210 1732 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:27:58.0210 1732 MSiSCSI - ok
10:27:58.0225 1732 msiserver - ok
10:27:58.0257 1732 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:27:58.0257 1732 MSKSSRV - ok
10:27:58.0288 1732 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:27:58.0288 1732 MSPCLOCK - ok
10:27:58.0350 1732 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:27:58.0366 1732 MSPQM - ok
10:27:58.0381 1732 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:27:58.0413 1732 MsRPC - ok
10:27:58.0459 1732 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
10:27:58.0459 1732 mssmbios - ok
10:27:58.0615 1732 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:27:58.0615 1732 MSTEE - ok
10:27:58.0615 1732 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:27:58.0631 1732 MTConfig - ok
10:27:58.0678 1732 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:27:58.0678 1732 Mup - ok
10:27:58.0740 1732 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
10:27:58.0756 1732 napagent - ok
10:27:58.0943 1732 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:27:58.0943 1732 NativeWifiP - ok
10:27:59.0005 1732 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
10:27:59.0021 1732 NDIS - ok
10:27:59.0099 1732 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:27:59.0099 1732 NdisCap - ok
10:27:59.0177 1732 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:27:59.0177 1732 NdisTapi - ok
10:27:59.0239 1732 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
10:27:59.0239 1732 Ndisuio - ok
10:27:59.0255 1732 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
10:27:59.0255 1732 NdisWan - ok
10:27:59.0271 1732 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
10:27:59.0286 1732 NDProxy - ok
10:27:59.0395 1732 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:27:59.0395 1732 NetBIOS - ok
10:27:59.0520 1732 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
10:27:59.0536 1732 NetBT - ok
10:27:59.0567 1732 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:27:59.0567 1732 Netlogon - ok
10:27:59.0661 1732 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:27:59.0661 1732 Netman - ok
10:27:59.0785 1732 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:27:59.0801 1732 NetMsmqActivator - ok
10:27:59.0801 1732 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:27:59.0801 1732 NetPipeActivator - ok
10:27:59.0926 1732 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:27:59.0926 1732 netprofm - ok
10:28:00.0051 1732 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:28:00.0051 1732 NetTcpActivator - ok
10:28:00.0051 1732 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:28:00.0051 1732 NetTcpPortSharing - ok
10:28:00.0191 1732 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:28:00.0191 1732 nfrd960 - ok
10:28:00.0238 1732 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
10:28:00.0253 1732 NlaSvc - ok
10:28:00.0269 1732 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:28:00.0269 1732 Npfs - ok
10:28:00.0300 1732 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:28:00.0316 1732 nsi - ok
10:28:00.0331 1732 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:28:00.0331 1732 nsiproxy - ok
10:28:00.0394 1732 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
10:28:00.0581 1732 Ntfs - ok
10:28:00.0753 1732 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:28:00.0753 1732 Null - ok
10:28:00.0862 1732 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
10:28:00.0862 1732 nvraid - ok
10:28:00.0940 1732 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
10:28:00.0940 1732 nvstor - ok
10:28:01.0002 1732 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
10:28:01.0002 1732 nv_agp - ok
10:28:01.0501 1732 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:28:01.0533 1732 odserv - ok
10:28:01.0657 1732 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
10:28:01.0657 1732 ohci1394 - ok
10:28:01.0751 1732 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:28:01.0751 1732 ose - ok
10:28:01.0891 1732 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:28:01.0907 1732 p2pimsvc - ok
10:28:01.0954 1732 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:28:01.0954 1732 p2psvc - ok
10:28:02.0016 1732 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:28:02.0016 1732 Parport - ok
10:28:02.0032 1732 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
10:28:02.0032 1732 partmgr - ok
10:28:02.0047 1732 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:28:02.0063 1732 Parvdm - ok
10:28:02.0110 1732 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:28:02.0110 1732 PcaSvc - ok
10:28:02.0125 1732 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
10:28:02.0141 1732 pci - ok
10:28:02.0172 1732 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
10:28:02.0172 1732 pciide - ok
10:28:02.0188 1732 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:28:02.0188 1732 pcmcia - ok
10:28:02.0219 1732 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:28:02.0235 1732 pcw - ok
10:28:02.0297 1732 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:28:02.0297 1732 PEAUTH - ok
10:28:02.0391 1732 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
10:28:02.0453 1732 pla - ok
10:28:02.0593 1732 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
10:28:02.0593 1732 PlugPlay - ok
10:28:02.0656 1732 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:28:02.0656 1732 PNRPAutoReg - ok
10:28:02.0687 1732 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:28:02.0687 1732 PNRPsvc - ok
10:28:02.0734 1732 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
10:28:02.0749 1732 PolicyAgent - ok
10:28:02.0796 1732 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
10:28:02.0796 1732 Power - ok
10:28:02.0890 1732 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:28:02.0890 1732 PptpMiniport - ok
10:28:02.0937 1732 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:28:02.0937 1732 Processor - ok
10:28:03.0015 1732 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
10:28:03.0015 1732 ProfSvc - ok
10:28:03.0046 1732 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:28:03.0046 1732 ProtectedStorage - ok
10:28:03.0124 1732 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:28:03.0124 1732 Psched - ok
10:28:03.0155 1732 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
10:28:03.0155 1732 PSI - ok
10:28:03.0233 1732 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:28:03.0264 1732 ql2300 - ok
10:28:03.0295 1732 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:28:03.0295 1732 ql40xx - ok
10:28:03.0342 1732 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:28:03.0358 1732 QWAVE - ok
10:28:03.0405 1732 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:28:03.0420 1732 QWAVEdrv - ok
10:28:03.0420 1732 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:28:03.0436 1732 RasAcd - ok
10:28:03.0467 1732 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:28:03.0467 1732 RasAgileVpn - ok
10:28:03.0514 1732 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:28:03.0514 1732 RasAuto - ok
10:28:03.0561 1732 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:28:03.0561 1732 Rasl2tp - ok
10:28:03.0623 1732 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
10:28:03.0623 1732 RasMan - ok
10:28:03.0701 1732 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:28:03.0717 1732 RasPppoe - ok
10:28:03.0779 1732 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:28:03.0779 1732 RasSstp - ok
10:28:03.0795 1732 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
10:28:03.0795 1732 rdbss - ok
10:28:03.0826 1732 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:28:03.0841 1732 rdpbus - ok
10:28:03.0888 1732 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:28:03.0888 1732 RDPCDD - ok
10:28:03.0935 1732 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:28:03.0935 1732 RDPENCDD - ok
10:28:03.0951 1732 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:28:03.0951 1732 RDPREFMP - ok
10:28:03.0982 1732 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
10:28:03.0997 1732 RDPWD - ok
10:28:04.0044 1732 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
10:28:04.0060 1732 rdyboost - ok
10:28:04.0075 1732 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:28:04.0091 1732 RemoteAccess - ok
10:28:04.0138 1732 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:28:04.0153 1732 RemoteRegistry - ok
10:28:04.0216 1732 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:28:04.0216 1732 RpcEptMapper - ok
10:28:04.0263 1732 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:28:04.0263 1732 RpcLocator - ok
10:28:04.0294 1732 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
10:28:04.0294 1732 RpcSs - ok
10:28:04.0372 1732 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:28:04.0372 1732 rspndr - ok
10:28:04.0497 1732 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:28:04.0497 1732 SamSs - ok
10:28:04.0637 1732 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
10:28:04.0637 1732 sbp2port - ok
10:28:04.0746 1732 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
10:28:04.0793 1732 SBSDWSCService - ok
10:28:04.0902 1732 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:28:04.0902 1732 SCardSvr - ok
10:28:04.0965 1732 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
10:28:04.0965 1732 scfilter - ok
10:28:05.0011 1732 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
10:28:05.0027 1732 Schedule - ok
10:28:05.0074 1732 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
10:28:05.0074 1732 SCPolicySvc - ok
10:28:05.0121 1732 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
10:28:05.0121 1732 SDRSVC - ok
10:28:05.0214 1732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:28:05.0214 1732 secdrv - ok
10:28:05.0230 1732 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:28:05.0230 1732 seclogon - ok
10:28:05.0370 1732 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
10:28:05.0401 1732 Secunia PSI Agent - ok
10:28:05.0433 1732 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files\Secunia\PSI\sua.exe
10:28:05.0433 1732 Secunia Update Agent - ok
10:28:05.0557 1732 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:28:05.0557 1732 SENS - ok
10:28:05.0604 1732 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:28:05.0620 1732 SensrSvc - ok
10:28:05.0682 1732 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:28:05.0682 1732 Serenum - ok
10:28:05.0729 1732 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:28:05.0729 1732 Serial - ok
10:28:05.0745 1732 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:28:05.0745 1732 sermouse - ok
10:28:05.0807 1732 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
10:28:05.0807 1732 SessionEnv - ok
10:28:05.0838 1732 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
10:28:05.0838 1732 sffdisk - ok
10:28:05.0854 1732 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:28:05.0854 1732 sffp_mmc - ok
10:28:05.0932 1732 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:28:05.0932 1732 sffp_sd - ok
10:28:05.0947 1732 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:28:05.0947 1732 sfloppy - ok
10:28:05.0994 1732 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:28:05.0994 1732 SharedAccess - ok
10:28:06.0057 1732 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
10:28:06.0057 1732 ShellHWDetection - ok
10:28:06.0119 1732 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
10:28:06.0119 1732 sisagp - ok
10:28:06.0150 1732 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:28:06.0150 1732 SiSRaid2 - ok
10:28:06.0197 1732 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:28:06.0197 1732 SiSRaid4 - ok
10:28:06.0244 1732 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:28:06.0244 1732 Smb - ok
10:28:06.0322 1732 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:28:06.0322 1732 SNMPTRAP - ok
10:28:06.0431 1732 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
10:28:06.0478 1732 SNP2UVC - ok
10:28:06.0961 1732 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:28:06.0961 1732 spldr - ok
10:28:06.0993 1732 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
10:28:07.0008 1732 Spooler - ok
10:28:07.0117 1732 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
10:28:07.0227 1732 sppsvc - ok
10:28:07.0242 1732 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
10:28:07.0242 1732 sppuinotify - ok
10:28:07.0305 1732 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
10:28:07.0305 1732 srv - ok
10:28:07.0336 1732 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
10:28:07.0336 1732 srv2 - ok
10:28:07.0398 1732 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:28:07.0398 1732 SrvHsfHDA - ok
10:28:07.0429 1732 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
10:28:07.0461 1732 SrvHsfV92 - ok
10:28:07.0492 1732 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
10:28:07.0507 1732 SrvHsfWinac - ok
10:28:07.0539 1732 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
10:28:07.0539 1732 srvnet - ok
10:28:07.0585 1732 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:28:07.0585 1732 SSDPSRV - ok
10:28:07.0617 1732 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:28:07.0617 1732 SstpSvc - ok
10:28:07.0648 1732 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:28:07.0663 1732 stexstor - ok
10:28:07.0726 1732 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
10:28:07.0726 1732 StiSvc - ok
10:28:07.0757 1732 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
10:28:07.0757 1732 swenum - ok
10:28:07.0804 1732 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:28:07.0819 1732 swprv - ok
10:28:07.0882 1732 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
10:28:07.0913 1732 SysMain - ok
10:28:07.0976 1732 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
10:28:07.0976 1732 TabletInputService - ok
10:28:08.0178 1732 TabletServicePen (c9d5fa17200768ef92538f1f95735a2e) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
10:28:08.0288 1732 TabletServicePen - ok
10:28:08.0412 1732 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
10:28:08.0428 1732 TapiSrv - ok
10:28:08.0459 1732 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:28:08.0459 1732 TBS - ok
10:28:08.0537 1732 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
10:28:08.0568 1732 Tcpip - ok
10:28:08.0631 1732 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
10:28:08.0646 1732 TCPIP6 - ok
10:28:08.0693 1732 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
10:28:08.0693 1732 tcpipreg - ok
10:28:08.0756 1732 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
10:28:08.0756 1732 TDPIPE - ok
10:28:08.0802 1732 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
10:28:08.0802 1732 TDTCP - ok
10:28:08.0849 1732 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
10:28:08.0849 1732 tdx - ok
10:28:08.0880 1732 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
10:28:08.0880 1732 TermDD - ok
10:28:08.0927 1732 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
10:28:08.0927 1732 TermService - ok
10:28:08.0958 1732 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:28:08.0958 1732 Themes - ok
10:28:09.0021 1732 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:28:09.0021 1732 THREADORDER - ok
10:28:09.0130 1732 TouchServicePen (8d83c60de67c2db212452d8ebe7ca196) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
10:28:09.0146 1732 TouchServicePen - ok
10:28:09.0270 1732 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:28:09.0270 1732 TrkWks - ok
10:28:09.0317 1732 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
10:28:09.0317 1732 TrustedInstaller - ok
10:28:09.0395 1732 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:28:09.0395 1732 tssecsrv - ok
10:28:09.0426 1732 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:28:09.0426 1732 TsUsbFlt - ok
10:28:09.0458 1732 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
10:28:09.0473 1732 tunnel - ok
10:28:09.0489 1732 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:28:09.0489 1732 uagp35 - ok
10:28:09.0520 1732 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
10:28:09.0536 1732 udfs - ok
10:28:09.0567 1732 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:28:09.0582 1732 UI0Detect - ok
10:28:09.0598 1732 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:28:09.0598 1732 uliagpkx - ok
10:28:09.0660 1732 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
10:28:09.0660 1732 umbus - ok
10:28:09.0692 1732 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:28:09.0692 1732 UmPass - ok
10:28:09.0754 1732 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:28:09.0754 1732 upnphost - ok
10:28:09.0785 1732 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
10:28:09.0801 1732 usbccgp - ok
10:28:09.0816 1732 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
10:28:09.0816 1732 usbcir - ok
10:28:09.0848 1732 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
10:28:09.0848 1732 usbehci - ok
10:28:09.0894 1732 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
10:28:09.0910 1732 usbhub - ok
10:28:09.0926 1732 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
10:28:09.0926 1732 usbohci - ok
10:28:09.0972 1732 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:28:09.0972 1732 usbprint - ok
10:28:10.0082 1732 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
10:28:10.0082 1732 usbscan - ok
10:28:10.0113 1732 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:28:10.0113 1732 USBSTOR - ok
10:28:10.0144 1732 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
10:28:10.0144 1732 usbuhci - ok
10:28:10.0175 1732 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:28:10.0191 1732 UxSms - ok
10:28:10.0222 1732 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
10:28:10.0222 1732 VaultSvc - ok
10:28:10.0284 1732 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:28:10.0284 1732 vdrvroot - ok
10:28:10.0347 1732 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
10:28:10.0347 1732 vds - ok
10:28:10.0378 1732 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:28:10.0378 1732 vga - ok
10:28:10.0440 1732 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:28:10.0440 1732 VgaSave - ok
10:28:10.0472 1732 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
10:28:10.0472 1732 vhdmp - ok
10:28:10.0503 1732 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
10:28:10.0518 1732 viaagp - ok
10:28:10.0565 1732 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:28:10.0565 1732 ViaC7 - ok
10:28:10.0581 1732 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
10:28:10.0581 1732 viaide - ok
10:28:10.0612 1732 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
10:28:10.0612 1732 volmgr - ok
10:28:10.0628 1732 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:28:10.0643 1732 volmgrx - ok
10:28:10.0659 1732 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
10:28:10.0674 1732 volsnap - ok
10:28:10.0706 1732 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:28:10.0721 1732 vsmraid - ok
10:28:10.0784 1732 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
10:28:10.0815 1732 VSS - ok
10:28:10.0877 1732 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:28:10.0877 1732 vwifibus - ok
10:28:10.0924 1732 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:28:10.0924 1732 vwififlt - ok
10:28:10.0971 1732 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:28:10.0986 1732 W32Time - ok
10:28:11.0064 1732 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
10:28:11.0064 1732 wacmoumonitor - ok
10:28:11.0096 1732 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:28:11.0096 1732 WacomPen - ok
10:28:11.0158 1732 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:28:11.0158 1732 WANARP - ok
10:28:11.0174 1732 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
10:28:11.0174 1732 Wanarpv6 - ok
10:28:11.0252 1732 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
10:28:11.0283 1732 WatAdminSvc - ok
10:28:11.0361 1732 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
10:28:11.0392 1732 wbengine - ok
10:28:11.0454 1732 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:28:11.0454 1732 WbioSrvc - ok
10:28:11.0486 1732 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
10:28:11.0501 1732 wcncsvc - ok
10:28:11.0532 1732 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:28:11.0532 1732 WcsPlugInService - ok
10:28:11.0579 1732 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:28:11.0595 1732 Wd - ok
10:28:11.0642 1732 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:28:11.0657 1732 Wdf01000 - ok
10:28:11.0704 1732 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:28:11.0704 1732 WdiServiceHost - ok
10:28:11.0720 1732 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:28:11.0720 1732 WdiSystemHost - ok
10:28:11.0751 1732 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
10:28:11.0751 1732 WebClient - ok
10:28:11.0782 1732 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:28:11.0782 1732 Wecsvc - ok
10:28:11.0829 1732 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:28:11.0829 1732 wercplsupport - ok
10:28:11.0891 1732 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:28:11.0891 1732 WerSvc - ok
10:28:11.0969 1732 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:28:11.0969 1732 WfpLwf - ok
10:28:12.0000 1732 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:28:12.0000 1732 WIMMount - ok
10:28:12.0016 1732 WinHttpAutoProxySvc - ok
10:28:12.0094 1732 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:28:12.0094 1732 Winmgmt - ok
10:28:12.0156 1732 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
10:28:12.0188 1732 WinRM - ok
10:28:12.0234 1732 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:28:12.0266 1732 Wlansvc - ok
10:28:12.0406 1732 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:28:12.0422 1732 WmiAcpi - ok
10:28:12.0484 1732 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:28:12.0484 1732 wmiApSrv - ok
10:28:12.0609 1732 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:28:12.0640 1732 WMPNetworkSvc - ok
10:28:12.0874 1732 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:28:12.0890 1732 WPCSvc - ok
10:28:12.0921 1732 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
10:28:12.0921 1732 WPDBusEnum - ok
10:28:12.0999 1732 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:28:13.0014 1732 ws2ifsl - ok
10:28:13.0014 1732 WSearch - ok
10:28:13.0139 1732 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
10:28:13.0186 1732 wuauserv - ok
10:28:13.0217 1732 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
10:28:13.0217 1732 WudfPf - ok
10:28:13.0358 1732 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:28:13.0358 1732 WUDFRd - ok
10:28:13.0436 1732 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
10:28:13.0436 1732 wudfsvc - ok
10:28:13.0482 1732 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:28:13.0514 1732 WwanSvc - ok
10:28:13.0576 1732 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
10:28:13.0592 1732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:28:13.0592 1732 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:28:13.0685 1732 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:28:13.0685 1732 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:28:13.0716 1732 Boot (0x1200) (353c4f3387e0754fe3e2df8f09ec848d) \Device\Harddisk0\DR0\Partition0
10:28:13.0716 1732 \Device\Harddisk0\DR0\Partition0 - ok
10:28:13.0716 1732 ============================================================
10:28:13.0716 1732 Scan finished
10:28:13.0716 1732 ============================================================
10:28:13.0732 1852 Detected object count: 2
10:28:13.0732 1852 Actual detected object count: 2
10:29:00.0797 1852 \Device\Harddisk0\DR0\# - copied to quarantine
10:29:00.0797 1852 \Device\Harddisk0\DR0 - copied to quarantine
10:29:00.0875 1852 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:29:00.0891 1852 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:29:00.0906 1852 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:29:00.0906 1852 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:29:00.0922 1852 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:29:00.0953 1852 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:29:00.0969 1852 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:29:00.0969 1852 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:29:00.0969 1852 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:29:00.0969 1852 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:29:00.0969 1852 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:29:00.0984 1852 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:29:01.0000 1852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
10:29:01.0016 1852 \Device\Harddisk0\DR0 - ok
10:29:01.0203 1852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
10:29:01.0203 1852 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:29:01.0203 1852 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:34:06.0221 2944 Deinitialize success


TDSSKiller needed to reboot my machine

Also while typing this, Ive recieved a pop up from Spybot asking for an 'Allow/Deny change' decision on the following;
Category - Disable Taskmanager
Change - Value Deleted

Entry - Disable Taskmgr

Old Data - 1
New Data


Im not sure what to select on that. I think I should select yes, but I dont want to change anything that could make things worse

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:33 PM

Posted 28 March 2012 - 01:29 PM

Select Yes

For the missing items. Do NOT run a TEMP file or Registry Cleaner.
Please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 DrifterUK

DrifterUK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 28 March 2012 - 04:01 PM

Ok, I ran Unhide.exe which restored some of the items to my start menu, though most of the application folders just display (empty). Im guessing this might be because when I ran Spybot S&D last night before posting here, I think I selected yes when it asked if I wanted to clear Temp files

Ive also just finished running ESET, and this is the log

C:\TDSSKiller_Quarantine\28.03.2012_10.24.54\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.03.2012_10.24.54\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.03.2012_10.24.54\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.03.2012_10.24.54\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.03.2012_10.24.54\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.03.2012_10.24.54\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.03.2012_10.24.54\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\Drifter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7d845772-516a8c36 a variant of Java/Agent.DM trojan deleted - quarantined
C:\Users\Drifter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\37a9be74-40337d9b Java/Exploit.CVE-2011-3544.X trojan deleted - quarantined
C:\Windows\$NtUninstallKB14933$\systemprofile\5e0b5985-3221.exe Win32/Agent.TFL trojan cleaned by deleting - quarantined
C:\Windows\$NtUninstallKB14933$\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1b6b48ea-5fe492be a variant of Java/Exploit.CVE-2012-0507.B trojan deleted - quarantined
C:\Windows\System32\chkdetup.dll a variant of Win32/Kryptik.WRL trojan cleaned by deleting (after the next restart) - quarantined
Operating memory a variant of Win32/PSW.Papras.BW trojan


It said it found 13 infected files, but could only clear 12 of them

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:33 PM

Posted 28 March 2012 - 08:17 PM

I think since we may have used a Temp cleaner and you are not cleaning it all we should start a new topic to get a deeper look.
Include this link to this topic to help explain your dilemma.
http://www.bleepingcomputer.com/forums/topic447880.html/page__pid__2646134#entry2646134


Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 DrifterUK

DrifterUK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 28 March 2012 - 08:29 PM

Ok cool. Ill try and get that all done and posted shortly

Thanks for all your help so far




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users