Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Remove administration virus


  • Please log in to reply
5 replies to this topic

#1 sophisticated

sophisticated

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 25 June 2012 - 03:40 PM

Hey guys,here is my problem :
My friend who think himself for hacker send me a picture and after i opened it my pc started to do strange things.
Ofcource after that i reinstalled my Windows 7.
But this does not resolve this,i think this virus still live on my pc after even format.
Now my pc is flooded as f**k.
I scanned with mbam/kaspersky/nod/avira with no infected results.
So i think this is some serious virus with is somekind of crypted so AV engines dont detect it ....
So do i have to call police,cuz i cant even use my pc .......
How do i remove this nasty thing ?
Any help will be hightly appreciated. :)
Greetings, sophisticated.

Edited by sophisticated, 25 June 2012 - 05:26 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:30 AM

Posted 25 June 2012 - 07:48 PM

Hello, lets take another quick look.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sophisticated

sophisticated
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 26 June 2012 - 05:42 AM

Thanks for your fast reply.
Here are the logs you requested :

MiniToolBox
MiniToolBox by Farbar Version: 25-06-2012

Ran by Albatronn (ATTENTION: The logged in user is not administrator) on 26-06-2012 at 13:00:24

Windows 7 Ultimate (X64)

Boot Mode: Normal

***************************************************************************



========================= Flush DNS: ===================================

The requested operation requires elevation.




========================= IE Proxy Settings: ==============================



Proxy is not enabled.

No Proxy Server is set.



========================= FF Proxy Settings: ==============================





"Reset FF Proxy Settings": Firefox Proxy settings were reset.



========================= Hosts content: =================================






========================= IP Configuration: ================================







# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4



reset

set global icmpredirects=enabled





popd

# End of IPv4 configuration







Windows IP Configuration



Host Name . . . . . . . . . . . . : Albatronn-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection* 15:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Anchorfree HSS Adapter

Physical Address. . . . . . . . . : 00-FF-4D-5F-06-86

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 1C-6F-65-85-B2-6B

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-E0-4C-C8-05-63

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter isatap.{4D5F0686-D7BB-4D1A-8D0F-0557BF7D061D}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter isatap.{D578E641-4D8A-4A1D-AD74-C725CD11D418}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter isatap.{F140F912-E6F8-46BF-B5B6-83E55C9AF013}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter Local Area Connection* 25:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes





# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4



reset

set global icmpredirects=enabled





popd

# End of IPv4 configuration







Windows IP Configuration



Host Name . . . . . . . . . . . . : Albatronn-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection* 15:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Anchorfree HSS Adapter

Physical Address. . . . . . . . . : 00-FF-4D-5F-06-86

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 1C-6F-65-85-B2-6B

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-E0-4C-C8-05-63

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::49a1:bd0:e5c0:f462%11(Preferred)

IPv4 Address. . . . . . . . . . . : 46.55.157.182(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.240.0

Lease Obtained. . . . . . . . . . : 26 î­š 2012 £. 13:01:26 ç.

Lease Expires . . . . . . . . . . : 27 î­š 2012 £. 05:41:26 ç.

Default Gateway . . . . . . . . . : 46.55.144.1

DHCP Server . . . . . . . . . . . : 192.168.20.2

DHCPv6 IAID . . . . . . . . . . . : 234938444

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-37-0B-7C-00-E0-4C-C8-05-63

DNS Servers . . . . . . . . . . . : 192.168.20.2

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter isatap.{4D5F0686-D7BB-4D1A-8D0F-0557BF7D061D}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter isatap.{D578E641-4D8A-4A1D-AD74-C725CD11D418}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter isatap.{F140F912-E6F8-46BF-B5B6-83E55C9AF013}:



Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:34f5:166e:d1c8:6249(Preferred)

Link-local IPv6 Address . . . . . : fe80::34f5:166e:d1c8:6249%24(Preferred)

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Local Area Connection* 25:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2002:2e37:9db6::2e37:9db6(Preferred)

Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301

DNS Servers . . . . . . . . . . . : 192.168.20.2

NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.

timeout was 2 seconds.

Server: UnKnown

Address: 192.168.20.2



DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

Name: google.com

Addresses: 2a00:1450:400d:802::1008

212.39.82.175

212.39.82.158

212.39.82.163

212.39.82.155

212.39.82.173

212.39.82.180

212.39.82.160

212.39.82.178

212.39.82.153

212.39.82.170

212.39.82.165

212.39.82.168

212.39.82.183

212.39.82.148

212.39.82.150

212.39.82.185





Pinging google.com [212.39.82.170] with 32 bytes of data:

Reply from 212.39.82.170: bytes=32 time=3275ms TTL=61

Reply from 212.39.82.170: bytes=32 time=12ms TTL=61



Ping statistics for 212.39.82.170:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 3275ms, Average = 1643ms

Server: UnKnown

Address: 192.168.20.2



Name: yahoo.com

Addresses: 72.30.38.140

209.191.122.70

98.139.183.24





Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=1632ms TTL=54

Reply from 98.139.183.24: bytes=32 time=204ms TTL=54



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 204ms, Maximum = 1632ms, Average = 918ms

Server: UnKnown

Address: 192.168.20.2



Name: bleepingcomputer.com

Address: 208.43.87.2





Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

20...00 ff 4d 5f 06 86 ......Anchorfree HSS Adapter

13...1c 6f 65 85 b2 6b ......Realtek PCIe GBE Family Controller

11...00 e0 4c c8 05 63 ......Realtek RTL8139/810x Family Fast Ethernet NIC

1...........................Software Loopback Interface 1

12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4

24...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

28...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4

===========================================================================



IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 46.55.144.1 46.55.157.182 20

46.55.144.0 255.255.240.0 On-link 46.55.157.182 276

46.55.157.182 255.255.255.255 On-link 46.55.157.182 276

46.55.159.255 255.255.255.255 On-link 46.55.157.182 276

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 46.55.157.182 276

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 46.55.157.182 276

===========================================================================

Persistent Routes:

None



IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

28 1125 ::/0 2002:c058:6301::c058:6301

1 306 ::1/128 On-link

24 58 2001::/32 On-link

24 306 2001:0:5ef5:79fd:34f5:166e:d1c8:6249/128

On-link

28 1025 2002::/16 On-link

28 281 2002:2e37:9db6::2e37:9db6/128

On-link

11 276 fe80::/64 On-link

24 306 fe80::/64 On-link

24 306 fe80::34f5:166e:d1c8:6249/128

On-link

11 276 fe80::49a1:bd0:e5c0:f462/128

On-link

1 306 ff00::/8 On-link

24 306 ff00::/8 On-link

11 276 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================



Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)

x64-Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)

x64-Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)

x64-Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)

x64-Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)

x64-Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)

x64-Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)

x64-Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 13 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 14 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 15 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 16 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 17 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 18 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)



========================= Event log errors: ===============================



Application errors:

==================

Error: (06/26/2012 00:58:09 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

.



Error: (06/26/2012 00:48:02 PM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed PerfectDisk 12.5 Professional.; Error = 0x8004231f).



Error: (06/26/2012 00:47:56 PM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed PerfectDisk 12.5 Professional.; Error = 0x8004231f).



Error: (06/25/2012 09:10:01 PM) (Source: Application Error) (User: )

Description: Faulting application name: wbengine.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc537

Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdfe0

Exception code: 0x80070005

Fault offset: 0x000000000000aa7d

Faulting process id: 0xb0c

Faulting application start time: 0xwbengine.exe0

Faulting application path: wbengine.exe1

Faulting module path: wbengine.exe2

Report Id: wbengine.exe3



Error: (06/25/2012 08:48:26 PM) (Source: System Restore) (User: )

Description: System Restore did not complete because there was not enough free space on the volume: (Windows Backup).



Error: (06/25/2012 08:34:18 PM) (Source: System Restore) (User: )

Description: System Restore did not complete because there was not enough free space on the volume: (Windows Backup).



Error: (06/25/2012 02:36:19 PM) (Source: Application Hang) (User: )

Description: The program Explorer.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.



Process ID: 660



Start Time: 01cd52c691505892



Termination Time: 15



Application Path: C:\Windows\Explorer.EXE



Report Id: f96c9d6c-beb9-11e1-846f-00227cd64da4



Error: (06/25/2012 08:52:35 AM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).



Error: (06/25/2012 08:52:32 AM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).



Error: (06/25/2012 07:51:04 AM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).





System errors:

=============

Error: (06/26/2012 00:58:54 PM) (Source: Service Control Manager) (User: )

Description: The Avira Web Protection service depends on the Avira Realtime Protection service which failed to start because of the following error:

%%1066



Error: (06/26/2012 00:58:54 PM) (Source: Service Control Manager) (User: )

Description: The Avira Mail Protection service depends on the Avira Realtime Protection service which failed to start because of the following error:

%%1066



Error: (06/26/2012 00:58:53 PM) (Source: Service Control Manager) (User: )

Description: The Avira Scheduler service terminated with service-specific error %%305.



Error: (06/26/2012 00:58:43 PM) (Source: Service Control Manager) (User: )

Description: The Avira Realtime Protection service terminated with service-specific error %%303.



Error: (06/26/2012 00:57:54 PM) (Source: DCOM) (User: )

Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}



Error: (06/26/2012 00:53:23 PM) (Source: Service Control Manager) (User: )

Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:

%%1068



Error: (06/26/2012 00:53:17 PM) (Source: DCOM) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}



Error: (06/26/2012 00:53:09 PM) (Source: DCOM) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}



Error: (06/26/2012 00:53:07 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068



Error: (06/26/2012 00:53:07 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error:

%%1068





Microsoft Office Sessions:

=========================

Error: (06/26/2012 00:58:09 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.



Error: (06/26/2012 00:48:02 PM) (Source: System Restore)(User: )

Description: C:\Windows\system32\msiexec.exe /VInstalled PerfectDisk 12.5 Professional.0x8004231f



Error: (06/26/2012 00:47:56 PM) (Source: System Restore)(User: )

Description: C:\Windows\system32\msiexec.exe /VInstalled PerfectDisk 12.5 Professional.0x8004231f



Error: (06/25/2012 09:10:01 PM) (Source: Application Error)(User: )

Description: wbengine.exe6.1.7600.163854a5bc537KERNELBASE.dll6.1.7600.163854a5bdfe080070005000000000000aa7db0c01cd52fab5771dccC:\Windows\system32\wbengine.exeC:\Windows\system32\KERNELBASE.dllfa9f6df0-bef0-11e1-8686-00e04cc80563



Error: (06/25/2012 08:48:26 PM) (Source: System Restore)(User: )

Description: Windows Backup



Error: (06/25/2012 08:34:18 PM) (Source: System Restore)(User: )

Description: Windows Backup



Error: (06/25/2012 02:36:19 PM) (Source: Application Hang)(User: )

Description: Explorer.EXE6.1.7600.1638566001cd52c69150589215C:\Windows\Explorer.EXEf96c9d6c-beb9-11e1-846f-00227cd64da4



Error: (06/25/2012 08:52:35 AM) (Source: System Restore)(User: )

Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c



Error: (06/25/2012 08:52:32 AM) (Source: System Restore)(User: )

Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c



Error: (06/25/2012 07:51:04 AM) (Source: System Restore)(User: )

Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c





=========================== Installed Programs ============================



µTorrent (Version: 3.1.3)

Adobe Flash Player 11 Plugin (Version: 11.3.300.257)

Adobe Reader X (10.1.3) (Version: 10.1.3)

Ashampoo Burning Studio 6 FREE v.6.80 (Version: 6.8.0)

Avira Internet Security 2012 (Version: 12.0.0.1088)

CCleaner (Version: 3.19)

COMODO Internet Security (Version: 5.10.31649.2253)

DAEMON Tools Lite (Version: 4.45.4.0315)

EASEUS Partition Master 9.1.1 Home Edition

Easy Tune 6 B12.0424.1 (Version: 1.00.0000)

Hotspot Shield 2.53 (Version: 2.53)

Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)

Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)

Mozilla Firefox 13.0.1 (x86 bg) (Version: 13.0.1)

Mozilla Maintenance Service (Version: 13.0.1)

MSVC80_x64_v2 (Version: 1.0.3.0)

MSVC80_x86_v2 (Version: 1.0.3.0)

MSVC90_x64 (Version: 1.0.1.2)

MSVC90_x86 (Version: 1.0.1.2)

Nokia Connectivity Cable Driver (Version: 7.1.78.0)

Nokia Suite (Version: 3.4.49.0)

NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)

NVIDIA 3D Vision Driver 296.10 (Version: 296.10)

NVIDIA Control Panel 296.10 (Version: 296.10)

NVIDIA Graphics Driver 296.10 (Version: 296.10)

NVIDIA Install Application (Version: 2.1002.62.312)

NVIDIA PhysX (Version: 9.12.0213)

NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9610)

NVIDIA Update 1.7.11 (Version: 1.7.11)

NVIDIA Update Components (Version: 1.7.11)

Panda USB Vaccine 1.0.1.4

PC Connectivity Solution (Version: 12.0.17.0)

PerfectDisk 12.5 Professional (Version: 12.05.311)

PotPlayer 1.5.31934 BG (Version: 1.5.31934)

Realtek Ethernet Controller Driver (Version: 7.49.927.2011)

Realtek High Definition Audio Driver (Version: 6.0.1.6554)

Revo Uninstaller Pro 2.5.8 (Version: 2.5.8)

Skype™ 5.9 (Version: 5.9.123)

Technitium MAC Address Changer v6.0.3 (Version: 6.0.3)

The KMPlayer (remove only)

The Lord of the Rings - Conquest

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)

WinRAR 4.20 beta 1 (64-bit) (Version: 4.20.1)



========================= Memory info: ===================================



Percentage of memory in use: 28%

Total physical RAM: 4093.55 MB

Available physical RAM: 2930.44 MB

Total Pagefile: 8185.26 MB

Available Pagefile: 6893.89 MB

Total Virtual: 4095.88 MB

Available Virtual: 3971.39 MB



========================= Partitions: =====================================



2 Drive c: () (Fixed) (Total:19.53 GB) (Free:0.08 GB) NTFS

3 Drive d: () (Fixed) (Total:129.51 GB) (Free:13.07 GB) NTFS



========================= Users: ========================================



User accounts for \\ALBATRONN-PC



Administrator Albatronn Guest

UpdatusUser





**** End of log ****[/code]


TDSSKILLER
13:04:12.0363 0616 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

13:04:14.0365 0616 ============================================================

13:04:14.0365 0616 Current date / time: 2012/06/26 13:04:14.0365

13:04:14.0365 0616 SystemInfo:

13:04:14.0365 0616

13:04:14.0365 0616 OS Version: 6.1.7600 ServicePack: 0.0

13:04:14.0365 0616 Product type: Workstation

13:04:14.0365 0616 ComputerName: ALBATRONN-PC

13:04:14.0366 0616 UserName: Albatronn

13:04:14.0366 0616 Windows directory: C:\Windows

13:04:14.0366 0616 System windows directory: C:\Windows

13:04:14.0366 0616 Running under WOW64

13:04:14.0366 0616 Processor architecture: Intel x64

13:04:14.0366 0616 Number of processors: 4

13:04:14.0366 0616 Page size: 0x1000

13:04:14.0366 0616 Boot type: Normal boot

13:04:14.0366 0616 ============================================================

13:04:15.0033 0616 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:04:15.0036 0616 ============================================================

13:04:15.0036 0616 \Device\Harddisk0\DR0:

13:04:15.0036 0616 MBR partitions:

13:04:15.0036 0616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637

13:04:15.0049 0616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1030354B

13:04:15.0049 0616 ============================================================

13:04:15.0077 0616 C: <-> \Device\Harddisk0\DR0\Partition0

13:04:15.0100 0616 D: <-> \Device\Harddisk0\DR0\Partition1

13:04:15.0100 0616 ============================================================

13:04:15.0100 0616 Initialize success

13:04:15.0100 0616 ============================================================

13:04:49.0458 1932 ============================================================

13:04:49.0458 1932 Scan started

13:04:49.0458 1932 Mode: Manual; TDLFS;

13:04:49.0458 1932 ============================================================

13:04:50.0847 1932 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

13:04:50.0856 1932 1394ohci - ok

13:04:50.0920 1932 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

13:04:50.0937 1932 ACPI - ok

13:04:50.0957 1932 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

13:04:50.0958 1932 AcpiPmi - ok

13:04:51.0185 1932 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:04:51.0186 1932 AdobeARMservice - ok

13:04:51.0233 1932 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:04:51.0244 1932 adp94xx - ok

13:04:51.0830 1932 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:04:51.0844 1932 adpahci - ok

13:04:51.0871 1932 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:04:51.0873 1932 adpu320 - ok

13:04:51.0905 1932 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:04:51.0906 1932 AeLookupSvc - ok

13:04:51.0971 1932 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

13:04:51.0982 1932 AFD - ok

13:04:52.0009 1932 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

13:04:52.0011 1932 agp440 - ok

13:04:52.0027 1932 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:04:52.0029 1932 ALG - ok

13:04:52.0041 1932 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

13:04:52.0041 1932 aliide - ok

13:04:52.0056 1932 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

13:04:52.0057 1932 amdide - ok

13:04:52.0074 1932 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:04:52.0075 1932 AmdK8 - ok

13:04:52.0100 1932 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:04:52.0101 1932 AmdPPM - ok

13:04:52.0121 1932 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

13:04:52.0124 1932 amdsata - ok

13:04:52.0136 1932 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:04:52.0145 1932 amdsbs - ok

13:04:52.0156 1932 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

13:04:52.0156 1932 amdxata - ok

13:04:52.0358 1932 AntiVirMailService (b089c306d4df73a28cef5240d0142cb3) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

13:04:52.0375 1932 AntiVirMailService - ok

13:04:52.0409 1932 AntiVirSchedulerService (45879699881c9fd3fb53bde187163661) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

13:04:52.0410 1932 AntiVirSchedulerService - ok

13:04:52.0442 1932 AntiVirService (ec5cbedd47bae12e7d369c3b5b857964) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

13:04:52.0443 1932 AntiVirService - ok

13:04:52.0690 1932 AntiVirWebService (f7c781c4c098fc3f8e2e4dfb48ee019d) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

13:04:52.0701 1932 AntiVirWebService - ok

13:04:52.0736 1932 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

13:04:52.0738 1932 AppID - ok

13:04:52.0760 1932 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:04:52.0762 1932 AppIDSvc - ok

13:04:52.0903 1932 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

13:04:52.0924 1932 Appinfo - ok

13:04:53.0314 1932 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

13:04:53.0338 1932 AppMgmt - ok

13:04:53.0348 1932 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:04:53.0354 1932 arc - ok

13:04:53.0366 1932 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:04:53.0373 1932 arcsas - ok

13:04:53.0385 1932 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:04:53.0386 1932 AsyncMac - ok

13:04:53.0403 1932 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

13:04:53.0403 1932 atapi - ok

13:04:53.0439 1932 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

13:04:53.0455 1932 AudioEndpointBuilder - ok

13:04:53.0461 1932 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

13:04:53.0465 1932 AudioSrv - ok

13:04:53.0593 1932 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

13:04:53.0594 1932 avgntflt - ok

13:04:53.0783 1932 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

13:04:53.0784 1932 avipbb - ok

13:04:53.0817 1932 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

13:04:53.0817 1932 avkmgr - ok

13:04:53.0848 1932 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

13:04:53.0853 1932 AxInstSV - ok

13:04:53.0897 1932 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:04:53.0910 1932 b06bdrv - ok

13:04:53.0933 1932 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:04:53.0944 1932 b57nd60a - ok

13:04:53.0980 1932 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:04:53.0994 1932 BDESVC - ok

13:04:54.0016 1932 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:04:54.0016 1932 Beep - ok

13:04:54.0056 1932 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

13:04:54.0077 1932 BFE - ok

13:04:54.0147 1932 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

13:04:54.0172 1932 BITS - ok

13:04:54.0236 1932 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:04:54.0237 1932 blbdrive - ok

13:04:54.0288 1932 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

13:04:54.0295 1932 bowser - ok

13:04:54.0436 1932 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:04:54.0457 1932 BrFiltLo - ok

13:04:54.0499 1932 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:04:54.0500 1932 BrFiltUp - ok

13:04:54.0557 1932 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

13:04:54.0562 1932 Browser - ok

13:04:54.0591 1932 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:04:54.0600 1932 Brserid - ok

13:04:54.0610 1932 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:04:54.0611 1932 BrSerWdm - ok

13:04:54.0618 1932 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:04:54.0619 1932 BrUsbMdm - ok

13:04:54.0626 1932 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:04:54.0627 1932 BrUsbSer - ok

13:04:54.0635 1932 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:04:54.0636 1932 BTHMODEM - ok

13:04:54.0655 1932 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:04:54.0661 1932 bthserv - ok

13:04:54.0687 1932 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:04:54.0693 1932 cdfs - ok

13:04:54.0814 1932 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

13:04:54.0816 1932 cdrom - ok

13:04:54.0848 1932 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

13:04:54.0850 1932 CertPropSvc - ok

13:04:54.0876 1932 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:04:54.0878 1932 circlass - ok

13:04:54.0938 1932 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:04:54.0953 1932 CLFS - ok

13:04:55.0023 1932 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:04:55.0028 1932 clr_optimization_v2.0.50727_32 - ok

13:04:55.0071 1932 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:04:55.0077 1932 clr_optimization_v2.0.50727_64 - ok

13:04:55.0099 1932 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:04:55.0100 1932 CmBatt - ok

13:04:55.0312 1932 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

13:04:55.0325 1932 cmdAgent - ok

13:04:56.0627 1932 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys

13:04:56.0629 1932 cmdGuard - ok

13:04:56.0663 1932 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys

13:04:56.0664 1932 cmdHlp - ok

13:04:56.0688 1932 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

13:04:56.0689 1932 cmdide - ok

13:04:56.0731 1932 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

13:04:56.0744 1932 CNG - ok

13:04:56.0760 1932 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:04:56.0761 1932 Compbatt - ok

13:04:56.0787 1932 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

13:04:56.0788 1932 CompositeBus - ok

13:04:56.0790 1932 COMSysApp - ok

13:04:56.0807 1932 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:04:56.0808 1932 crcdisk - ok

13:04:56.0859 1932 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

13:04:56.0863 1932 CryptSvc - ok

13:04:56.0904 1932 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

13:04:56.0915 1932 CSC - ok

13:04:56.0981 1932 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll

13:04:57.0002 1932 CscService - ok

13:04:57.0275 1932 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

13:04:57.0287 1932 DcomLaunch - ok

13:04:57.0366 1932 DefragFS (c7d40afe2f9b4fec5395a464e15f6a3b) C:\Windows\system32\drivers\DefragFS.sys

13:04:57.0367 1932 DefragFS - ok

13:04:57.0578 1932 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:04:57.0591 1932 defragsvc - ok

13:04:57.0632 1932 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

13:04:57.0646 1932 DfsC - ok

13:04:57.0670 1932 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

13:04:57.0685 1932 Dhcp - ok

13:04:57.0697 1932 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:04:57.0698 1932 discache - ok

13:04:57.0730 1932 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:04:57.0731 1932 Disk - ok

13:04:57.0763 1932 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

13:04:57.0774 1932 Dnscache - ok

13:04:57.0804 1932 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

13:04:57.0813 1932 dot3svc - ok

13:04:57.0835 1932 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

13:04:57.0847 1932 DPS - ok

13:04:57.0871 1932 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:04:57.0872 1932 drmkaud - ok

13:04:57.0924 1932 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:04:57.0925 1932 dtsoftbus01 - ok

13:04:57.0985 1932 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys

13:04:58.0020 1932 DXGKrnl - ok

13:04:58.0059 1932 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:04:58.0070 1932 EapHost - ok

13:04:58.0240 1932 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:04:58.0314 1932 ebdrv - ok

13:04:58.0410 1932 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe

13:04:58.0411 1932 EFS - ok

13:04:58.0505 1932 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe

13:04:58.0534 1932 ehRecvr - ok

13:04:58.0555 1932 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:04:58.0560 1932 ehSched - ok

13:04:58.0632 1932 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:04:58.0650 1932 elxstor - ok

13:04:58.0681 1932 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys

13:04:58.0682 1932 epmntdrv - ok

13:04:58.0691 1932 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

13:04:58.0692 1932 ErrDev - ok

13:04:58.0727 1932 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys

13:04:58.0728 1932 etdrv - ok

13:04:58.0739 1932 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys

13:04:58.0741 1932 EuGdiDrv - ok

13:04:58.0798 1932 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:04:58.0812 1932 EventSystem - ok

13:04:58.0839 1932 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:04:58.0850 1932 exfat - ok

13:04:58.0883 1932 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:04:58.0896 1932 fastfat - ok

13:04:59.0105 1932 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

13:04:59.0128 1932 Fax - ok

13:04:59.0174 1932 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:04:59.0175 1932 fdc - ok

13:04:59.0184 1932 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:04:59.0185 1932 fdPHost - ok

13:04:59.0196 1932 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:04:59.0197 1932 FDResPub - ok

13:04:59.0224 1932 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:04:59.0225 1932 FileInfo - ok

13:04:59.0240 1932 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:04:59.0242 1932 Filetrace - ok

13:04:59.0260 1932 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:04:59.0261 1932 flpydisk - ok

13:04:59.0287 1932 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

13:04:59.0295 1932 FltMgr - ok

13:04:59.0365 1932 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll

13:04:59.0399 1932 FontCache - ok

13:04:59.0492 1932 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:04:59.0493 1932 FontCache3.0.0.0 - ok

13:04:59.0542 1932 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:04:59.0543 1932 FsDepends - ok

13:04:59.0575 1932 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

13:04:59.0576 1932 Fs_Rec - ok

13:04:59.0612 1932 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

13:04:59.0622 1932 fvevol - ok

13:04:59.0639 1932 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:04:59.0641 1932 gagp30kx - ok

13:04:59.0669 1932 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys

13:04:59.0670 1932 gdrv - ok

13:04:59.0721 1932 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

13:04:59.0743 1932 gpsvc - ok

13:04:59.0777 1932 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys

13:04:59.0778 1932 GVTDrv64 - ok

13:04:59.0798 1932 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:04:59.0799 1932 hcw85cir - ok

13:04:59.0836 1932 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

13:04:59.0851 1932 HdAudAddService - ok

13:04:59.0874 1932 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:04:59.0879 1932 HDAudBus - ok

13:04:59.0883 1932 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:04:59.0884 1932 HidBatt - ok

13:04:59.0902 1932 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:04:59.0908 1932 HidBth - ok

13:04:59.0913 1932 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:04:59.0914 1932 HidIr - ok

13:04:59.0941 1932 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

13:04:59.0942 1932 hidserv - ok

13:04:59.0947 1932 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

13:04:59.0948 1932 HidUsb - ok

13:04:59.0972 1932 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

13:04:59.0979 1932 hkmsvc - ok

13:05:00.0000 1932 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

13:05:00.0011 1932 HomeGroupListener - ok

13:05:00.0046 1932 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

13:05:00.0058 1932 HomeGroupProvider - ok

13:05:00.0086 1932 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

13:05:00.0088 1932 HpSAMD - ok

13:05:00.0197 1932 hshld (b7cfe93627e7796624004687125a729f) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe

13:05:00.0200 1932 hshld - ok

13:05:00.0236 1932 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys

13:05:00.0236 1932 HssDrv - ok

13:05:00.0268 1932 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

13:05:00.0270 1932 HssSrv - ok

13:05:00.0295 1932 HssTrayService (b3c6eeeff5c5ea3235b7d84317c1fb3f) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE

13:05:00.0295 1932 HssTrayService - ok

13:05:00.0298 1932 HssWd - ok

13:05:00.0358 1932 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

13:05:00.0377 1932 HTTP - ok

13:05:00.0410 1932 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

13:05:00.0411 1932 hwpolicy - ok

13:05:00.0428 1932 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

13:05:00.0435 1932 i8042prt - ok

13:05:00.0581 1932 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

13:05:00.0608 1932 iaStorV - ok

13:05:00.0645 1932 ICCS (33d4d4a24791587e83f7ee05a446fb7e) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

13:05:00.0654 1932 ICCS - ok

13:05:00.0706 1932 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

13:05:00.0709 1932 IDriverT - ok

13:05:00.0836 1932 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:05:00.0861 1932 idsvc - ok

13:05:01.0127 1932 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:05:01.0128 1932 iirsp - ok

13:05:01.0204 1932 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

13:05:01.0228 1932 IKEEXT - ok

13:05:01.0261 1932 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys

13:05:01.0261 1932 inspect - ok

13:05:01.0496 1932 IntcAzAudAddService (acacd1b925d448558c1c9d0258749451) C:\Windows\system32\drivers\RTKVHD64.sys

13:05:01.0516 1932 IntcAzAudAddService - ok

13:05:01.0640 1932 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

13:05:01.0642 1932 intelide - ok

13:05:01.0659 1932 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:05:01.0661 1932 intelppm - ok

13:05:01.0683 1932 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:05:01.0689 1932 IPBusEnum - ok

13:05:01.0696 1932 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:05:01.0698 1932 IpFilterDriver - ok

13:05:01.0739 1932 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

13:05:01.0759 1932 iphlpsvc - ok

13:05:01.0765 1932 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

13:05:01.0767 1932 IPMIDRV - ok

13:05:01.0777 1932 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:05:01.0779 1932 IPNAT - ok

13:05:01.0797 1932 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:05:01.0798 1932 IRENUM - ok

13:05:01.0810 1932 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

13:05:01.0811 1932 isapnp - ok

13:05:01.0840 1932 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

13:05:01.0853 1932 iScsiPrt - ok

13:05:01.0886 1932 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:05:01.0887 1932 kbdclass - ok

13:05:01.0892 1932 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

13:05:01.0893 1932 kbdhid - ok

13:05:01.0917 1932 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

13:05:01.0918 1932 KeyIso - ok

13:05:01.0946 1932 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

13:05:01.0951 1932 KSecDD - ok

13:05:01.0967 1932 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys

13:05:01.0972 1932 KSecPkg - ok

13:05:01.0998 1932 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:05:01.0999 1932 ksthunk - ok

13:05:02.0151 1932 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:05:02.0161 1932 KtmRm - ok

13:05:02.0200 1932 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\system32\srvsvc.dll

13:05:02.0211 1932 LanmanServer - ok

13:05:02.0251 1932 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

13:05:02.0256 1932 LanmanWorkstation - ok

13:05:02.0267 1932 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:05%

Edited by boopme, 26 June 2012 - 11:07 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:30 AM

Posted 26 June 2012 - 11:08 AM

You're welcome... Since you are not the Adinistrator ,let's do this ...

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 sophisticated

sophisticated
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 26 June 2012 - 04:29 PM

By the way the only account and with i use is Albatronn.Dunno whats wrong.
Posted Image

Here are the log :

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=0d4f8c8e4367ea4b975ad5de69af9637

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-06-26 07:45:56

# local_time=2012-06-26 10:45:56 (+0200, FLE Daylight Time)

# country="Bulgaria"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1792 16777215 100 0 853691 853691 0 0

# compatibility_mode=3073 16777214 80 71 270810 16433163 0 0

# compatibility_mode=5893 16776574 100 94 2762275 92369799 0 0

# compatibility_mode=8192 67108863 100 0 1248235 1248235 0 0

# scanned=52

# found=0

# cleaned=0

# scan_time=7

esets_scanner_update returned -1 esets_gle=0

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=0d4f8c8e4367ea4b975ad5de69af9637

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-06-26 08:56:18

# local_time=2012-06-26 11:56:18 (+0200, FLE Daylight Time)

# country="Bulgaria"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1792 16777215 100 0 854149 854149 0 0

# compatibility_mode=3073 16777213 80 71 271268 16433621 0 0

# compatibility_mode=5893 16776574 100 94 2762733 92370257 0 0

# compatibility_mode=8192 67108863 100 0 1248693 1248693 0 0

# scanned=115926

# found=1

# cleaned=1

# scan_time=3771

D:\Games\Lord.of.the.Rings.War.in.the.North-Ali213\Lord.of.the.Rings.War.in.the.North-Ali213.iso    a variant of Win32/Packed.VMProtect.AAM trojan (deleted)    00000000000000000000000000000000    C


This one seems falve positive for me.
EDIT : Forgot to add that my firewall + av recieve errors and i cant use them.

Edited by sophisticated, 26 June 2012 - 04:36 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:30 AM

Posted 26 June 2012 - 07:13 PM

Hello, somethis wrong ,may not be malware but it's in the system.. Lets get a a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users