Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple issues: bsod, win32/ramnit, computer freezes


  • Please log in to reply
21 replies to this topic

#1 matthewolavydez

matthewolavydez

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 09 November 2014 - 07:00 AM

I already ran malwarebytes mse and found nothing, but on the system action center it says that win32 ramnit has been found on the pc. cant even access safe mode since it goes to bluescreen... my laptop never hanged or frozen but now it does. im not sure if I should run combofix, but I know this should only be suggested by experienced users. please help.


Edited by Queen-Evie, 09 November 2014 - 11:21 AM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:47 AM

Posted 09 November 2014 - 12:45 PM

Combofix should not be run without the guidance of our Malware Removal Team member.

 

I'm gathering information about this virus and will get back to this shortly.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:47 AM

Posted 09 November 2014 - 02:36 PM

If this is in fact ramnit, your best option will be to fromat the hdd and reinstall the operating system.

 

Does your antivirus show this virus?


Edited by dc3, 09 November 2014 - 03:05 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 09 November 2014 - 02:36 PM

It's a bad worm.

If the OP understands that you may not be able to clean this computer and that he/she may have to re-install the operating systems etc...

You will find a success story here.
https://forums.malwarebytes.org/index.php?/topic/134839-infected-with-trojanramnita/

#5 matthewolavydez

matthewolavydez
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 09 November 2014 - 06:46 PM

oh my, Im not really thinking of reformat as an option this time as I do not have an external drive to backup all of my files. I have tried using malwarebytes. hitman pro mse.. though mse and malwarebytes shows none but for hitman pro there is a bit but doesn't really say ramnit. I have tried using Microsoft malicious removal tool but I wasn't able to complete the scan but I remember that it was around 36+ viruses found. I left my laptop overnight to scan it but someone just unplug the charger...

 

 

 

I have processed the sfc and chkdsk and something has been found on the chkdisk but it is not the bad sectors. now im trying my luck with spybot and super antispyware.



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:47 AM

Posted 09 November 2014 - 07:20 PM

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:47 AM

Posted 09 November 2014 - 09:12 PM

If you have not started the ESET Online scan yet, please make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 matthewolavydez

matthewolavydez
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 09 November 2014 - 10:53 PM

I may not be able to do it immediately as I will be going to work later. but rest assured that ill have my results posted. thank you



#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:47 AM

Posted 10 November 2014 - 09:17 AM

I'll be around.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 matthewolavydez

matthewolavydez
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 11 November 2014 - 03:17 AM

C:\$Recycle.Bin\S-1-5-21-3931854957-505851432-941099805-1000\$R59948E.rar a variant of Win32/Packed.VMProtect.ABD trojan
C:\$Recycle.Bin\S-1-5-21-3931854957-505851432-941099805-1000\$RURDVTF.rar a variant of Win32/Packed.Themida potentially unwanted application
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\setup.exe a variant of Win32/AdWare.MultiPlug.BU application
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Program Files (x86)\GTA San Andreas\g.exe Win32/TrojanDownloader.VB.ONX trojan
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBOQHPB3\OptimizerPro[1].exe Win32/SpeedingUpMyPC.I application
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBOQHPB3\wpc_sweet-page[1].exe a variant of Win32/ELEX.AF potentially unwanted application
C:\Users\sonny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.149_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\sonny\Downloads\bluemini.jar J2ME/TrojanSMS.Agent.EG trojan
C:\Users\sonny\Downloads\HSS-3.42-install-hss-561-conduit.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\sonny\Downloads\Compressed\eCollidex Gaming Libary.rar multiple threats
C:\Users\sonny\Downloads\Compressed\Fv2Trainer2014.zip a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\sonny\Downloads\Compressed\Fv2Trainer2014\Fv2Trainer2014.exe a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\sonny\Downloads\eCollidex Gaming Library 6.0\eCollidex Gaming Library.exe a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\sonny\Downloads\Programs\ccsetup415_2.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\sonny\Downloads\Programs\CheatEngine63.exe Win32/OpenCandy potentially unsafe application
C:\Users\sonny\Downloads\Programs\HSS-3.42-install-hss-561-conduit.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\sonny\Downloads\Programs\spotydl_setup.exe Win32/InstallMonetizer.AF potentially unwanted application
C:\Users\sonny\Downloads\Programs\taghycardia_install.exe Win32/Somoto.L potentially unwanted application
C:\Users\sonny\Downloads\Programs\TuneUpInst-2.4.8.5.exe Win32/OpenCandy potentially unsafe application
C:\Users\sonny\Music\mp3s\LSharp.rar a variant of Win32/Packed.VMProtect.ABD trojan
C:\Users\sonny\Music\mp3s\lsharp.zip a variant of Win32/Packed.VMProtect.ABD trojan
C:\Users\sonny\Music\mp3s\PCheats Trainer FREE GC USA 24-08-2014.rar a variant of Win32/Packed.Themida.AAG trojan
C:\Users\sonny\Music\mp3s\PlayCheat - NAGC (03-09)\PlayCheat - NAGC (03-09)\PlayCheat - NAGC.exe a variant of Win32/GameHack.RN potentially unsafe application
 



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:47 AM

Posted 11 November 2014 - 11:01 AM

Please run the following scans.

Please run Malwarebytes AntiMalware

 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
 
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

 

 

Please run the ESET OnlineScan

 

At step 7. follow the instructions to check "Scan Archives" and "Remove found threats"

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Edited by dc3, 11 November 2014 - 11:03 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 matthewolavydez

matthewolavydez
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 12 November 2014 - 02:48 AM

15:16:03.0914 0x063c  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:16:07.0724 0x063c  ============================================================
15:16:07.0724 0x063c  Current date / time: 2014/11/12 15:16:07.0724
15:16:07.0724 0x063c  SystemInfo:
15:16:07.0724 0x063c 
15:16:07.0724 0x063c  OS Version: 6.1.7601 ServicePack: 1.0
15:16:07.0724 0x063c  Product type: Workstation
15:16:07.0725 0x063c  ComputerName: MATT-PC
15:16:07.0725 0x063c  UserName: sonny
15:16:07.0725 0x063c  Windows directory: C:\Windows
15:16:07.0725 0x063c  System windows directory: C:\Windows
15:16:07.0725 0x063c  Running under WOW64
15:16:07.0725 0x063c  Processor architecture: Intel x64
15:16:07.0725 0x063c  Number of processors: 4
15:16:07.0725 0x063c  Page size: 0x1000
15:16:07.0725 0x063c  Boot type: Normal boot
15:16:07.0725 0x063c  ============================================================
15:16:49.0106 0x063c  KLMD registered as C:\Windows\system32\drivers\99996013.sys
15:16:51.0390 0x063c  System UUID: {3B958C34-E644-9920-361B-8162B1E294D4}
15:16:53.0714 0x063c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:16:53.0755 0x063c  ============================================================
15:16:53.0755 0x063c  \Device\Harddisk0\DR0:
15:16:53.0782 0x063c  MBR partitions:
15:16:53.0782 0x063c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:16:53.0782 0x063c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C6000
15:16:53.0782 0x063c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x12F35800
15:16:53.0782 0x063c  ============================================================
15:16:53.0950 0x063c  C: <-> \Device\Harddisk0\DR0\Partition3
15:16:54.0424 0x063c  D: <-> \Device\Harddisk0\DR0\Partition2
15:16:54.0425 0x063c  ============================================================
15:16:54.0425 0x063c  Initialize success
15:16:54.0425 0x063c  ============================================================
15:22:19.0669 0x0cfc  KLMD registered as C:\Windows\system32\drivers\06740530.sys
15:22:24.0760 0x0cfc  Deinitialize success

 



#13 matthewolavydez

matthewolavydez
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 12 November 2014 - 02:54 AM

there's a second log for tdsskiller but I cant post it as it was too long whenever I post it. I skipped malwarebytes for now since I scanned with it a couple of times with no detected threats prior to posting. please let me know if you need the second log of tdss so I can upload it in mediafire. ill complete the scan for eset and do it tomorrow as it took me 4 hrs to complete the scan and I do not have much time as I have to go back to work.

 

 

thank you so much for your continued assistance.



#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:47 AM

Posted 12 November 2014 - 08:29 AM

Try posting it in two or three parts.

 

What about the ESET online scan?

 

If the version of Malwarebytes is earlier than the 2.0 version run the version I posted.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 matthewolavydez

matthewolavydez
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 13 November 2014 - 06:58 AM

D:\transfer to my usb\Nancy.Drew.Shadow.at.the.Waters.Edge_SKIDROW\autorun.exe Win32/Sality.NBA virus 
D:\transfer to my usb\Nancy.Drew.Shadow.at.the.Waters.Edge_SKIDROW\Setup.exe Win32/Sality.NBA virus 
D:\transfer to my usb\New folder\PC_Blue.Toad.Murder.Files.The.Mysteries.of.Little.Riddle.direct.play.-TPTB\PC_Blue.Toad.Murder.Files.The.Mysteries.of.Little.Riddle.direct.play.-TPTB\7-Zip 9.20(highly recommended)\7z920.exe Win32/Sality.NBA virus 
C:\$Recycle.Bin\S-1-5-21-3931854957-505851432-941099805-1000\$R59948E.rar a variant of Win32/Packed.VMProtect.ABD trojan deleted - quarantined
C:\$Recycle.Bin\S-1-5-21-3931854957-505851432-941099805-1000\$RURDVTF.rar a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\setup.exe a variant of Win32/AdWare.MultiPlug.BU application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe a variant of Win32/Hao123.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\GTA San Andreas\g.exe Win32/TrojanDownloader.VB.ONX trojan cleaned by deleting - quarantined
C:\Program Files (x86)\GTA San Andreas\USED\IMGTool.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBOQHPB3\OptimizerPro[1].exe Win32/SpeedingUpMyPC.I application cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBOQHPB3\wpc_sweet-page[1].exe a variant of Win32/ELEX.AF potentially unwanted application deleted - quarantined
C:\Users\sonny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pbffpbffjfiigoledmkcibcbadpbenec\1.26.149_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\sonny\Downloads\bluemini.jar J2ME/TrojanSMS.Agent.EG trojan cleaned by deleting - quarantined
C:\Users\sonny\Downloads\HSS-3.42-install-hss-561-conduit.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\sonny\Downloads\Compressed\eCollidex Gaming Libary.rar multiple threats deleted - quarantined
C:\Users\sonny\Downloads\Compressed\Fv2Trainer2014.zip a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
C:\Users\sonny\Downloads\Compressed\Fv2Trainer2014\Fv2Trainer2014.exe a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
C:\Users\sonny\Downloads\eCollidex Gaming Library 6.0\eCollidex Gaming Library.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
C:\Users\sonny\Downloads\Programs\ccsetup415_2.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\sonny\Downloads\Programs\CheatEngine63.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\sonny\Downloads\Programs\HSS-3.42-install-hss-561-conduit.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Users\sonny\Downloads\Programs\spotydl_setup.exe Win32/InstallMonetizer.AF potentially unwanted application deleted - quarantined
C:\Users\sonny\Downloads\Programs\taghycardia_install.exe Win32/Somoto.L potentially unwanted application deleted - quarantined
C:\Users\sonny\Downloads\Programs\TuneUpInst-2.4.8.5.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\sonny\Music\mp3s\LSharp.rar a variant of Win32/Packed.VMProtect.ABD trojan deleted - quarantined
C:\Users\sonny\Music\mp3s\lsharp.zip a variant of Win32/Packed.VMProtect.ABD trojan deleted - quarantined
C:\Users\sonny\Music\mp3s\PCheats Trainer FREE GC USA 24-08-2014.rar a variant of Win32/Packed.Themida.AAG trojan deleted - quarantined
C:\Users\sonny\Music\mp3s\PlayCheat - NAGC (03-09)\PlayCheat - NAGC (03-09)\PlayCheat - NAGC.exe a variant of Win32/GameHack.RN potentially unsafe application deleted - quarantined
D:\aecxq.pif Win32/Sality virus deleted - quarantined
D:\GTA\vorbis.dll Win32/Ramnit.E virus cleaned - quarantined
D:\GTA\vorbisFile.dll Win32/Ramnit.E virus cleaned - quarantined
D:\GTA\vorbishooked.dll Win32/Ramnit.E virus cleaned - quarantined
D:\O2Jam Live\OTwo.exe Win32/Sality.NBA virus cleaned - quarantined
D:\transfer to my usb\installers,files,and movies\NW1733.exe Win32/Sality.NBA virus cleaned - quarantined
D:\transfer to my usb\installers,files,and movies\AnagramMaster\Anagram Master.exe Win32/Sality.NBA virus cleaned - quarantined
D:\transfer to my usb\installers,files,and movies\FastStone_Capture_for_Windows_v6.7\FastStone Capture for Windows v6.7\FSCaptureSetup67.exe Win32/Sality.NBA virus cleaned - quarantined
D:\transfer to my usb\installers,files,and movies\FastStone_Capture_for_Windows_v6.7\FastStone Capture for Windows v6.7\Cracked by CREC\FSCapture.exe Win32/Sality.NBA virus cleaned - quarantined
D:\transfer to my usb\installers,files,and movies\nid for speed\NFSU2_RIP\fovnfsu2\eauninstall.exe Win32/Sality.NBA virus cleaned - quarantined
D:\transfer to my usb\installers,files,and movies\nid for speed\NFSU2_RIP\fovnfsu2\Support\EasyInfo.exe Win32/Sality.NBA virus cleaned - quarantined
D:\transfer to my usb\installers,files,and movies\nid for speed\NFSU2_RIP\fovnfsu2\Support\EReg.exe Win32/Sality.NBA virus cleaned - quarantined
D:\transfer to my usb\installers,files,and movies\nid for speed\NFSU2_RIP\fovnfsu2\Support\Need for Speed Underground 2_code.exe Win32/Sality.NBA virus cleaned - quarantined
D:\transfer to my usb\installers,files,and movies\nid for speed\NFSU2_RIP\fovnfsu2\Support\Need for Speed Underground 2_uninst.exe Win32/Sality.NBA virus cleaned - quarantined
D:\transfer to my usb\installers,files,and movies\PerfectWorldTideborne\PerfectWorldTideborne100713.exe Win32/Sality.NBA virus cleaned - quarantined
 


15:27:10.0767 0x0f5c  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:27:12.0712 0x0f5c  ============================================================
15:27:12.0712 0x0f5c  Current date / time: 2014/11/12 15:27:12.0712
15:27:12.0712 0x0f5c  SystemInfo:
15:27:12.0712 0x0f5c 
15:27:12.0713 0x0f5c  OS Version: 6.1.7601 ServicePack: 1.0
15:27:12.0713 0x0f5c  Product type: Workstation
15:27:12.0713 0x0f5c  ComputerName: MATT-PC
15:27:12.0713 0x0f5c  UserName: sonny
15:27:12.0713 0x0f5c  Windows directory: C:\Windows
15:27:12.0713 0x0f5c  System windows directory: C:\Windows
15:27:12.0713 0x0f5c  Running under WOW64
15:27:12.0713 0x0f5c  Processor architecture: Intel x64
15:27:12.0713 0x0f5c  Number of processors: 4
15:27:12.0713 0x0f5c  Page size: 0x1000
15:27:12.0713 0x0f5c  Boot type: Normal boot
15:27:12.0713 0x0f5c  ============================================================
15:27:12.0715 0x0f5c  BG loaded
15:27:16.0141 0x0f5c  System UUID: {3B958C34-E644-9920-361B-8162B1E294D4}
15:27:20.0773 0x0f5c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:27:20.0835 0x0f5c  ============================================================
15:27:20.0835 0x0f5c  \Device\Harddisk0\DR0:
15:27:20.0914 0x0f5c  MBR partitions:
15:27:20.0914 0x0f5c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:27:20.0914 0x0f5c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C6000
15:27:20.0914 0x0f5c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x12F35800
15:27:20.0914 0x0f5c  ============================================================
15:27:21.0186 0x0f5c  C: <-> \Device\Harddisk0\DR0\Partition3
15:27:21.0489 0x0f5c  D: <-> \Device\Harddisk0\DR0\Partition2
15:27:21.0489 0x0f5c  ============================================================
15:27:21.0489 0x0f5c  Initialize success
15:27:21.0489 0x0f5c  ============================================================
15:27:47.0706 0x11cc  ============================================================
15:27:47.0706 0x11cc  Scan started
15:27:47.0706 0x11cc  Mode: Manual; SigCheck; TDLFS;
15:27:47.0706 0x11cc  ============================================================
15:27:47.0706 0x11cc  KSN ping started
15:27:51.0827 0x11cc  KSN ping finished: true
15:28:19.0321 0x11cc  ================ Scan system memory ========================
15:28:19.0321 0x11cc  System memory - ok
15:28:19.0323 0x11cc  ================ Scan services =============================
15:28:19.0904 0x11cc  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:28:20.0511 0x11cc  !SASCORE - ok
15:28:21.0293 0x11cc  1394hub - ok
15:28:21.0425 0x11cc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:28:21.0562 0x11cc  1394ohci - ok
15:28:21.0682 0x11cc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:28:21.0711 0x11cc  ACPI - ok
15:28:21.0807 0x11cc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:28:21.0984 0x11cc  AcpiPmi - ok
15:28:22.0146 0x11cc  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:28:22.0176 0x11cc  AdobeARMservice - ok
15:28:22.0828 0x11cc  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:28:22.0871 0x11cc  AdobeFlashPlayerUpdateSvc - ok
15:28:22.0944 0x11cc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:28:22.0996 0x11cc  adp94xx - ok
15:28:23.0025 0x11cc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:28:23.0057 0x11cc  adpahci - ok
15:28:23.0120 0x11cc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:28:23.0186 0x11cc  adpu320 - ok
15:28:23.0255 0x11cc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:28:23.0366 0x11cc  AeLookupSvc - ok
15:28:23.0502 0x11cc  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
15:28:23.0583 0x11cc  AFD - ok
15:28:23.0628 0x11cc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:28:23.0646 0x11cc  agp440 - ok
15:28:23.0681 0x11cc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:28:23.0777 0x11cc  ALG - ok
15:28:23.0829 0x11cc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:28:23.0876 0x11cc  aliide - ok
15:28:23.0956 0x11cc  [ DDEA39A56B801A675E118429AF6A30D2, D61A702E8777514A6926D1D5EB180F33C6317871013B355E7C17FE37C14C5D7F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:28:24.0091 0x11cc  AMD External Events Utility - ok
15:28:24.0132 0x11cc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:28:24.0163 0x11cc  amdide - ok
15:28:24.0191 0x11cc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:28:24.0232 0x11cc  AmdK8 - ok
15:28:27.0178 0x11cc  [ 7F2BDD27F3611041D6B0D6C565A748A7, F74A3589253AAEDAFB15D5C439771339FC3B78B1CE51409A630822B653D4885D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:28:27.0677 0x11cc  amdkmdag - ok
15:28:27.0820 0x11cc  [ 8E2A3479CF4E871F37D0F023692E6694, BE995D5679ABEF800E24208A068C44A10607305A8C328FF29A11DCAAB4D18FBB ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:28:27.0880 0x11cc  amdkmdap - ok
15:28:27.0964 0x11cc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:28:28.0026 0x11cc  AmdPPM - ok
15:28:28.0072 0x11cc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:28:28.0101 0x11cc  amdsata - ok
15:28:28.0133 0x11cc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:28:28.0174 0x11cc  amdsbs - ok
15:28:28.0196 0x11cc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:28:28.0254 0x11cc  amdxata - ok
15:28:28.0736 0x11cc  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
15:28:28.0812 0x11cc  AppHostSvc - ok
15:28:28.0877 0x11cc  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:28:29.0005 0x11cc  AppID - ok
15:28:29.0114 0x11cc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:28:29.0249 0x11cc  AppIDSvc - ok
15:28:29.0321 0x11cc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
15:28:29.0457 0x11cc  Appinfo - ok
15:28:29.0517 0x11cc  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:28:29.0645 0x11cc  AppMgmt - ok
15:28:29.0683 0x11cc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:28:29.0704 0x11cc  arc - ok
15:28:29.0733 0x11cc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys


15:28:29.0778 0x11cc  arcsas - ok
15:28:30.0038 0x11cc  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:28:30.0340 0x11cc  aspnet_state - ok
15:28:30.0529 0x11cc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:30.0662 0x11cc  AsyncMac - ok
15:28:30.0852 0x11cc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:28:30.0909 0x11cc  atapi - ok
15:28:31.0117 0x11cc  [ C22D4905DDDF73EB0349D3B0604234A2, F86220290663FA95F3D8181D41F9D105634A62D50856BCEB174B9675F8DD7669 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:28:31.0264 0x11cc  AtiHDAudioService - ok
15:28:32.0706 0x11cc  [ 7F2BDD27F3611041D6B0D6C565A748A7, F74A3589253AAEDAFB15D5C439771339FC3B78B1CE51409A630822B653D4885D ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:28:33.0145 0x11cc  atikmdag - ok
15:28:33.0247 0x11cc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:28:33.0332 0x11cc  AudioEndpointBuilder - ok
15:28:33.0363 0x11cc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:28:33.0452 0x11cc  AudioSrv - ok
15:28:33.0489 0x11cc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:28:33.0567 0x11cc  AxInstSV - ok
15:28:33.0639 0x11cc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:28:33.0748 0x11cc  b06bdrv - ok
15:28:33.0786 0x11cc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:28:33.0826 0x11cc  b57nd60a - ok
15:28:34.0368 0x11cc  [ B5D54119CE0BB77872C33A717CB76386, 9FFCEE1BB04FD595553F83CE98A16AE9AFDF7DDB4B7390F57DFAA80CCF36459E ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
15:28:34.0622 0x11cc  BCM43XX - ok
15:28:34.0665 0x11cc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:28:34.0805 0x11cc  BDESVC - ok
15:28:34.0845 0x11cc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:28:34.0916 0x11cc  Beep - ok
15:28:35.0088 0x11cc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:28:35.0143 0x11cc  BFE - ok
15:28:35.0565 0x11cc  BITCOMET_HELPER_SERVICE - ok
15:28:35.0930 0x11cc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:28:36.0050 0x11cc  BITS - ok
15:28:36.0314 0x11cc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:28:36.0421 0x11cc  blbdrive - ok
15:28:36.0724 0x11cc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:28:36.0811 0x11cc  bowser - ok
15:28:36.0870 0x11cc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:28:36.0997 0x11cc  BrFiltLo - ok
15:28:37.0050 0x11cc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:28:37.0121 0x11cc  BrFiltUp - ok
15:28:37.0389 0x11cc  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] Bridge          C:\Windows\system32\DRIVERS\bridge.sys
15:28:37.0522 0x11cc  Bridge - ok
15:28:37.0663 0x11cc  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:28:37.0722 0x11cc  BridgeMP - ok
15:28:37.0860 0x11cc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:28:37.0916 0x11cc  Browser - ok
15:28:38.0057 0x11cc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:28:38.0192 0x11cc  Brserid - ok
15:28:38.0230 0x11cc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:28:38.0311 0x11cc  BrSerWdm - ok
15:28:38.0318 0x11cc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:28:38.0371 0x11cc  BrUsbMdm - ok
15:28:38.0387 0x11cc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:28:38.0437 0x11cc  BrUsbSer - ok
15:28:38.0549 0x11cc  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:28:38.0591 0x11cc  BthEnum - ok
15:28:38.0635 0x11cc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:28:38.0724 0x11cc  BTHMODEM - ok
15:28:38.0848 0x11cc  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:28:38.0961 0x11cc  BthPan - ok
15:28:39.0040 0x11cc  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:28:39.0158 0x11cc  BTHPORT - ok
15:28:39.0207 0x11cc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:28:39.0300 0x11cc  bthserv - ok
15:28:39.0356 0x11cc  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:28:39.0453 0x11cc  BTHUSB - ok
15:28:39.0503 0x11cc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:28:39.0646 0x11cc  cdfs - ok
15:28:39.0821 0x11cc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:28:39.0960 0x11cc  cdrom - ok
15:28:40.0025 0x11cc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:28:40.0161 0x11cc  CertPropSvc - ok
15:28:40.0204 0x11cc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:28:40.0296 0x11cc  circlass - ok
15:28:40.0491 0x11cc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:28:40.0553 0x11cc  CLFS - ok
15:28:40.0829 0x11cc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:40.0862 0x11cc  clr_optimization_v2.0.50727_32 - ok
15:28:40.0924 0x11cc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:28:40.0938 0x11cc  clr_optimization_v2.0.50727_64 - ok
15:28:41.0039 0x11cc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:41.0473 0x11cc  clr_optimization_v4.0.30319_32 - ok
15:28:41.0534 0x11cc  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:28:41.0982 0x11cc  clr_optimization_v4.0.30319_64 - ok
15:28:42.0181 0x11cc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:28:42.0299 0x11cc  CmBatt - ok
15:28:42.0498 0x11cc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:28:42.0634 0x11cc  cmdide - ok
15:28:42.0964 0x11cc  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:28:43.0103 0x11cc  CNG - ok
15:28:43.0759 0x11cc  [ 1F925AA990A6A446E8BA926B2D0A5201, F278C272E3F40C37D04935CE19938C4B63A4BC2AA378D0F56C32FE78308D6993 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
15:28:43.0828 0x11cc  CnxtHdAudService - ok
15:28:43.0976 0x11cc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:28:44.0018 0x11cc  Compbatt - ok
15:28:44.0208 0x11cc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:28:44.0311 0x11cc  CompositeBus - ok
15:28:44.0316 0x11cc  COMSysApp - ok
15:28:44.0419 0x11cc  cpudrv64 - ok
15:28:44.0473 0x11cc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:28:44.0585 0x11cc  crcdisk - ok
15:28:44.0676 0x11cc  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:28:44.0829 0x11cc  CryptSvc - ok
15:28:45.0242 0x11cc  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
15:28:45.0382 0x11cc  CSC - ok
15:28:45.0688 0x11cc  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
15:28:45.0848 0x11cc  CscService - ok
15:28:46.0007 0x11cc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:28:46.0121 0x11cc  DcomLaunch - ok
15:28:46.0235 0x11cc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:28:47.0197 0x11cc  defragsvc - ok
15:28:48.0691 0x11cc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:28:48.0860 0x11cc  DfsC - ok
15:28:49.0237 0x11cc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:28:49.0323 0x11cc  Dhcp - ok
15:28:49.0482 0x11cc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:28:49.0658 0x11cc  discache - ok
15:28:49.0810 0x11cc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:28:49.0873 0x11cc  Disk - ok
15:28:49.0967 0x11cc  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
15:28:50.0150 0x11cc  dmvsc - ok
15:28:50.0372 0x11cc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:28:50.0516 0x11cc  Dnscache - ok
15:28:50.0688 0x11cc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:28:50.0966 0x11cc  dot3svc - ok
15:28:51.0104 0x11cc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:28:51.0208 0x11cc  DPS - ok
15:28:51.0330 0x11cc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:28:51.0705 0x11cc  drmkaud - ok
15:28:52.0236 0x11cc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:28:52.0316 0x11cc  DXGKrnl - ok
15:28:52.0537 0x11cc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:28:52.0647 0x11cc  EapHost - ok
15:28:53.0927 0x11cc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:28:54.0478 0x11cc  ebdrv - ok
15:28:54.0625 0x11cc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
15:28:54.0640 0x11cc  EFS - ok
15:28:55.0516 0x11cc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:28:55.0590 0x11cc  ehRecvr - ok
15:28:56.0012 0x11cc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:28:56.0047 0x11cc  ehSched - ok
15:28:56.0498 0x11cc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:28:56.0687 0x11cc  elxstor - ok
15:28:56.0745 0x11cc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:28:56.0797 0x11cc  ErrDev - ok
15:28:57.0169 0x11cc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:28:57.0320 0x11cc  EventSystem - ok
15:28:57.0462 0x11cc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:28:57.0681 0x11cc  exfat - ok
15:28:57.0934 0x11cc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:28:58.0299 0x11cc  fastfat - ok
15:28:58.0534 0x11cc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users