Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A "Stopped Working" window appears and does not allow to run/start any program


  • Please log in to reply
11 replies to this topic

#1 Souschefie

Souschefie

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 13 June 2012 - 08:28 AM

Dear Staff Member,

I think I have been infected in a major way, it is awful and I have made even more awful mistakes trying to figure this out. I have noticed three major problems so far. This happened last week. I watched a film online last Thursday night and right after the end my computer shut down on its own, which it never had done before. So then I started it up again to make sure nothing was wrong and it started fine, so I thought it was ok and I shut it down. Then on Friday morning is when I noticed there was something wrong, details which I am listing below.

I must also confess I tried to figure this out on my own by looking up online for some of the words that were coming up as errors in my system. So this is how I got to a link on bleepingcomputer.com, where someone was posting about something similar and I thought it was close enough to follow the same instructions. I know, it was a major dumb mistake, I know now and hope I have not ruined my computer.

The initial link that I followed is this: http://www.bleepingcomputer.com/forums/topic440596.html
But what I ended up doing on my own is this:
1. I did System Restore
2. I downloaded TDSSkiller, launched it, clicked on change parameters-Select TDLFS file system and ran a scan, then I did this on it: I Rootkit.boot.pihar - CURED it and TDSSfilesystem - DELETED it
3. I downloaded Malwarebytes Anti-Malware, launched it and ran a scan and then I did this on it: selected all infections and DELETED them. I must also mention that the Malwarebytes Anti-Malware software I downloaded is gone, I don't know how this happened but neither the link is on the desktop nor the program itself is in my installed/uninstalled programs in the system

Nonetheless, this is how I found about you guys in the end and am now trying to figure things out by starting from scratch, hopefully it's not too late. I had actually started a topic on Friday on the 'Operating Systems' forum for Vista and this is the link I started: http://www.bleepingcomputer.com/forums/topic456452.html But after reading what the moderator was advicing me to do, I thought it is best to start this as a new topic in this forum. Pardon me if this is another unethical thing to do, but I am a new user and am getting just now acquainted with Bleeping Computer.

Okay, and now to the relevant details:

My system:

I have a:
Dell
Inspiron 1440
Pentium ® Dual-Core CPU T4200 @ 2.00 GHz 2.00 GHz
3.GB
64-bit Operating System

Problem #1

I am getting this small window when I start my computer and it does not allow anything to start. I have gotten various window messages, this time around I wrote down which ones:

Microsoft Windows:
"Div X Update Has Stopped Working"
"Adobe Acrobat Speed Launcher Has Stopped Working"
"Google Installer Has Stopped Working"
"Skype Has Stopped Working"
"Microsoft Word Has Stopped Working"
"Power Point Has Stopped Working"

Then, for each one it tells me it is going to close the program and that Microsot Windows will let me know if a solution is found.

Problem # 2

Every time I am researching for something on Google now and if I try to follow a link, it is always re-directing me to what seems to be another search engine. Here is an example of something I just tried looking up on Google, I typed in the word 'etnogastronomy' and upon following the first link, here is what I got: http://63.209.69.107/search/web/etnogastronomy/C10/ecn/46938-97510/v5

So, this is somewhat obstructive since I now cannot research anything. If I do have a URL address is fine, it takes me to that site, but if I am looking for a site to which I do not have their URL and I try linking up to it from Google, this is when it re-directs me to something else.

Problem #3

Finally, with all of this, my computer seems to be running a bit slower now.

So I know I am reporting a bundle here, but can you please, please, please help me?

Thank you kindly in advance. I am a Chef, and I wish I could help you with something in exchange, so if you have any culinary questions, please feel free to ask.

Many blessings,

Souschefie

Edited by Souschefie, 13 June 2012 - 08:42 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 13 June 2012 - 08:54 AM

Boot the PC into safemode with networking

Download

UNHIDE

Run it as administrator-this should restore your hidden files

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here



Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

If you still have startup errors,then you may need to reinstall applications(you should not have done system restore)

#3 Souschefie

Souschefie
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 13 June 2012 - 12:15 PM

Dear narenxp,

Thank you so much for your prompt reply!

I have a few questions to ask before I do this, so if you allow me:

Boot the PC into safemode with networking

How do I boot my PC in Safe Mode?

Download
UNHIDE
Run it as administrator-this should restore your hidden files


I assume 'administrator' will be one of the options to run my PC, if not, how do I do this?

Download
http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html
Install,update and run a full scan
Click on SHOW results.Select all infections and remove it
Reboot the PC and scan MBAM once in regular mode until you get a clean log


Will I still be running it as administrator in Safe Mode up to this point? And also, it says to reboot the PC and scan MBAM once in regular mode until a clean log; if I was in Safe Mode, how do I reboot to regular mode?

Download
aswMBR
Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log
Post the log results here


After I launch it, will it download the latest Avast! virus definitions by itself or is there something I need to click on?
And as far as the log, do I save this on a Word file or in the program itself and is it there where I need to go to copy the info in order to paste here?

If you still have startup errors,then you may need to reinstall applications(you should not have done system restore)

What did I do to my computer by having done 'System Restore'? Is it safe to be working in my computer before I try fix it by running all of the steps you advice?

I apologyze for all the questions, but as you can surely assume, I am not very familiar with computers.

Thank you so, so much for your time and patience.

Souchefie

Edited by Souschefie, 13 June 2012 - 12:21 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 13 June 2012 - 12:35 PM

How do I boot my PC in Safe Mode?

http://www.computerhope.com/issues/chsafe.htm

safemode with networking

I assume 'administrator' will be one of the options to run my PC, if not, how do I do this?

right click on select run as administrator

Will I still be running it as administrator in Safe Mode up to this point? And also, it says to reboot the PC and scan MBAM once in regular mode until a clean log; if I was in Safe Mode, how do I reboot to regular mode?



Just double click ,install it and launch it,restart the PC and it should boot to normal mode

After I launch it, will it download the latest Avast! virus definitions by itself or is there something I need to click on?
And as far as the log, do I safe this on a Word file or in the program itself and is it there where I need to go to copy the info in order to paste here?


You will receive a pop up

What did I do to my computer by having done 'System Restore'? Is it safe to be working in my computer before I try fix it by running all of the steps you advice?

If system has been restored to a date before the softwares were installed then most probably softwares will not work

Lets not discuss about that now.Let me get the logs first

Edited by narenxp, 14 June 2012 - 12:27 AM.


#5 Souschefie

Souschefie
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 13 June 2012 - 11:12 PM

Dear narenxp,

Here is a reply with the summary of actions you requested:

I. UNHIDE

Downloaded and ran in Safe Mode as you said. You did not requested a log but here it is in case you need it:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 06/13/2012 02:13:08 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 204814 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 12175 files processed.

The C:\Users\Mario\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Restarting Explorer.exe in order to apply changes.

Program finished at: 06/13/2012 02:23:19 PM
Execution time: 0 hours(s), 10 minute(s), and 10 seconds(s)

II. Malwarebytes-anti-malware

Installed,updated and ran a full scan. Clicked on SHOW results. Selected all infections and removed them. Rebooted the PC and scanned MBAM once in regular mode until I got a clean log, it actually only took once in regular mode.

III. aswMBR

Launched it, allowed it to download latest Avast! virus definitions. Clicked the "Scan" button to start scan. After scan finished, clicked on Save log. Here are the results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-13 21:26:16
-----------------------------
21:26:16.591 OS Version: Windows x64 6.0.6002 Service Pack 2
21:26:16.592 Number of processors: 2 586 0x170A
21:26:16.594 ComputerName: MARIO-PC UserName: Mario
21:26:18.707 Initialize success
21:27:42.710 AVAST engine defs: 12061301
21:28:23.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:28:23.254 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:28:23.287 Disk 0 MBR read successfully
21:28:23.291 Disk 0 MBR scan
21:28:23.301 Disk 0 Windows VISTA default MBR code
21:28:23.306 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
21:28:23.345 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
21:28:23.412 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223051 MB offset 31586304
21:28:23.540 Disk 0 scanning C:\Windows\system32\drivers
21:28:42.282 Service scanning
21:29:24.462 Modules scanning
21:29:24.473 Disk 0 trace - called modules:
21:29:24.509 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:29:24.519 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003692660]
21:29:24.533 3 CLASSPNP.SYS[fffffa6000fc6c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800339c050]
21:29:25.968 AVAST engine scan C:\Windows
21:29:30.881 AVAST engine scan C:\Windows\system32
21:35:28.613 AVAST engine scan C:\Windows\system32\drivers
21:35:59.504 AVAST engine scan C:\Users\Mario
21:59:55.435 AVAST engine scan C:\ProgramData
22:05:23.186 Scan finished successfully
22:05:55.442 Disk 0 MBR has been saved successfully to "C:\Users\Mario\Desktop\MBR.dat"
22:05:55.460 The log file has been saved successfully to "C:\Users\Mario\Desktop\aswMBR - June 13.txt"

IV. ESET online scanner

Installed it. Clickde on START, it downloaded the virus definitions. When scan got completed, clicked on LIST of found threats and exported the list to desktop, copied the contents of the text and here are the results:

C:\TDSSKiller_Quarantine\09.06.2012_08.02.21\mbr0000\tdlfs0000\tsk0001.dta
Win64/Olmarik.AK Trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\09.06.2012_08.02.21\mbr0000\tdlfs0000\tsk0002.dta
a variant of Win32/Olmarik.AYH Trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\09.06.2012_08.02.21\mbr0000\tdlfs0000\tsk0005.dta
Win64/Olmarik.AK Trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\09.06.2012_08.02.21\tdlfs0000\tsk0001.dta
Win64/Olmarik.AK Trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\09.06.2012_08.02.21\tdlfs0000\tsk0002.dta
a variant of Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\09.06.2012_08.02.21\tdlfs0000\tsk0005.dta
Win64/Olmarik.AK trojan cleaned by deleting - quarantined

C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2G1VABP0\v-416500[1].htm
JS/TrojanDownloader.Iframe.NKE Trojan cleaned by deleting - quarantined

C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJV1PI9Q\v-416459[1].htm
JS/TrojanDownloader.Iframe.NKE Trojan cleaned by deleting - quarantined

V. If you still have startup errors,then you may need to reinstall applications(you should not have done system restore)

My computer seems to be running ok now, thank you, but I have not been using it that much, since it took me quite a bit of time to do all this tasks (mainly because the site was down for a bit of time on Wed. afternoon.) I will let you know of anything if it shows anymore problems, but I have not seen those Microsoft Windows pop up and just tried doing a search and it did not re-direct me to whatever it was re-directing me to before.

I have no words to thank you enough, but I truly appreciate your time and patience and effort.

Can you please tell me if I still have some other tasks to do? I noticed the aswMBR scan was clear of infections, but the ESET had eight of them, do we still have other scan to do?

Thanks so much again.

Edited by Souschefie, 13 June 2012 - 11:14 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 13 June 2012 - 11:22 PM

Grt work :thumbsup:

Browse to C drive and delete TDSSkiller quarantine folder.We have one more scan

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 Souschefie

Souschefie
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 14 June 2012 - 09:13 AM

Dear narenxp,

Again, I thank you so, so much for these past few days and your amazing assistance. I think I almost ruined my computer, which is old and very basic but which I love, so thanks so much for helping me save it. Please let me know if there are further tasks and also if my computer is ok.

I have noticed your location is India, are you there, from there? I love India, its people, food, colors, its air beyond the smog.

Thank you again.
Souschefie.

MiniToolBox

Here is the log:

MiniToolBox by Farbar Version: 09-06-2012
Ran by Mario (administrator) on 14-06-2012 at 10:02:23
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1515 Wireless-N Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mario-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Dell Wireless 1515 Wireless-N Adapter
Physical Address. . . . . . . . . : 00-22-5F-F1-13-C1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::119e:fc18:ecf7:78c2%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, June 14, 2012 8:03:48 AM
Lease Expires . . . . . . . . . . : Friday, June 15, 2012 8:03:47 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201335391
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-01-4B-47-00-25-64-56-2C-C8
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-25-64-56-2C-C8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{472B833A-9011-4490-A5CE-44245E1898DD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:245e:413a:bbcf:61b0(Preferred)
Link-local IPv6 Address . . . . . : fe80::245e:413a:bbcf:61b0%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.md.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:4004:800::1001
74.125.228.35
74.125.228.46
74.125.228.39
74.125.228.34
74.125.228.33
74.125.228.37
74.125.228.36
74.125.228.41
74.125.228.40
74.125.228.38
74.125.228.32



Pinging google.com [74.125.228.46] with 32 bytes of data:

Reply from 74.125.228.46: bytes=32 time=19ms TTL=54

Reply from 74.125.228.46: bytes=32 time=37ms TTL=54



Ping statistics for 74.125.228.46:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 37ms, Average = 28ms

Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=51ms TTL=49

Reply from 209.191.122.70: bytes=32 time=51ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 51ms, Maximum = 51ms, Average = 51ms

Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 22 5f f1 13 c1 ...... Dell Wireless 1515 Wireless-N Adapter
11 ...00 25 64 56 2c c8 ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{472B833A-9011-4490-A5CE-44245E1898DD}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.hsd1.md.comcast.net.
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:245e:413a:bbcf:61b0/128
On-link
12 281 fe80::/64 On-link
10 266 fe80::/64 On-link
12 281 fe80::119e:fc18:ecf7:78c2/128
On-link
10 266 fe80::245e:413a:bbcf:61b0/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/14/2012 08:04:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2012 01:45:45 AM) (Source: Perflib) (User: )
Description: Network Inspection Systemc:\Program Files\Microsoft Security Client\NisPerformanceProvider.dll4

Error: (06/14/2012 01:44:41 AM) (Source: Perflib) (User: )
Description: PolicyAgent4

Error: (06/14/2012 01:44:41 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (06/14/2012 01:44:40 AM) (Source: Perflib) (User: )
Description: EmdCache4

Error: (06/13/2012 10:07:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (06/13/2012 10:06:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (06/13/2012 03:38:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/13/2012 02:23:24 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/13/2012 02:07:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/13/2012 02:09:07 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/13/2012 02:07:23 PM) (Source: Service Control Manager) (User: )
Description: MpFilter
spldr
Wanarpv6

Error: (06/13/2012 02:07:23 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (06/13/2012 02:07:08 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/13/2012 02:06:56 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/13/2012 02:06:49 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/13/2012 02:06:29 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/13/2012 07:56:19 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:51:40 AM on 6/13/2012 was unexpected.

Error: (06/13/2012 07:28:43 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1762.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/13/2012 07:28:43 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.127.1762.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (09/21/2011 00:53:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/31/2011 10:19:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/31/2011 09:31:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/17/2011 09:19:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/08/2011 08:04:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/05/2011 00:15:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/13/2011 11:15:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/13/2011 11:14:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/04/2011 08:21:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 6.2.1)
Apple Mobile Device Support (Version: 4.0.0.97)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.13)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 7.104.101.102)
Google Chrome (Version: 19.0.1084.56)
HP Deskjet F4400 Printer Driver 14.0 Rel. 5 (Version: 14.0)
Integrated Webcam Driver (1.00.04.0310) (Version: 1.00.04.0310)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.5.1.42)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Octoshape add-in for Adobe Flash Player
Quickset (Version: 9.4.6)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 3033.57 MB
Available physical RAM: 1562.56 MB
Total Pagefile: 6275.39 MB
Available Pagefile: 4457.48 MB
Total Virtual: 4095.88 MB
Available Virtual: 3992.38 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:217.82 GB) (Free:98.08 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.59 GB) NTFS

========================= Users: ========================================

User accounts for \\MARIO-PC

Administrator Guest Mario


**** End of log ****


Browse to C drive and delete TDSSkiller quarantine folder.We have one more scan

I deleted the quarantine folder and emptied the recycling bin after that. I did notice that in 'C' there was also a text file for TDSSKiller, I opened it and it was a log, which I am posting below in case you needed to see it or know about it. Shall I delete this too?


08:02:20.0767 4140 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:02:21.0069 4140 ============================================================
08:02:21.0069 4140 Current date / time: 2012/06/09 08:02:21.0069
08:02:21.0069 4140 SystemInfo:
08:02:21.0069 4140
08:02:21.0070 4140 OS Version: 6.0.6002 ServicePack: 2.0
08:02:21.0070 4140 Product type: Workstation
08:02:21.0070 4140 ComputerName: MARIO-PC
08:02:21.0070 4140 UserName: Mario
08:02:21.0070 4140 Windows directory: C:\Windows
08:02:21.0070 4140 System windows directory: C:\Windows
08:02:21.0070 4140 Running under WOW64
08:02:21.0070 4140 Processor architecture: Intel x64
08:02:21.0070 4140 Number of processors: 2
08:02:21.0070 4140 Page size: 0x1000
08:02:21.0070 4140 Boot type: Normal boot
08:02:21.0070 4140 ============================================================
08:02:22.0478 4140 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:02:22.0633 4140 ============================================================
08:02:22.0633 4140 \Device\Harddisk0\DR0:
08:02:22.0633 4140 MBR partitions:
08:02:22.0633 4140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
08:02:22.0633 4140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x1B3A5800
08:02:22.0633 4140 ============================================================
08:02:23.0368 4140 C: <-> \Device\Harddisk0\DR0\Partition1
08:02:23.0615 4140 D: <-> \Device\Harddisk0\DR0\Partition0
08:02:23.0615 4140 ============================================================
08:02:23.0615 4140 Initialize success
08:02:23.0615 4140 ============================================================
08:04:17.0334 2620 ============================================================
08:04:17.0334 2620 Scan started
08:04:17.0334 2620 Mode: Manual; TDLFS;
08:04:17.0334 2620 ============================================================
08:04:17.0864 2620 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
08:04:17.0880 2620 ACPI - ok
08:04:18.0407 2620 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
08:04:18.0438 2620 adp94xx - ok
08:04:18.0526 2620 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
08:04:18.0588 2620 adpahci - ok
08:04:18.0647 2620 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
08:04:18.0650 2620 adpu160m - ok
08:04:18.0688 2620 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
08:04:18.0699 2620 adpu320 - ok
08:04:19.0041 2620 AdvancedSystemCareService5 (e690647ae0b4111e3d82fce27fdfd9b4) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
08:04:19.0046 2620 AdvancedSystemCareService5 - ok
08:04:19.0106 2620 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
08:04:19.0108 2620 AeLookupSvc - ok
08:04:19.0334 2620 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
08:04:19.0338 2620 AESTFilters - ok
08:04:19.0518 2620 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
08:04:19.0530 2620 AFD - ok
08:04:19.0611 2620 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
08:04:19.0613 2620 agp440 - ok
08:04:19.0671 2620 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
08:04:19.0711 2620 aic78xx - ok
08:04:19.0755 2620 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
08:04:19.0757 2620 ALG - ok
08:04:19.0804 2620 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
08:04:19.0806 2620 aliide - ok
08:04:19.0922 2620 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
08:04:19.0924 2620 amdide - ok
08:04:19.0976 2620 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
08:04:19.0978 2620 AmdK8 - ok
08:04:20.0110 2620 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:04:20.0128 2620 ApfiltrService - ok
08:04:20.0205 2620 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
08:04:20.0207 2620 Appinfo - ok
08:04:20.0502 2620 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:04:20.0521 2620 Apple Mobile Device - ok
08:04:20.0557 2620 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
08:04:20.0560 2620 arc - ok
08:04:20.0613 2620 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
08:04:20.0616 2620 arcsas - ok
08:04:20.0670 2620 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
08:04:20.0671 2620 AsyncMac - ok
08:04:20.0705 2620 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
08:04:20.0706 2620 atapi - ok
08:04:20.0932 2620 athr (c39bec1173eb66d2225102cfc402d686) C:\Windows\system32\DRIVERS\athrx.sys
08:04:21.0008 2620 athr - ok
08:04:21.0092 2620 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
08:04:21.0103 2620 AudioEndpointBuilder - ok
08:04:21.0112 2620 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
08:04:21.0118 2620 AudioSrv - ok
08:04:21.0292 2620 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:04:21.0303 2620 BBSvc - ok
08:04:21.0448 2620 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
08:04:21.0459 2620 BFE - ok
08:04:21.0659 2620 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
08:04:21.0742 2620 BITS - ok
08:04:21.0897 2620 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
08:04:21.0900 2620 blbdrive - ok
08:04:22.0028 2620 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:04:22.0051 2620 Bonjour Service - ok
08:04:22.0131 2620 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
08:04:22.0133 2620 bowser - ok
08:04:22.0200 2620 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
08:04:22.0222 2620 BrFiltLo - ok
08:04:22.0281 2620 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
08:04:22.0282 2620 BrFiltUp - ok
08:04:22.0949 2620 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
08:04:23.0013 2620 Browser - ok
08:04:23.0964 2620 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
08:04:24.0064 2620 Brserid - ok
08:04:24.0541 2620 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
08:04:24.0585 2620 BrSerWdm - ok
08:04:24.0725 2620 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
08:04:24.0759 2620 BrUsbMdm - ok
08:04:24.0997 2620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
08:04:25.0053 2620 BrUsbSer - ok
08:04:25.0690 2620 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
08:04:25.0757 2620 BTHMODEM - ok
08:04:26.0850 2620 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
08:04:27.0005 2620 cdfs - ok
08:04:28.0149 2620 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
08:04:28.0271 2620 cdrom - ok
08:04:29.0003 2620 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
08:04:29.0059 2620 CertPropSvc - ok
08:04:29.0567 2620 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
08:04:29.0634 2620 circlass - ok
08:04:30.0529 2620 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
08:04:30.0779 2620 CLFS - ok
08:04:32.0151 2620 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:04:32.0207 2620 clr_optimization_v2.0.50727_32 - ok
08:04:33.0650 2620 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:04:33.0870 2620 clr_optimization_v2.0.50727_64 - ok
08:04:35.0273 2620 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:04:35.0287 2620 clr_optimization_v4.0.30319_32 - ok
08:04:35.0367 2620 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:04:35.0380 2620 clr_optimization_v4.0.30319_64 - ok
08:04:35.0688 2620 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
08:04:35.0744 2620 CmBatt - ok
08:04:35.0999 2620 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
08:04:36.0044 2620 cmdide - ok
08:04:36.0353 2620 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
08:04:36.0407 2620 Compbatt - ok
08:04:36.0416 2620 COMSysApp - ok
08:04:36.0732 2620 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
08:04:36.0809 2620 crcdisk - ok
08:04:38.0253 2620 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
08:04:38.0282 2620 CryptSvc - ok
08:04:39.0798 2620 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
08:04:39.0854 2620 DcomLaunch - ok
08:04:39.0952 2620 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
08:04:39.0970 2620 DfsC - ok
08:04:40.0316 2620 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
08:04:40.0455 2620 DFSR - ok
08:04:40.0638 2620 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
08:04:40.0702 2620 Dhcp - ok
08:04:40.0766 2620 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
08:04:40.0769 2620 disk - ok
08:04:41.0209 2620 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
08:04:41.0235 2620 Dnscache - ok
08:04:41.0319 2620 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
08:04:41.0330 2620 dot3svc - ok
08:04:41.0402 2620 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
08:04:41.0406 2620 Dot4 - ok
08:04:41.0600 2620 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:04:41.0622 2620 Dot4Print - ok
08:04:41.0661 2620 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
08:04:41.0663 2620 dot4usb - ok
08:04:41.0769 2620 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
08:04:41.0773 2620 DPS - ok
08:04:41.0834 2620 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
08:04:41.0835 2620 drmkaud - ok
08:04:42.0023 2620 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
08:04:42.0038 2620 DXGKrnl - ok
08:04:42.0166 2620 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
08:04:42.0180 2620 e1express - ok
08:04:42.0283 2620 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
08:04:42.0287 2620 E1G60 - ok
08:04:42.0333 2620 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
08:04:42.0335 2620 EapHost - ok
08:04:42.0377 2620 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
08:04:42.0380 2620 Ecache - ok
08:04:42.0500 2620 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
08:04:42.0538 2620 ehRecvr - ok
08:04:42.0604 2620 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
08:04:42.0607 2620 ehSched - ok
08:04:42.0634 2620 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
08:04:42.0635 2620 ehstart - ok
08:04:42.0845 2620 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
08:04:42.0904 2620 elxstor - ok
08:04:43.0029 2620 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
08:04:43.0038 2620 EMDMgmt - ok
08:04:43.0152 2620 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
08:04:43.0154 2620 ErrDev - ok
08:04:43.0207 2620 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
08:04:43.0216 2620 EventSystem - ok
08:04:43.0340 2620 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
08:04:43.0344 2620 exfat - ok
08:04:43.0393 2620 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
08:04:43.0403 2620 fastfat - ok
08:04:43.0514 2620 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
08:04:43.0516 2620 fdc - ok
08:04:43.0560 2620 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
08:04:43.0561 2620 fdPHost - ok
08:04:43.0573 2620 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
08:04:43.0575 2620 FDResPub - ok
08:04:43.0597 2620 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
08:04:43.0600 2620 FileInfo - ok
08:04:43.0621 2620 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
08:04:43.0622 2620 Filetrace - ok
08:04:43.0635 2620 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:04:43.0637 2620 flpydisk - ok
08:04:43.0680 2620 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
08:04:43.0721 2620 FltMgr - ok
08:04:43.0928 2620 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
08:04:44.0018 2620 FontCache - ok
08:04:44.0154 2620 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:04:44.0156 2620 FontCache3.0.0.0 - ok
08:04:44.0349 2620 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
08:04:44.0371 2620 fssfltr - ok
08:04:44.0777 2620 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:04:44.0856 2620 fsssvc - ok
08:04:45.0091 2620 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
08:04:45.0092 2620 Fs_Rec - ok
08:04:45.0133 2620 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
08:04:45.0136 2620 gagp30kx - ok
08:04:45.0222 2620 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:04:45.0243 2620 GEARAspiWDM - ok
08:04:45.0317 2620 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
08:04:45.0358 2620 gpsvc - ok
08:04:45.0541 2620 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:04:45.0544 2620 gupdate - ok
08:04:45.0569 2620 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:04:45.0571 2620 gupdatem - ok
08:04:45.0708 2620 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:04:45.0744 2620 HDAudBus - ok
08:04:45.0849 2620 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
08:04:45.0851 2620 HidBth - ok
08:04:46.0160 2620 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
08:04:46.0209 2620 HidIr - ok
08:04:46.0603 2620 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
08:04:46.0614 2620 hidserv - ok
08:04:46.0700 2620 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
08:04:46.0722 2620 HidUsb - ok
08:04:46.0771 2620 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
08:04:46.0774 2620 hkmsvc - ok
08:04:46.0816 2620 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
08:04:46.0817 2620 HpCISSs - ok
08:04:46.0906 2620 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
08:04:46.0963 2620 HTTP - ok
08:04:47.0008 2620 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
08:04:47.0010 2620 i2omp - ok
08:04:47.0061 2620 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
08:04:47.0063 2620 i8042prt - ok
08:04:47.0297 2620 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\drivers\iastor.sys
08:04:47.0302 2620 iaStor - ok
08:04:47.0435 2620 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
08:04:47.0484 2620 iaStorV - ok
08:04:47.0665 2620 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:04:47.0755 2620 idsvc - ok
08:04:48.0708 2620 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:04:48.0961 2620 igfx - ok
08:04:49.0212 2620 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
08:04:49.0213 2620 iirsp - ok
08:04:49.0292 2620 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
08:04:49.0300 2620 IKEEXT - ok
08:04:49.0370 2620 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
08:04:49.0372 2620 intelide - ok
08:04:49.0404 2620 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
08:04:49.0405 2620 intelppm - ok
08:04:49.0451 2620 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
08:04:49.0454 2620 IPBusEnum - ok
08:04:49.0496 2620 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:04:49.0499 2620 IpFilterDriver - ok
08:04:49.0552 2620 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
08:04:49.0562 2620 iphlpsvc - ok
08:04:49.0567 2620 IpInIp - ok
08:04:49.0663 2620 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
08:04:49.0665 2620 IPMIDRV - ok
08:04:49.0698 2620 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
08:04:49.0701 2620 IPNAT - ok
08:04:49.0856 2620 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
08:04:49.0870 2620 iPod Service - ok
08:04:49.0913 2620 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
08:04:49.0915 2620 IRENUM - ok
08:04:49.0939 2620 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
08:04:49.0941 2620 isapnp - ok
08:04:50.0039 2620 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
08:04:50.0042 2620 iScsiPrt - ok
08:04:50.0166 2620 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
08:04:50.0168 2620 iteatapi - ok
08:04:50.0228 2620 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
08:04:50.0230 2620 iteraid - ok
08:04:50.0264 2620 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
08:04:50.0266 2620 kbdclass - ok
08:04:50.0288 2620 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
08:04:50.0290 2620 kbdhid - ok
08:04:50.0329 2620 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:04:50.0331 2620 KeyIso - ok
08:04:50.0419 2620 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
08:04:50.0459 2620 KSecDD - ok
08:04:50.0530 2620 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
08:04:50.0531 2620 ksthunk - ok
08:04:50.0615 2620 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
08:04:50.0650 2620 KtmRm - ok
08:04:50.0746 2620 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
08:04:50.0757 2620 LanmanServer - ok
08:04:50.0900 2620 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
08:04:50.0906 2620 LanmanWorkstation - ok
08:04:50.0955 2620 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
08:04:50.0957 2620 lltdio - ok
08:04:51.0015 2620 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
08:04:51.0043 2620 lltdsvc - ok
08:04:51.0088 2620 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
08:04:51.0091 2620 lmhosts - ok
08:04:51.0137 2620 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
08:04:51.0141 2620 LSI_FC - ok
08:04:51.0200 2620 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
08:04:51.0203 2620 LSI_SAS - ok
08:04:51.0261 2620 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
08:04:51.0265 2620 LSI_SCSI - ok
08:04:51.0302 2620 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
08:04:51.0305 2620 luafv - ok
08:04:51.0343 2620 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
08:04:51.0346 2620 Mcx2Svc - ok
08:04:51.0392 2620 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
08:04:51.0394 2620 megasas - ok
08:04:51.0499 2620 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
08:04:51.0563 2620 MegaSR - ok
08:04:51.0712 2620 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
08:04:51.0743 2620 MMCSS - ok
08:04:51.0787 2620 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
08:04:51.0789 2620 Modem - ok
08:04:51.0857 2620 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
08:04:51.0859 2620 monitor - ok
08:04:51.0900 2620 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
08:04:51.0901 2620 mouclass - ok
08:04:51.0967 2620 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
08:04:51.0969 2620 mouhid - ok
08:04:52.0029 2620 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
08:04:52.0032 2620 MountMgr - ok
08:04:52.0084 2620 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
08:04:52.0088 2620 MpFilter - ok
08:04:52.0211 2620 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
08:04:52.0273 2620 mpio - ok
08:04:52.0306 2620 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
08:04:52.0308 2620 mpsdrv - ok
08:04:52.0412 2620 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
08:04:52.0426 2620 MpsSvc - ok
08:04:52.0456 2620 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
08:04:52.0458 2620 Mraid35x - ok
08:04:52.0639 2620 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
08:04:52.0688 2620 MRxDAV - ok
08:04:52.0803 2620 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:04:52.0819 2620 mrxsmb - ok
08:04:52.0974 2620 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:04:52.0981 2620 mrxsmb10 - ok
08:04:53.0052 2620 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:04:53.0055 2620 mrxsmb20 - ok
08:04:53.0110 2620 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
08:04:53.0112 2620 msahci - ok
08:04:53.0184 2620 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
08:04:53.0187 2620 msdsm - ok
08:04:53.0250 2620 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
08:04:53.0254 2620 MSDTC - ok
08:04:53.0310 2620 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
08:04:53.0312 2620 Msfs - ok
08:04:53.0365 2620 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
08:04:53.0366 2620 msisadrv - ok
08:04:53.0445 2620 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
08:04:53.0504 2620 MSiSCSI - ok
08:04:53.0509 2620 msiserver - ok
08:04:53.0567 2620 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
08:04:53.0568 2620 MSKSSRV - ok
08:04:54.0015 2620 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:04:54.0016 2620 MsMpSvc - ok
08:04:54.0070 2620 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
08:04:54.0071 2620 MSPCLOCK - ok
08:04:54.0100 2620 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
08:04:54.0101 2620 MSPQM - ok
08:04:54.0160 2620 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
08:04:54.0176 2620 MsRPC - ok
08:04:54.0482 2620 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
08:04:54.0484 2620 mssmbios - ok
08:04:54.0542 2620 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
08:04:54.0544 2620 MSTEE - ok
08:04:54.0586 2620 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
08:04:54.0588 2620 Mup - ok
08:04:54.0664 2620 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
08:04:54.0720 2620 napagent - ok
08:04:54.0921 2620 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
08:04:54.0933 2620 NativeWifiP - ok
08:04:55.0074 2620 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
08:04:55.0086 2620 NDIS - ok
08:04:55.0169 2620 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
08:04:55.0171 2620 NdisTapi - ok
08:04:55.0183 2620 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
08:04:55.0185 2620 Ndisuio - ok
08:04:55.0238 2620 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
08:04:55.0262 2620 NdisWan - ok
08:04:55.0386 2620 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
08:04:55.0388 2620 NDProxy - ok
08:04:55.0437 2620 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
08:04:55.0440 2620 Net Driver HPZ12 - ok
08:04:55.0483 2620 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
08:04:55.0484 2620 NetBIOS - ok
08:04:55.0537 2620 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
08:04:55.0599 2620 netbt - ok
08:04:55.0673 2620 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:04:55.0675 2620 Netlogon - ok
08:04:55.0727 2620 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
08:04:55.0799 2620 Netman - ok
08:04:55.0831 2620 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
08:04:55.0837 2620 netprofm - ok
08:04:55.0928 2620 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:04:55.0931 2620 NetTcpPortSharing - ok
08:04:56.0664 2620 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
08:04:56.0731 2620 nfrd960 - ok
08:04:58.0319 2620 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:04:58.0431 2620 NisDrv - ok
08:05:01.0893 2620 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
08:05:02.0184 2620 NisSrv - ok
08:05:05.0080 2620 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
08:05:05.0347 2620 NlaSvc - ok
08:05:05.0380 2620 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
08:05:05.0382 2620 Npfs - ok
08:05:05.0415 2620 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
08:05:05.0418 2620 nsi - ok
08:05:05.0463 2620 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
08:05:05.0465 2620 nsiproxy - ok
08:05:08.0446 2620 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
08:05:09.0795 2620 Ntfs - ok
08:05:09.0954 2620 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
08:05:09.0956 2620 NuidFltr - ok
08:05:10.0000 2620 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
08:05:10.0001 2620 Null - ok
08:05:10.0041 2620 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
08:05:10.0045 2620 nvraid - ok
08:05:10.0066 2620 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
08:05:10.0072 2620 nvstor - ok
08:05:10.0165 2620 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
08:05:10.0181 2620 nv_agp - ok
08:05:10.0186 2620 NwlnkFlt - ok
08:05:10.0194 2620 NwlnkFwd - ok
08:05:10.0339 2620 OA013Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA013Ufd.sys
08:05:10.0342 2620 OA013Ufd - ok
08:05:10.0378 2620 OA013Vid (650bcc8ff8ed939f3f79d1e8a1cf0595) C:\Windows\system32\DRIVERS\OA013Vid.sys
08:05:10.0384 2620 OA013Vid - ok
08:05:10.0537 2620 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:05:10.0580 2620 odserv - ok
08:05:10.0632 2620 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
08:05:10.0635 2620 ohci1394 - ok
08:05:10.0702 2620 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:05:10.0705 2620 ose - ok
08:05:10.0885 2620 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:05:10.0920 2620 p2pimsvc - ok
08:05:10.0935 2620 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:05:10.0945 2620 p2psvc - ok
08:05:11.0036 2620 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
08:05:11.0039 2620 Parport - ok
08:05:11.0099 2620 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
08:05:11.0101 2620 partmgr - ok
08:05:11.0214 2620 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
08:05:11.0232 2620 PcaSvc - ok
08:05:14.0089 2620 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
08:05:14.0256 2620 pci - ok
08:05:14.0484 2620 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
08:05:14.0511 2620 pciide - ok
08:05:14.0915 2620 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
08:05:14.0982 2620 pcmcia - ok
08:05:16.0197 2620 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
08:05:16.0279 2620 PEAUTH - ok
08:05:16.0463 2620 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
08:05:16.0465 2620 PerfHost - ok
08:05:16.0875 2620 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
08:05:16.0929 2620 pla - ok
08:05:17.0047 2620 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
08:05:17.0055 2620 PlugPlay - ok
08:05:17.0170 2620 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
08:05:17.0173 2620 Pml Driver HPZ12 - ok
08:05:17.0307 2620 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:05:17.0318 2620 PNRPAutoReg - ok
08:05:17.0332 2620 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:05:17.0343 2620 PNRPsvc - ok
08:05:17.0469 2620 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
08:05:17.0512 2620 PolicyAgent - ok
08:05:17.0653 2620 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
08:05:17.0656 2620 PptpMiniport - ok
08:05:17.0726 2620 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
08:05:17.0728 2620 Processor - ok
08:05:17.0763 2620 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
08:05:17.0774 2620 ProfSvc - ok
08:05:17.0869 2620 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:05:17.0871 2620 ProtectedStorage - ok
08:05:17.0942 2620 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
08:05:17.0944 2620 PSched - ok
08:05:18.0194 2620 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
08:05:18.0276 2620 ql2300 - ok
08:05:18.0332 2620 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
08:05:18.0335 2620 ql40xx - ok
08:05:18.0498 2620 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
08:05:18.0560 2620 QWAVE - ok
08:05:18.0711 2620 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
08:05:18.0798 2620 QWAVEdrv - ok
08:05:19.0336 2620 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
08:05:19.0448 2620 R300 - ok
08:05:19.0652 2620 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
08:05:19.0674 2620 RasAcd - ok
08:05:19.0753 2620 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
08:05:19.0766 2620 RasAuto - ok
08:05:19.0820 2620 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:05:19.0823 2620 Rasl2tp - ok
08:05:19.0927 2620 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
08:05:19.0955 2620 RasMan - ok
08:05:20.0089 2620 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
08:05:20.0091 2620 RasPppoe - ok
08:05:20.0176 2620 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
08:05:20.0195 2620 RasSstp - ok
08:05:20.0333 2620 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
08:05:20.0413 2620 rdbss - ok
08:05:20.0521 2620 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:05:20.0522 2620 RDPCDD - ok
08:05:20.0768 2620 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
08:05:20.0867 2620 rdpdr - ok
08:05:20.0899 2620 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
08:05:20.0900 2620 RDPENCDD - ok
08:05:21.0157 2620 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
08:05:21.0167 2620 RDPWD - ok
08:05:21.0257 2620 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
08:05:21.0260 2620 RemoteAccess - ok
08:05:21.0364 2620 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
08:05:21.0370 2620 RemoteRegistry - ok
08:05:21.0460 2620 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
08:05:21.0462 2620 RpcLocator - ok
08:05:21.0592 2620 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
08:05:21.0603 2620 RpcSs - ok
08:05:21.0751 2620 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
08:05:21.0754 2620 rspndr - ok
08:05:21.0948 2620 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
08:05:21.0957 2620 RTL8169 - ok
08:05:22.0043 2620 RTSTOR (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
08:05:22.0051 2620 RTSTOR - ok
08:05:22.0257 2620 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:05:22.0259 2620 SamSs - ok
08:05:22.0328 2620 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
08:05:22.0331 2620 sbp2port - ok
08:05:22.0384 2620 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
08:05:22.0397 2620 SCardSvr - ok
08:05:22.0780 2620 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
08:05:22.0797 2620 Schedule - ok
08:05:22.0918 2620 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
08:05:22.0919 2620 SCPolicySvc - ok
08:05:22.0985 2620 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
08:05:22.0990 2620 SDRSVC - ok
08:05:23.0307 2620 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:05:23.0327 2620 SeaPort - ok
08:05:23.0487 2620 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:05:23.0489 2620 secdrv - ok
08:05:23.0599 2620 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
08:05:23.0602 2620 seclogon - ok
08:05:23.0719 2620 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
08:05:23.0724 2620 SENS - ok
08:05:23.0832 2620 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
08:05:23.0834 2620 Serenum - ok
08:05:24.0086 2620 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
08:05:24.0118 2620 Serial - ok
08:05:24.0164 2620 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
08:05:24.0167 2620 sermouse - ok
08:05:24.0217 2620 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
08:05:24.0221 2620 SessionEnv - ok
08:05:24.0251 2620 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
08:05:24.0253 2620 sffdisk - ok
08:05:24.0279 2620 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
08:05:24.0281 2620 sffp_mmc - ok
08:05:24.0317 2620 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
08:05:24.0319 2620 sffp_sd - ok
08:05:24.0345 2620 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
08:05:24.0347 2620 sfloppy - ok
08:05:24.0401 2620 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
08:05:24.0449 2620 SharedAccess - ok
08:05:24.0528 2620 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
08:05:24.0556 2620 ShellHWDetection - ok
08:05:24.0594 2620 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
08:05:24.0596 2620 SiSRaid2 - ok
08:05:24.0644 2620 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
08:05:24.0647 2620 SiSRaid4 - ok
08:05:24.0744 2620 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
08:05:24.0747 2620 SkypeUpdate - ok
08:05:25.0032 2620 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
08:05:25.0119 2620 slsvc - ok
08:05:25.0254 2620 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
08:05:25.0258 2620 SLUINotify - ok
08:05:25.0350 2620 SmartDefragDriver (b68385fd0cb677a1bb3eab0beb2999b7) C:\Windows\system32\Drivers\SmartDefragDriver.sys
08:05:25.0372 2620 SmartDefragDriver - ok
08:05:25.0410 2620 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
08:05:25.0412 2620 Smb - ok
08:05:25.0507 2620 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
08:05:25.0529 2620 SNMPTRAP - ok
08:05:25.0606 2620 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
08:05:25.0628 2620 spldr - ok
08:05:25.0731 2620 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
08:05:25.0772 2620 Spooler - ok
08:05:30.0634 2620 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
08:05:31.0010 2620 srv - ok
08:05:32.0096 2620 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
08:05:32.0111 2620 srv2 - ok
08:05:32.0203 2620 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
08:05:32.0206 2620 srvnet - ok
08:05:32.0343 2620 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
08:05:32.0355 2620 SSDPSRV - ok
08:05:32.0491 2620 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
08:05:32.0495 2620 SstpSvc - ok
08:05:32.0645 2620 STacSV (c5df63ae2693c9b6b01b4a2e6c1c64ac) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
08:05:32.0650 2620 STacSV - ok
08:05:32.0744 2620 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
08:05:32.0777 2620 STHDA - ok
08:05:32.0887 2620 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
08:05:32.0905 2620 stisvc - ok
08:05:32.0957 2620 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
08:05:32.0959 2620 swenum - ok
08:05:33.0027 2620 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
08:05:33.0081 2620 swprv - ok
08:05:33.0163 2620 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
08:05:33.0184 2620 Symc8xx - ok
08:05:33.0295 2620 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
08:05:33.0315 2620 Sym_hi - ok
08:05:33.0355 2620 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
08:05:33.0357 2620 Sym_u3 - ok
08:05:33.0493 2620 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
08:05:33.0599 2620 SysMain - ok
08:05:33.0652 2620 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
08:05:33.0656 2620 TabletInputService - ok
08:05:33.0763 2620 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
08:05:33.0791 2620 TapiSrv - ok
08:05:33.0901 2620 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
08:05:33.0921 2620 TBS - ok
08:05:34.0181 2620 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys
08:05:34.0242 2620 Tcpip - ok
08:05:34.0617 2620 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys
08:05:34.0632 2620 Tcpip6 - ok
08:05:34.0856 2620 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys
08:05:34.0858 2620 tcpipreg - ok
08:05:34.0895 2620 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
08:05:34.0896 2620 TDPIPE - ok
08:05:34.0932 2620 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
08:05:34.0934 2620 TDTCP - ok
08:05:34.0998 2620 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
08:05:35.0001 2620 tdx - ok
08:05:35.0046 2620 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
08:05:35.0048 2620 TermDD - ok
08:05:35.0108 2620 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
08:05:35.0120 2620 TermService - ok
08:05:35.0236 2620 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
08:05:35.0241 2620 Themes - ok
08:05:35.0338 2620 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
08:05:35.0340 2620 THREADORDER - ok
08:05:35.0434 2620 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
08:05:35.0446 2620 TrkWks - ok
08:05:35.0502 2620 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
08:05:35.0503 2620 TrustedInstaller - ok
08:05:35.0578 2620 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:05:35.0580 2620 tssecsrv - ok
08:05:35.0683 2620 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
08:05:35.0685 2620 tunmp - ok
08:05:35.0798 2620 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
08:05:35.0800 2620 tunnel - ok
08:05:36.0052 2620 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
08:05:36.0073 2620 uagp35 - ok
08:05:36.0364 2620 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
08:05:36.0402 2620 udfs - ok
08:05:36.0514 2620 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
08:05:36.0519 2620 UI0Detect - ok
08:05:36.0785 2620 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
08:05:36.0805 2620 uliagpkx - ok
08:05:36.0910 2620 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
08:05:36.0974 2620 uliahci - ok
08:05:37.0081 2620 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
08:05:37.0084 2620 UlSata - ok
08:05:37.0140 2620 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
08:05:37.0144 2620 ulsata2 - ok
08:05:37.0180 2620 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
08:05:37.0182 2620 umbus - ok
08:05:37.0242 2620 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
08:05:37.0268 2620 upnphost - ok
08:05:37.0344 2620 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
08:05:37.0346 2620 usbccgp - ok
08:05:37.0421 2620 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
08:05:37.0439 2620 usbcir - ok
08:05:37.0498 2620 usbehci (b1c7edb07f61bdee587831b440fc7656) C:\Windows\system32\DRIVERS\usbehci.sys
08:05:37.0500 2620 usbehci - ok
08:05:37.0537 2620 usbhub (697c45d6cea9ad978f90636be7c93229) C:\Windows\system32\DRIVERS\usbhub.sys
08:05:37.0600 2620 usbhub - ok
08:05:37.0663 2620 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
08:05:37.0665 2620 usbohci - ok
08:05:37.0693 2620 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
08:05:37.0703 2620 usbprint - ok
08:05:37.0751 2620 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
08:05:37.0753 2620 usbscan - ok
08:05:37.0830 2620 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:05:37.0849 2620 USBSTOR - ok
08:05:37.0972 2620 usbuhci (c8d88a2a3587a8424b4b17a6f7eb67fa) C:\Windows\system32\DRIVERS\usbuhci.sys
08:05:37.0973 2620 usbuhci - ok
08:05:38.0025 2620 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
08:05:38.0029 2620 usbvideo - ok
08:05:38.0080 2620 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
08:05:38.0084 2620 UxSms - ok
08:05:38.0155 2620 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
08:05:38.0233 2620 vds - ok
08:05:38.0273 2620 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
08:05:38.0274 2620 vga - ok
08:05:38.0323 2620 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
08:05:38.0325 2620 VgaSave - ok
08:05:38.0350 2620 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
08:05:38.0352 2620 viaide - ok
08:05:38.0400 2620 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
08:05:38.0403 2620 volmgr - ok
08:05:38.0461 2620 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
08:05:38.0505 2620 volmgrx - ok
08:05:39.0107 2620 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
08:05:39.0138 2620 volsnap - ok
08:05:39.0224 2620 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
08:05:39.0238 2620 vsmraid - ok
08:05:39.0471 2620 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
08:05:39.0564 2620 VSS - ok
08:05:39.0872 2620 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
08:05:39.0883 2620 W32Time - ok
08:05:40.0040 2620 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
08:05:40.0043 2620 WacomPen - ok
08:05:40.0101 2620 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
08:05:40.0103 2620 Wanarp - ok
08:05:40.0109 2620 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
08:05:40.0110 2620 Wanarpv6 - ok
08:05:40.0214 2620 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
08:05:40.0249 2620 wcncsvc - ok
08:05:40.0332 2620 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
08:05:40.0335 2620 WcsPlugInService - ok
08:05:40.0371 2620 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
08:05:40.0373 2620 Wd - ok
08:05:40.0472 2620 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
08:05:40.0558 2620 Wdf01000 - ok
08:05:40.0666 2620 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
08:05:40.0670 2620 WdiServiceHost - ok
08:05:40.0675 2620 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
08:05:40.0679 2620 WdiSystemHost - ok
08:05:40.0800 2620 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
08:05:40.0807 2620 WebClient - ok
08:05:40.0941 2620 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
08:05:41.0005 2620 Wecsvc - ok
08:05:41.0113 2620 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
08:05:41.0118 2620 wercplsupport - ok
08:05:41.0166 2620 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
08:05:41.0171 2620 WerSvc - ok
08:05:41.0225 2620 WinDefend - ok
08:05:41.0241 2620 WinHttpAutoProxySvc - ok
08:05:41.0403 2620 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
08:05:41.0408 2620 Winmgmt - ok
08:05:41.0657 2620 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
08:05:41.0752 2620 WinRM - ok
08:05:42.0011 2620 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
08:05:42.0064 2620 Wlansvc - ok
08:05:42.0288 2620 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:05:42.0290 2620 wlcrasvc - ok
08:05:42.0678 2620 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:05:42.0762 2620 wlidsvc - ok
08:05:42.0989 2620 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:05:42.0990 2620 WmiAcpi - ok
08:05:43.0131 2620 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
08:05:43.0142 2620 wmiApSrv - ok
08:05:43.0230 2620 WMPNetworkSvc - ok
08:05:43.0305 2620 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
08:05:43.0311 2620 WPCSvc - ok
08:05:43.0436 2620 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
08:05:43.0441 2620 WPDBusEnum - ok
08:05:43.0674 2620 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:05:43.0733 2620 WPFFontCache_v0400 - ok
08:05:43.0878 2620 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
08:05:43.0900 2620 ws2ifsl - ok
08:05:44.0034 2620 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
08:05:44.0038 2620 wscsvc - ok
08:05:44.0047 2620 WSearch - ok
08:05:44.0414 2620 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
08:05:44.0503 2620 wuauserv - ok
08:05:44.0769 2620 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:05:44.0786 2620 WUDFRd - ok
08:05:44.0893 2620 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
08:05:44.0897 2620 wudfsvc - ok
08:05:44.0980 2620 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:05:45.0024 2620 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
08:05:45.0024 2620 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
08:05:45.0089 2620 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:05:45.0090 2620 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:05:45.0148 2620 Boot (0x1200) (745d39e25d2ddf523726ff543a0498f6) \Device\Harddisk0\DR0\Partition0
08:05:45.0151 2620 \Device\Harddisk0\DR0\Partition0 - ok
08:05:45.0183 2620 Boot (0x1200) (661939e84849bc2b39371dfbdcdc7561) \Device\Harddisk0\DR0\Partition1
08:05:45.0185 2620 \Device\Harddisk0\DR0\Partition1 - ok
08:05:45.0185 2620 ============================================================
08:05:45.0185 2620 Scan finished
08:05:45.0185 2620 ============================================================
08:05:45.0207 4696 Detected object count: 2
08:05:45.0207 4696 Actual detected object count: 2
08:08:24.0997 4696 \Device\Harddisk0\DR0\# - copied to quarantine
08:08:25.0002 4696 \Device\Harddisk0\DR0 - copied to quarantine
08:08:25.0161 4696 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:08:25.0276 4696 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:08:25.0366 4696 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
08:08:25.0415 4696 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
08:08:25.0491 4696 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:08:27.0991 4696 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:08:28.0082 4696 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
08:08:28.0088 4696 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:08:28.0135 4696 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:08:28.0535 4696 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:08:28.0723 4696 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:08:28.0790 4696 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:08:28.0879 4696 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:08:28.0959 4696 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
08:08:28.0960 4696 \Device\Harddisk0\DR0 - ok
08:08:29.0110 4696 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
08:08:29.0130 4696 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:08:29.0185 4696 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:08:29.0194 4696 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
08:08:29.0221 4696 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
08:08:29.0263 4696 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:08:31.0846 4696 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:08:31.0923 4696 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
08:08:31.0934 4696 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:08:31.0968 4696 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:08:32.0046 4696 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:08:32.0201 4696 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:08:32.0279 4696 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:08:32.0301 4696 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:08:32.0304 4696 \Device\Harddisk0\DR0\TDLFS - deleted
08:08:32.0304 4696 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
08:10:48.0359 4424 Deinitialize success

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 14 June 2012 - 09:31 AM

I have noticed your location is India, are you there, from there? I love India, its people, food, colors, its air beyond the smog.

Yes I'm from india.Grt to know that you love our country :thumbsup:

You're log looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot,restart the PC

Turn off your system restore>>>this should delete your restore points
Turn on system restore & create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 Souschefie

Souschefie
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 14 June 2012 - 02:18 PM

Dear narenxp,

TFC

Done.

Turn off your system restore>>>this should delete your restore points. Turn on system restore & create a new restore point

Done, I did this to the 'C' disk but also to partition 'D', was this ok?

Update your JAVA from here

Done

Update your antivirus frequently,do not click on suspicious links

Is there one anitvirus you recommend I use?

Safe surfing

And is this it then, is my computer healed?

Edited by Souschefie, 14 June 2012 - 02:19 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 14 June 2012 - 02:31 PM

Done, I did this to the 'C' disk but also to partition 'D', was this ok?

yes

Is there one anitvirus you recommend I use?

Microsoft security essentials or avast

And is this it then, is my computer healed?

yes :thumbsup:

#11 Souschefie

Souschefie
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 14 June 2012 - 06:13 PM

Dear narenxp,

I cannot thank you enough! You have been my closest friend in this brink of chaos this past week, thank you so, soooo, sooo much.

Blessing mate!

Souschefie.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:09 PM

Posted 14 June 2012 - 06:22 PM

You're most welcome,happy to help you :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users