Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 trojans found after removal of strong malware defender.


  • Please log in to reply
10 replies to this topic

#1 misscrow

misscrow

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 28 February 2012 - 10:26 PM

Hi guys hopefully someone can point me in the right direction. I have no idea what im doing so please be gentle. 2 nights ago i was reading some gossip pages and picked up a lovely program called Strong Malware Defender. I used the removal guide I found on this site and successfully removed the program (completed up to & inc step 24).

Since then Microsoft Security Essentials picked up a trojan virus and removed it, within a few hours it picked up the same one again - Trojan:Win32/Lethic.B. My computer is now only able to operate in safe mode as it is so slow & jams up then shuts down saying a problem has caused windows to close - the box doesn't stay long enough to read any further. It has closed and restarted at least 20+ times in 24hrs, i fear I may have to throw it against the wall soon. I have run MSE at least 4 times and cant detect any other virus'. I am at a loss as to what to do from here, any ideas?

I am running windows 7 & only use Internet Explorer v8.

Thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 AM

Posted 28 February 2012 - 10:43 PM

Hello reboot into Safe Mode with Networking.
Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode

<<><<><><><><><><><><><><><><><><><><><><><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

>>>>>>>>>>
Run RKill again.....


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>

Please download SUPERAntiSpyware Free and follow these instructions for performing a scan.

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Be sure to update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download them from here.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY) under Select Scan Type.
To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 misscrow

misscrow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 29 February 2012 - 08:41 AM

Thanks for the reply, have done all requested here are the results:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.29.03

Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Kaz :: KAZ-PC [administrator]

Protection: Disabled

29/02/2012 9:14:41 PM
mbam-log-2012-02-29 (21-14-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180080
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/29/2012 at 07:30 PM

Application Version : 5.0.1144

Core Rules Database Version : 8288
Trace Rules Database Version: 6100

Scan type : Complete Scan
Total Scan Time : 00:42:02

Operating System Information
Windows 7 Ultimate 32-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 411
Memory threats detected : 0
Registry items scanned : 35872
Registry threats detected : 5
File items scanned : 33703
File threats detected : 229

Browser Hijacker.Internet Explorer Settings Hijack
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=8044&q={searchTerms} ]
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=8044&q={searchTerms} ]
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=8044&q={searchTerms} ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=8044&q={searchTerms} ]

Malware.Trace
HKU\S-1-5-21-450161547-2837940806-3967326010-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Adware.Tracking Cookie
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@247realmedia[2].txt [ /247realmedia ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@2o7[1].txt [ /2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@a1.interclick[1].txt [ /a1.interclick ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@accounts.google[2].txt [ /accounts.google ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ad.360yield[2].txt [ /ad.360yield ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ad.adperium[2].txt [ /ad.adperium ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@adbrite[2].txt [ /adbrite ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@adinterax[2].txt [ /adinterax ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.ad4game[2].txt [ /ads.ad4game ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.adk2[2].txt [ /ads.adk2 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.bleepingcomputer[2].txt [ /ads.bleepingcomputer ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.gamerpublishing[2].txt [ /ads.gamerpublishing ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.intergi[1].txt [ /ads.intergi ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.llli[1].txt [ /ads.llli ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.lycos[2].txt [ /ads.lycos ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.ookla[1].txt [ /ads.ookla ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.planet49[1].txt [ /ads.planet49 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.pubmatic[2].txt [ /ads.pubmatic ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ads.undertone[2].txt [ /ads.undertone ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@adserver.adtechus[1].txt [ /adserver.adtechus ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@adtech[1].txt [ /adtech ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@advertising[1].txt [ /advertising ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@adxpose[2].txt [ /adxpose ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@akamai.interclickproxy[2].txt [ /akamai.interclickproxy ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@amazon-adsystem[1].txt [ /amazon-adsystem ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@apmebf[1].txt [ /apmebf ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ar.atwola[1].txt [ /ar.atwola ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@at.atwola[1].txt [ /at.atwola ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@atdmt[1].txt [ /atdmt ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@australiapost.122.2o7[1].txt [ /australiapost.122.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@bankwest.112.2o7[1].txt [ /bankwest.112.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@beta-ads.ace.advertising[2].txt [ /beta-ads.ace.advertising ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@bs.serving-sys[2].txt [ /bs.serving-sys ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@burstnet[2].txt [ /burstnet ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@c.atdmt[2].txt [ /c.atdmt ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@care2.112.2o7[1].txt [ /care2.112.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@casalemedia[1].txt [ /casalemedia ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@cba.122.2o7[1].txt [ /cba.122.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@cbsdigitalmedia.112.2o7[1].txt [ /cbsdigitalmedia.112.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@collective-media[2].txt [ /collective-media ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@da-tracking[2].txt [ /da-tracking ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@dc.tremormedia[2].txt [ /dc.tremormedia ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@dealtime[1].txt [ /dealtime ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@discountbabywarehouse.com[2].txt [ /discountbabywarehouse.com ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@dmtracker[1].txt [ /dmtracker ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@doubleclick[1].txt [ /doubleclick ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@e-2dj6wdlyoocjclq.stats.esomniture[2].txt [ /e-2dj6wdlyoocjclq.stats.esomniture ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@e-2dj6wflyqjcpaho.stats.esomniture[2].txt [ /e-2dj6wflyqjcpaho.stats.esomniture ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@e-2dj6wjkoenc5mgq.stats.esomniture[2].txt [ /e-2dj6wjkoenc5mgq.stats.esomniture ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@e-2dj6wjlicpczafo.stats.esomniture[1].txt [ /e-2dj6wjlicpczafo.stats.esomniture ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@e-2dj6wnliepdjsko.stats.esomniture[2].txt [ /e-2dj6wnliepdjsko.stats.esomniture ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@f.blogads[2].txt [ /f.blogads ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@fastclick[1].txt [ /fastclick ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@fidelity.rotator.hadj7.adjuggler[2].txt [ /fidelity.rotator.hadj7.adjuggler ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@gamestats[1].txt [ /gamestats ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@giftscom.122.2o7[1].txt [ /giftscom.122.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@gr.burstnet[2].txt [ /gr.burstnet ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@h.atdmt[2].txt [ /h.atdmt ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@harveynorman.findnearest.com[2].txt [ /harveynorman.findnearest.com ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@hearstugo.112.2o7[1].txt [ /hearstugo.112.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@histats[1].txt [ /histats ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@iinet.122.2o7[1].txt [ /iinet.122.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@interclick[2].txt [ /interclick ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@invitemedia[1].txt [ /invitemedia ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@kontera[1].txt [ /kontera ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@legolas-media[2].txt [ /legolas-media ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@lfstmedia[2].txt [ /lfstmedia ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@liveperson[1].txt [ /liveperson ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@liveperson[3].txt [ /liveperson ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@liveperson[4].txt [ /liveperson ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@lucidmedia[1].txt [ /lucidmedia ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@medhelpinternational.112.2o7[1].txt [ /medhelpinternational.112.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@media.sensis.com[1].txt [ /media.sensis.com ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@media6degrees[1].txt [ /media6degrees ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@mediafire[1].txt [ /mediafire ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@mediaplex[2].txt [ /mediaplex ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@mm.chitika[2].txt [ /mm.chitika ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@msnbc.112.2o7[1].txt [ /msnbc.112.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@myaccount2.westnet.com[1].txt [ /myaccount2.westnet.com ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@nakedsecurity.sophos[2].txt [ /nakedsecurity.sophos ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@network.realmedia[1].txt [ /network.realmedia ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@optus.112.2o7[1].txt [ /optus.112.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@overture[1].txt [ /overture ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@paypal.112.2o7[1].txt [ /paypal.112.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@pro-market[2].txt [ /pro-market ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@questionmarket[2].txt [ /questionmarket ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@realmedia[1].txt [ /realmedia ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@revsci[2].txt [ /revsci ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@rts.pgmediaserve[1].txt [ /rts.pgmediaserve ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@ru4[2].txt [ /ru4 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@sales.liveperson[2].txt [ /sales.liveperson ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@samsclub.112.2o7[1].txt [ /samsclub.112.2o7 ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@server.cpmstar[2].txt [ /server.cpmstar ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@server.iad.liveperson[1].txt [ /server.iad.liveperson ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@serving-sys[2].txt [ /serving-sys ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@specificclick[1].txt [ /specificclick ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@stat.dealtime[1].txt [ /stat.dealtime ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@statcounter[1].txt [ /statcounter ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@statse.webtrendslive[1].txt [ /statse.webtrendslive ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@tacoda.at.atwola[2].txt [ /tacoda.at.atwola ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@tribalfusion[1].txt [ /tribalfusion ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@viacom.adbureau[2].txt [ /viacom.adbureau ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.burstnet[1].txt [ /www.burstnet ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.gamestracker[2].txt [ /www.gamestracker ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.googleadservices[1].txt [ /www.googleadservices ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.googleadservices[2].txt [ /www.googleadservices ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.googleadservices[3].txt [ /www.googleadservices ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.googleadservices[4].txt [ /www.googleadservices ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.googleadservices[5].txt [ /www.googleadservices ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.googleadservices[7].txt [ /www.googleadservices ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.googleadservices[9].txt [ /www.googleadservices ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.houseandlandfinder.stockland.com[1].txt [ /www.houseandlandfinder.stockland.com ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@yadro[1].txt [ /yadro ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@yieldmanager[2].txt [ /yieldmanager ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@z.blogads[2].txt [ /z.blogads ]
C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Cookies\kaz@zedo[2].txt [ /zedo ]
C:\USERS\KAZ\AppData\Roaming\Microsoft\Windows\Cookies\kaz@www.babycenter.com[2].txt [ Cookie:kaz@www.babycenter.com.au/baby/formula/findrightformula/ ]
C:\USERS\KAZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaz@adxpose[1].txt [ Cookie:kaz@adxpose.com/ ]
C:\USERS\KAZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaz@bs.serving-sys[2].txt [ Cookie:kaz@bs.serving-sys.com/ ]
C:\USERS\KAZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaz@solvemedia[2].txt [ Cookie:kaz@solvemedia.com/ ]
C:\USERS\KAZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaz@collective-media[2].txt [ Cookie:kaz@collective-media.net/ ]
C:\USERS\KAZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaz@c.atdmt[1].txt [ Cookie:kaz@c.atdmt.com/ ]
C:\USERS\KAZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaz@imrworldwide[2].txt [ Cookie:kaz@imrworldwide.com/cgi-bin ]
C:\USERS\KAZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\kaz@serving-sys[2].txt [ Cookie:kaz@serving-sys.com/ ]
C:\USERS\KAZ\Cookies\kaz@akamai.interclickproxy[2].txt [ Cookie:kaz@akamai.interclickproxy.com/ ]
C:\USERS\KAZ\Cookies\kaz@advertising[1].txt [ Cookie:kaz@advertising.com/ ]
C:\USERS\KAZ\Cookies\kaz@a1.interclick[1].txt [ Cookie:kaz@a1.interclick.com/ ]
C:\USERS\KAZ\Cookies\kaz@casalemedia[1].txt [ Cookie:kaz@casalemedia.com/ ]
C:\USERS\KAZ\Cookies\kaz@gr.burstnet[2].txt [ Cookie:kaz@gr.burstnet.com/ ]
C:\USERS\KAZ\Cookies\kaz@adserver.adtechus[1].txt [ Cookie:kaz@adserver.adtechus.com/ ]
C:\USERS\KAZ\Cookies\kaz@iinet.122.2o7[1].txt [ Cookie:kaz@iinet.122.2o7.net/ ]
C:\USERS\KAZ\Cookies\kaz@2o7[1].txt [ Cookie:kaz@2o7.net/ ]
C:\USERS\KAZ\Cookies\kaz@giftscom.122.2o7[1].txt [ Cookie:kaz@giftscom.122.2o7.net/ ]
C:\USERS\KAZ\Cookies\kaz@bs.serving-sys[2].txt [ Cookie:kaz@bs.serving-sys.com/ ]
C:\USERS\KAZ\Cookies\kaz@adxpose[2].txt [ Cookie:kaz@adxpose.com/ ]
C:\USERS\KAZ\Cookies\kaz@tribalfusion[1].txt [ Cookie:kaz@tribalfusion.com/ ]
C:\USERS\KAZ\Cookies\kaz@ru4[2].txt [ Cookie:kaz@ru4.com/ ]
C:\USERS\KAZ\Cookies\kaz@at.atwola[1].txt [ Cookie:kaz@at.atwola.com/ ]
C:\USERS\KAZ\Cookies\kaz@media.sensis.com[1].txt [ Cookie:kaz@media.sensis.com.au/ ]
C:\USERS\KAZ\Cookies\kaz@f.blogads[2].txt [ Cookie:kaz@f.blogads.com/ ]
C:\USERS\KAZ\Cookies\kaz@mediaplex[2].txt [ Cookie:kaz@mediaplex.com/ ]
C:\USERS\KAZ\Cookies\kaz@lfstmedia[2].txt [ Cookie:kaz@lfstmedia.com/ ]
C:\USERS\KAZ\Cookies\kaz@fastclick[1].txt [ Cookie:kaz@fastclick.net/ ]
C:\USERS\KAZ\Cookies\kaz@doubleclick[1].txt [ Cookie:kaz@doubleclick.net/ ]
C:\USERS\KAZ\Cookies\kaz@collective-media[2].txt [ Cookie:kaz@collective-media.net/ ]
C:\USERS\KAZ\Cookies\kaz@myaccount2.westnet.com[1].txt [ Cookie:kaz@myaccount2.westnet.com.au/ ]
C:\USERS\KAZ\Cookies\kaz@liveperson[1].txt [ Cookie:kaz@liveperson.net/ ]
C:\USERS\KAZ\Cookies\kaz@c.atdmt[2].txt [ Cookie:kaz@c.atdmt.com/ ]
C:\USERS\KAZ\Cookies\kaz@e-2dj6wdlyoocjclq.stats.esomniture[2].txt [ Cookie:kaz@e-2dj6wdlyoocjclq.stats.esomniture.com/ ]
C:\USERS\KAZ\Cookies\kaz@bankwest.112.2o7[1].txt [ Cookie:kaz@bankwest.112.2o7.net/ ]
C:\USERS\KAZ\Cookies\kaz@australiapost.122.2o7[1].txt [ Cookie:kaz@australiapost.122.2o7.net/ ]
C:\USERS\KAZ\Cookies\kaz@pro-market[2].txt [ Cookie:kaz@pro-market.net/ ]
C:\USERS\KAZ\Cookies\kaz@da-tracking[2].txt [ Cookie:kaz@da-tracking.com/ ]
C:\USERS\KAZ\Cookies\kaz@lucidmedia[1].txt [ Cookie:kaz@lucidmedia.com/ ]
C:\USERS\KAZ\Cookies\kaz@yieldmanager[2].txt [ Cookie:kaz@yieldmanager.net/ ]
C:\USERS\KAZ\Cookies\kaz@overture[1].txt [ Cookie:kaz@overture.com/ ]
C:\USERS\KAZ\Cookies\kaz@statse.webtrendslive[1].txt [ Cookie:kaz@statse.webtrendslive.com/ ]
C:\USERS\KAZ\Cookies\kaz@stat.dealtime[1].txt [ Cookie:kaz@stat.dealtime.com/ ]
C:\USERS\KAZ\Cookies\kaz@liveperson[4].txt [ Cookie:kaz@liveperson.net/hc/21394572 ]
C:\USERS\KAZ\Cookies\kaz@amazon-adsystem[1].txt [ Cookie:kaz@amazon-adsystem.com/ ]
C:\USERS\KAZ\Cookies\kaz@imrworldwide[2].txt [ Cookie:kaz@imrworldwide.com/cgi-bin ]
C:\USERS\KAZ\Cookies\kaz@accounts.google[2].txt [ Cookie:kaz@accounts.google.com/ ]
C:\USERS\KAZ\Cookies\kaz@zedo[2].txt [ Cookie:kaz@zedo.com/ ]
C:\USERS\KAZ\Cookies\kaz@serving-sys[2].txt [ Cookie:kaz@serving-sys.com/ ]
C:\USERS\KAZ\Cookies\kaz@e-2dj6wflyqjcpaho.stats.esomniture[2].txt [ Cookie:kaz@e-2dj6wflyqjcpaho.stats.esomniture.com/ ]
C:\USERS\KAZ\Cookies\kaz@beta-ads.ace.advertising[2].txt [ Cookie:kaz@beta-ads.ace.advertising.com/ ]
C:\USERS\KAZ\Cookies\kaz@ar.atwola[1].txt [ Cookie:kaz@ar.atwola.com/ ]
C:\USERS\KAZ\Cookies\kaz@network.realmedia[1].txt [ Cookie:kaz@network.realmedia.com/ ]
C:\USERS\KAZ\Cookies\kaz@discountbabywarehouse.com[2].txt [ Cookie:kaz@discountbabywarehouse.com.au/ ]
C:\USERS\KAZ\Cookies\kaz@interclick[2].txt [ Cookie:kaz@interclick.com/ ]
C:\USERS\KAZ\Cookies\kaz@z.blogads[2].txt [ Cookie:kaz@z.blogads.com/ ]
C:\USERS\KAZ\Cookies\kaz@invitemedia[1].txt [ Cookie:kaz@invitemedia.com/ ]
C:\USERS\KAZ\Cookies\kaz@ad.yieldmanager[2].txt [ Cookie:kaz@ad.yieldmanager.com/ ]
C:\USERS\KAZ\Cookies\kaz@revsci[2].txt [ Cookie:kaz@revsci.net/ ]
C:\USERS\KAZ\Cookies\kaz@apmebf[1].txt [ Cookie:kaz@apmebf.com/ ]
C:\USERS\KAZ\Cookies\kaz@burstnet[2].txt [ Cookie:kaz@burstnet.com/ ]
C:\USERS\KAZ\Cookies\kaz@dmtracker[1].txt [ Cookie:kaz@dmtracker.com/ ]
C:\USERS\KAZ\Cookies\kaz@www.googleadservices[2].txt [ Cookie:kaz@www.googleadservices.com/pagead/conversion/1036236645/ ]
C:\USERS\KAZ\Cookies\kaz@sales.liveperson[2].txt [ Cookie:kaz@sales.liveperson.net/ ]
C:\USERS\KAZ\Cookies\kaz@www.googleadservices[5].txt [ Cookie:kaz@www.googleadservices.com/pagead/conversion/1058518132/ ]
C:\USERS\KAZ\Cookies\kaz@www.babycenter.com[2].txt [ Cookie:kaz@www.babycenter.com.au/baby/formula/findrightformula/ ]
C:\USERS\KAZ\Cookies\kaz@www.googleadservices[4].txt [ Cookie:kaz@www.googleadservices.com/pagead/conversion/1063069866/ ]
C:\USERS\KAZ\Cookies\kaz@nakedsecurity.sophos[2].txt [ Cookie:kaz@nakedsecurity.sophos.com/ ]
C:\USERS\KAZ\Cookies\kaz@www.googleadservices[9].txt [ Cookie:kaz@www.googleadservices.com/pagead/conversion/1029028100/ ]
C:\USERS\KAZ\Cookies\kaz@www.gamestracker[2].txt [ Cookie:kaz@www.gamestracker.com/ ]
C:\USERS\KAZ\Cookies\kaz@www.googleadservices[7].txt [ Cookie:kaz@www.googleadservices.com/pagead/conversion/1045942676/ ]
C:\USERS\KAZ\Cookies\kaz@samsclub.112.2o7[1].txt [ Cookie:kaz@samsclub.112.2o7.net/ ]
C:\USERS\KAZ\Cookies\kaz@dc.tremormedia[2].txt [ Cookie:kaz@dc.tremormedia.com/ ]
C:\USERS\KAZ\Cookies\kaz@dealtime[1].txt [ Cookie:kaz@dealtime.com/ ]
C:\USERS\KAZ\Cookies\kaz@e-2dj6wjkoenc5mgq.stats.esomniture[2].txt [ Cookie:kaz@e-2dj6wjkoenc5mgq.stats.esomniture.com/ ]
C:\USERS\KAZ\Cookies\kaz@mediafire[1].txt [ Cookie:kaz@mediafire.com/ ]
C:\USERS\KAZ\Cookies\kaz@cbsdigitalmedia.112.2o7[1].txt [ Cookie:kaz@cbsdigitalmedia.112.2o7.net/ ]
C:\USERS\KAZ\Cookies\kaz@medhelpinternational.112.2o7[1].txt [ Cookie:kaz@medhelpinternational.112.2o7.net/ ]
C:\USERS\KAZ\Cookies\kaz@optus.112.2o7[1].txt [ Cookie:kaz@optus.112.2o7.net/ ]
C:\USERS\KAZ\Cookies\kaz@realmedia[1].txt [ Cookie:kaz@realmedia.com/ ]
C:\USERS\KAZ\Cookies\kaz@www.googleadservices[1].txt [ Cookie:kaz@www.googleadservices.com/pagead/conversion/1035981211/ ]
C:\USERS\KAZ\Cookies\kaz@adtech[1].txt [ Cookie:kaz@adtech.de/ ]
C:\USERS\KAZ\Cookies\kaz@statcounter[1].txt [ Cookie:kaz@statcounter.com/ ]
C:\USERS\KAZ\Cookies\kaz@liveperson[3].txt [ Cookie:kaz@liveperson.net/hc/63133118 ]
C:\USERS\KAZ\Cookies\kaz@gamestats[1].txt [ Cookie:kaz@gamestats.com/ ]
C:\USERS\KAZ\Cookies\kaz@e-2dj6wjlicpczafo.stats.esomniture[1].txt [ Cookie:kaz@e-2dj6wjlicpczafo.stats.esomniture.com/ ]
C:\USERS\KAZ\Cookies\kaz@paypal.112.2o7[1].txt [ Cookie:kaz@paypal.112.2o7.net/ ]
C:\USERS\KAZ\Cookies\kaz@content.yieldmanager[1].txt [ Cookie:kaz@content.yieldmanager.com/ ]
C:\USERS\KAZ\Cookies\kaz@harveynorman.findnearest.com[2].txt [ Cookie:kaz@harveynorman.findnearest.com.au/ ]
C:\USERS\KAZ\Cookies\kaz@www.burstnet[1].txt [ Cookie:kaz@www.burstnet.com/ ]
ia.media-imdb.com [ C:\USERS\KAZ\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EQYC43VH ]
media.mtvnservices.com [ C:\USERS\KAZ\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EQYC43VH ]
media.perthnow.com.au [ C:\USERS\KAZ\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EQYC43VH ]
msntest.serving-sys.com [ C:\USERS\KAZ\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EQYC43VH ]
objects.tremormedia.com [ C:\USERS\KAZ\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EQYC43VH ]
secure-us.imrworldwide.com [ C:\USERS\KAZ\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EQYC43VH ]
serving-sys.com [ C:\USERS\KAZ\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EQYC43VH ]
static.discoverymedia.com [ C:\USERS\KAZ\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EQYC43VH ]
static.mediaworks.co.nz [ C:\USERS\KAZ\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\EQYC43VH ]
C:\USERS\KAZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAZ@ATDMT[2].TXT [ /ATDMT ]
C:\USERS\KAZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAZ@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\USERS\KAZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAZ@H.ATDMT[2].TXT [ /H.ATDMT ]
C:\USERS\KAZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAZ@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
C:\USERS\KAZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAZ@INVITEMEDIA[3].TXT [ /INVITEMEDIA ]
C:\USERS\KAZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAZ@KONTERA[1].TXT [ /KONTERA ]
C:\USERS\KAZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAZ@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
C:\USERS\KAZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAZ@OVERTURE[1].TXT [ /OVERTURE ]
C:\USERS\KAZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KAZ@SERVING-SYS[1].TXT [ /SERVING-SYS ]

Trace.Known Threat Sources
C:\USERS\KAZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E70WG0AG\crossdomain[1].xml [ cache:wista ]
C:\USERS\KAZ\Local Settings\Temporary Internet Files\Content.IE5\E70WG0AG\crossdomain[1].xml [ cache:wista ]



18:26:47.0854 0372 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
18:26:48.0603 0372 ============================================================
18:26:48.0603 0372 Current date / time: 2012/02/29 18:26:48.0603
18:26:48.0603 0372 SystemInfo:
18:26:48.0603 0372
18:26:48.0603 0372 OS Version: 6.1.7600 ServicePack: 0.0
18:26:48.0603 0372 Product type: Workstation
18:26:48.0603 0372 ComputerName: KAZ-PC
18:26:48.0603 0372 UserName: Kaz
18:26:48.0603 0372 Windows directory: C:\Windows
18:26:48.0603 0372 System windows directory: C:\Windows
18:26:48.0603 0372 Processor architecture: Intel x86
18:26:48.0603 0372 Number of processors: 1
18:26:48.0603 0372 Page size: 0x1000
18:26:48.0603 0372 Boot type: Safe boot with network
18:26:48.0603 0372 ============================================================
18:26:50.0038 0372 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:26:50.0038 0372 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F60000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:26:58.0634 0372 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:26:58.0649 0372 \Device\Harddisk0\DR0:
18:26:58.0649 0372 MBR used
18:26:58.0649 0372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:26:58.0649 0372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
18:26:58.0649 0372 \Device\Harddisk1\DR1:
18:26:58.0649 0372 MBR used
18:26:58.0649 0372 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x40, BlocksNum 0xAEA86701
18:26:58.0649 0372 \Device\Harddisk2\DR2:
18:26:58.0649 0372 MBR used
18:26:58.0649 0372 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
18:26:58.0696 0372 Initialize success
18:26:58.0696 0372 ============================================================
18:27:10.0474 1312 ============================================================
18:27:10.0474 1312 Scan started
18:27:10.0474 1312 Mode: Manual;
18:27:10.0474 1312 ============================================================
18:27:11.0675 1312 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
18:27:11.0675 1312 1394ohci - ok
18:27:11.0722 1312 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
18:27:11.0738 1312 ACPI - ok
18:27:11.0784 1312 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
18:27:11.0784 1312 AcpiPmi - ok
18:27:11.0862 1312 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:27:11.0878 1312 adp94xx - ok
18:27:11.0909 1312 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:27:11.0925 1312 adpahci - ok
18:27:11.0956 1312 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:27:11.0956 1312 adpu320 - ok
18:27:12.0034 1312 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
18:27:12.0050 1312 AFD - ok
18:27:12.0128 1312 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
18:27:12.0128 1312 AFS - ok
18:27:12.0159 1312 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
18:27:12.0159 1312 agp440 - ok
18:27:12.0190 1312 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:27:12.0190 1312 aic78xx - ok
18:27:12.0237 1312 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
18:27:12.0237 1312 aliide - ok
18:27:12.0268 1312 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
18:27:12.0268 1312 amdagp - ok
18:27:12.0299 1312 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
18:27:12.0299 1312 amdide - ok
18:27:12.0330 1312 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:27:12.0330 1312 AmdK8 - ok
18:27:12.0362 1312 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:27:12.0362 1312 AmdPPM - ok
18:27:12.0393 1312 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
18:27:12.0393 1312 amdsata - ok
18:27:12.0424 1312 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:27:12.0440 1312 amdsbs - ok
18:27:12.0471 1312 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
18:27:12.0486 1312 amdxata - ok
18:27:12.0502 1312 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
18:27:12.0502 1312 AppID - ok
18:27:12.0564 1312 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:27:12.0564 1312 arc - ok
18:27:12.0627 1312 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:27:12.0627 1312 arcsas - ok
18:27:12.0689 1312 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:27:12.0689 1312 AsyncMac - ok
18:27:12.0736 1312 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
18:27:12.0736 1312 atapi - ok
18:27:12.0861 1312 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys
18:27:12.0939 1312 atikmdag - ok
18:27:13.0001 1312 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:27:13.0017 1312 b06bdrv - ok
18:27:13.0064 1312 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:27:13.0064 1312 b57nd60x - ok
18:27:13.0110 1312 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:27:13.0110 1312 Beep - ok
18:27:13.0173 1312 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:27:13.0173 1312 blbdrive - ok
18:27:13.0188 1312 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
18:27:13.0204 1312 bowser - ok
18:27:13.0235 1312 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:27:13.0235 1312 BrFiltLo - ok
18:27:13.0266 1312 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:27:13.0266 1312 BrFiltUp - ok
18:27:13.0298 1312 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:27:13.0313 1312 Brserid - ok
18:27:13.0329 1312 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:27:13.0344 1312 BrSerWdm - ok
18:27:13.0360 1312 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:27:13.0360 1312 BrUsbMdm - ok
18:27:13.0376 1312 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:27:13.0376 1312 BrUsbSer - ok
18:27:13.0407 1312 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:27:13.0407 1312 BTHMODEM - ok
18:27:13.0469 1312 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:27:13.0469 1312 cdfs - ok
18:27:13.0500 1312 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
18:27:13.0500 1312 cdrom - ok
18:27:13.0547 1312 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:27:13.0547 1312 circlass - ok
18:27:13.0594 1312 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:27:13.0594 1312 CLFS - ok
18:27:13.0625 1312 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:27:13.0625 1312 CmBatt - ok
18:27:13.0672 1312 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
18:27:13.0672 1312 cmdide - ok
18:27:13.0703 1312 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:27:13.0719 1312 CNG - ok
18:27:13.0750 1312 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:27:13.0750 1312 Compbatt - ok
18:27:13.0812 1312 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:27:13.0812 1312 CompositeBus - ok
18:27:13.0844 1312 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:27:13.0844 1312 crcdisk - ok
18:27:13.0906 1312 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
18:27:13.0906 1312 CSC - ok
18:27:13.0968 1312 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
18:27:13.0968 1312 DfsC - ok
18:27:14.0000 1312 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:27:14.0000 1312 discache - ok
18:27:14.0031 1312 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:27:14.0031 1312 Disk - ok
18:27:14.0093 1312 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:27:14.0093 1312 drmkaud - ok
18:27:14.0156 1312 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
18:27:14.0156 1312 DXGKrnl - ok
18:27:14.0249 1312 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:27:14.0312 1312 ebdrv - ok
18:27:14.0358 1312 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:27:14.0374 1312 elxstor - ok
18:27:14.0405 1312 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
18:27:14.0405 1312 ErrDev - ok
18:27:14.0452 1312 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:27:14.0468 1312 exfat - ok
18:27:14.0499 1312 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:27:14.0499 1312 fastfat - ok
18:27:14.0577 1312 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:27:14.0577 1312 fdc - ok
18:27:14.0608 1312 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:27:14.0624 1312 FileInfo - ok
18:27:14.0655 1312 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:27:14.0655 1312 Filetrace - ok
18:27:14.0686 1312 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:27:14.0686 1312 flpydisk - ok
18:27:14.0733 1312 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:27:14.0748 1312 FltMgr - ok
18:27:14.0795 1312 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:27:14.0795 1312 FsDepends - ok
18:27:14.0826 1312 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:27:14.0826 1312 Fs_Rec - ok
18:27:14.0858 1312 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
18:27:14.0858 1312 fvevol - ok
18:27:14.0889 1312 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:27:14.0889 1312 gagp30kx - ok
18:27:14.0936 1312 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:27:14.0936 1312 hcw85cir - ok
18:27:14.0967 1312 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:27:14.0967 1312 HDAudBus - ok
18:27:14.0982 1312 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:27:14.0982 1312 HidBatt - ok
18:27:15.0014 1312 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:27:15.0014 1312 HidBth - ok
18:27:15.0045 1312 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:27:15.0045 1312 HidIr - ok
18:27:15.0107 1312 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
18:27:15.0107 1312 HidUsb - ok
18:27:15.0154 1312 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:27:15.0154 1312 HpSAMD - ok
18:27:15.0216 1312 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\Windows\system32\DRIVERS\HPZid412.sys
18:27:15.0232 1312 HPZid412 - ok
18:27:15.0279 1312 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\Windows\system32\DRIVERS\HPZipr12.sys
18:27:15.0279 1312 HPZipr12 - ok
18:27:15.0326 1312 HPZius12 (29559db25258b60510a60c4e470fce32) C:\Windows\system32\DRIVERS\HPZius12.sys
18:27:15.0326 1312 HPZius12 - ok
18:27:15.0372 1312 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
18:27:15.0388 1312 HTTP - ok
18:27:15.0419 1312 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
18:27:15.0419 1312 hwpolicy - ok
18:27:15.0435 1312 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
18:27:15.0435 1312 i8042prt - ok
18:27:15.0482 1312 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
18:27:15.0482 1312 iaStorV - ok
18:27:15.0528 1312 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:27:15.0528 1312 iirsp - ok
18:27:15.0591 1312 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:27:15.0591 1312 intelide - ok
18:27:15.0638 1312 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:27:15.0638 1312 intelppm - ok
18:27:15.0669 1312 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:27:15.0669 1312 IpFilterDriver - ok
18:27:15.0700 1312 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:27:15.0700 1312 IPMIDRV - ok
18:27:15.0731 1312 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:27:15.0747 1312 IPNAT - ok
18:27:15.0778 1312 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:27:15.0794 1312 IRENUM - ok
18:27:15.0809 1312 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
18:27:15.0809 1312 isapnp - ok
18:27:15.0872 1312 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
18:27:15.0872 1312 iScsiPrt - ok
18:27:15.0918 1312 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:27:15.0918 1312 kbdclass - ok
18:27:15.0934 1312 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
18:27:15.0934 1312 kbdhid - ok
18:27:15.0981 1312 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
18:27:15.0981 1312 KSecDD - ok
18:27:16.0028 1312 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:27:16.0028 1312 KSecPkg - ok
18:27:16.0121 1312 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
18:27:16.0121 1312 Lavasoft Kernexplorer - ok
18:27:16.0184 1312 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
18:27:16.0184 1312 Lbd - ok
18:27:16.0262 1312 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:27:16.0262 1312 lltdio - ok
18:27:16.0324 1312 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:27:16.0324 1312 LSI_FC - ok
18:27:16.0355 1312 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:27:16.0355 1312 LSI_SAS - ok
18:27:16.0402 1312 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:27:16.0402 1312 LSI_SAS2 - ok
18:27:16.0433 1312 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:27:16.0433 1312 LSI_SCSI - ok
18:27:16.0480 1312 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:27:16.0480 1312 luafv - ok
18:27:16.0527 1312 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:27:16.0527 1312 MBAMProtector - ok
18:27:16.0589 1312 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
18:27:16.0589 1312 MBAMSwissArmy - ok
18:27:16.0636 1312 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:27:16.0652 1312 megasas - ok
18:27:16.0683 1312 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:27:16.0683 1312 MegaSR - ok
18:27:16.0745 1312 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:27:16.0745 1312 Modem - ok
18:27:16.0776 1312 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:27:16.0776 1312 monitor - ok
18:27:16.0808 1312 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:27:16.0808 1312 mouclass - ok
18:27:16.0839 1312 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:27:16.0839 1312 mouhid - ok
18:27:16.0870 1312 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
18:27:16.0886 1312 mountmgr - ok
18:27:16.0948 1312 MpFilter (eb950bfe2432d4fdcd2dda9ca7665055) C:\Windows\system32\DRIVERS\MpFilter.sys
18:27:16.0948 1312 MpFilter - ok
18:27:16.0979 1312 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
18:27:16.0995 1312 mpio - ok
18:27:17.0026 1312 MpNWMon (bfd981f12c8c6beebdca70efbfdd0a08) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:27:17.0026 1312 MpNWMon - ok
18:27:17.0057 1312 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:27:17.0057 1312 mpsdrv - ok
18:27:17.0104 1312 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
18:27:17.0104 1312 MRxDAV - ok
18:27:17.0151 1312 mrxsmb (9e5dd4ef01aed723abf5342ef23ff012) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:27:17.0151 1312 mrxsmb - ok
18:27:17.0198 1312 mrxsmb10 (6532acbf612a8d340ef9e25e4fef21ee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:27:17.0198 1312 mrxsmb10 - ok
18:27:17.0229 1312 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:27:17.0244 1312 mrxsmb20 - ok
18:27:17.0276 1312 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
18:27:17.0276 1312 msahci - ok
18:27:17.0307 1312 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
18:27:17.0307 1312 msdsm - ok
18:27:17.0354 1312 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:27:17.0354 1312 Msfs - ok
18:27:17.0385 1312 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:27:17.0400 1312 mshidkmdf - ok
18:27:17.0416 1312 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
18:27:17.0416 1312 msisadrv - ok
18:27:17.0463 1312 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:27:17.0463 1312 MSKSSRV - ok
18:27:17.0494 1312 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:27:17.0494 1312 MSPCLOCK - ok
18:27:17.0541 1312 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:27:17.0541 1312 MSPQM - ok
18:27:17.0588 1312 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:27:17.0588 1312 MsRPC - ok
18:27:17.0619 1312 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
18:27:17.0619 1312 mssmbios - ok
18:27:17.0650 1312 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:27:17.0650 1312 MSTEE - ok
18:27:17.0666 1312 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:27:17.0666 1312 MTConfig - ok
18:27:17.0712 1312 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:27:17.0712 1312 Mup - ok
18:27:17.0759 1312 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:27:17.0775 1312 NativeWifiP - ok
18:27:17.0806 1312 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
18:27:17.0822 1312 NDIS - ok
18:27:17.0868 1312 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:27:17.0868 1312 NdisCap - ok
18:27:17.0900 1312 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:27:17.0900 1312 NdisTapi - ok
18:27:17.0931 1312 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
18:27:17.0931 1312 Ndisuio - ok
18:27:17.0962 1312 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
18:27:17.0962 1312 NdisWan - ok
18:27:18.0009 1312 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
18:27:18.0009 1312 NDProxy - ok
18:27:18.0040 1312 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:27:18.0040 1312 NetBIOS - ok
18:27:18.0071 1312 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
18:27:18.0071 1312 NetBT - ok
18:27:18.0149 1312 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:27:18.0149 1312 nfrd960 - ok
18:27:18.0180 1312 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:27:18.0196 1312 Npfs - ok
18:27:18.0227 1312 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:27:18.0243 1312 nsiproxy - ok
18:27:18.0305 1312 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
18:27:18.0321 1312 Ntfs - ok
18:27:18.0352 1312 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:27:18.0352 1312 Null - ok
18:27:18.0399 1312 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
18:27:18.0399 1312 nvraid - ok
18:27:18.0430 1312 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
18:27:18.0430 1312 nvstor - ok
18:27:18.0477 1312 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
18:27:18.0477 1312 nv_agp - ok
18:27:18.0524 1312 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
18:27:18.0524 1312 ohci1394 - ok
18:27:18.0602 1312 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:27:18.0602 1312 Parport - ok
18:27:18.0617 1312 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
18:27:18.0617 1312 partmgr - ok
18:27:18.0648 1312 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:27:18.0664 1312 Parvdm - ok
18:27:18.0711 1312 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
18:27:18.0711 1312 pci - ok
18:27:18.0758 1312 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
18:27:18.0758 1312 pciide - ok
18:27:18.0773 1312 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:27:18.0773 1312 pcmcia - ok
18:27:18.0804 1312 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:27:18.0820 1312 pcw - ok
18:27:18.0867 1312 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:27:18.0867 1312 PEAUTH - ok
18:27:18.0992 1312 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:27:19.0007 1312 PptpMiniport - ok
18:27:19.0023 1312 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:27:19.0038 1312 Processor - ok
18:27:19.0085 1312 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:27:19.0085 1312 Psched - ok
18:27:19.0148 1312 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:27:19.0179 1312 ql2300 - ok
18:27:19.0210 1312 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:27:19.0226 1312 ql40xx - ok
18:27:19.0257 1312 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:27:19.0257 1312 QWAVEdrv - ok
18:27:19.0288 1312 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:27:19.0288 1312 RasAcd - ok
18:27:19.0319 1312 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:27:19.0335 1312 RasAgileVpn - ok
18:27:19.0350 1312 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:27:19.0366 1312 Rasl2tp - ok
18:27:19.0413 1312 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:27:19.0413 1312 RasPppoe - ok
18:27:19.0428 1312 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:27:19.0444 1312 RasSstp - ok
18:27:19.0475 1312 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
18:27:19.0475 1312 rdbss - ok
18:27:19.0522 1312 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:27:19.0522 1312 rdpbus - ok
18:27:19.0538 1312 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:27:19.0538 1312 RDPCDD - ok
18:27:19.0600 1312 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
18:27:19.0600 1312 RDPDR - ok
18:27:19.0647 1312 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:27:19.0647 1312 RDPENCDD - ok
18:27:19.0678 1312 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:27:19.0678 1312 RDPREFMP - ok
18:27:19.0709 1312 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
18:27:19.0709 1312 RDPWD - ok
18:27:19.0756 1312 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
18:27:19.0756 1312 rdyboost - ok
18:27:19.0865 1312 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:27:19.0881 1312 rspndr - ok
18:27:19.0928 1312 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys
18:27:19.0928 1312 s0017bus - ok
18:27:19.0974 1312 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys
18:27:19.0974 1312 s0017mdfl - ok
18:27:20.0006 1312 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys
18:27:20.0006 1312 s0017mdm - ok
18:27:20.0052 1312 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys
18:27:20.0052 1312 s0017mgmt - ok
18:27:20.0099 1312 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys
18:27:20.0099 1312 s0017nd5 - ok
18:27:20.0146 1312 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys
18:27:20.0146 1312 s0017obex - ok
18:27:20.0177 1312 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys
18:27:20.0193 1312 s0017unic - ok
18:27:20.0240 1312 s1029bus (69013a123a00b3042c260b0056df0152) C:\Windows\system32\DRIVERS\s1029bus.sys
18:27:20.0240 1312 s1029bus - ok
18:27:20.0286 1312 s1029mdfl (1565fc31f872963fe8af471123d8424c) C:\Windows\system32\DRIVERS\s1029mdfl.sys
18:27:20.0286 1312 s1029mdfl - ok
18:27:20.0318 1312 s1029mdm (d67a8042ecf6c983ac0e308b36603677) C:\Windows\system32\DRIVERS\s1029mdm.sys
18:27:20.0318 1312 s1029mdm - ok
18:27:20.0364 1312 s1029mgmt (9ac56f06c1e13a963c82ebd067fdf274) C:\Windows\system32\DRIVERS\s1029mgmt.sys
18:27:20.0364 1312 s1029mgmt - ok
18:27:20.0411 1312 s1029nd5 (00c66c6baafb2747f15f94f15888c94a) C:\Windows\system32\DRIVERS\s1029nd5.sys
18:27:20.0411 1312 s1029nd5 - ok
18:27:20.0458 1312 s1029obex (6fc093aba554e45755dc2f3896b6c8d7) C:\Windows\system32\DRIVERS\s1029obex.sys
18:27:20.0458 1312 s1029obex - ok
18:27:20.0489 1312 s1029unic (9979b0e68815394665b2109b03d15fa1) C:\Windows\system32\DRIVERS\s1029unic.sys
18:27:20.0489 1312 s1029unic - ok
18:27:20.0536 1312 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
18:27:20.0536 1312 s3cap - ok
18:27:20.0583 1312 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\Windows\system32\Drivers\SBKUPNT.SYS
18:27:20.0583 1312 SBKUPNT - ok
18:27:20.0661 1312 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
18:27:20.0661 1312 sbp2port - ok
18:27:20.0708 1312 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
18:27:20.0708 1312 scfilter - ok
18:27:20.0770 1312 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:27:20.0770 1312 secdrv - ok
18:27:20.0832 1312 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:27:20.0832 1312 Serenum - ok
18:27:20.0864 1312 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:27:20.0864 1312 Serial - ok
18:27:20.0895 1312 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:27:20.0895 1312 sermouse - ok
18:27:20.0957 1312 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
18:27:20.0957 1312 sffdisk - ok
18:27:20.0988 1312 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:27:20.0988 1312 sffp_mmc - ok
18:27:21.0020 1312 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:27:21.0020 1312 sffp_sd - ok
18:27:21.0035 1312 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:27:21.0035 1312 sfloppy - ok
18:27:21.0082 1312 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
18:27:21.0082 1312 sisagp - ok
18:27:21.0113 1312 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:27:21.0113 1312 SiSRaid2 - ok
18:27:21.0160 1312 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:27:21.0160 1312 SiSRaid4 - ok
18:27:21.0207 1312 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:27:21.0207 1312 Smb - ok
18:27:21.0254 1312 smwdm (c80b84e4843b33da56a806e1a1275ba0) C:\Windows\system32\drivers\smwdm.sys
18:27:21.0269 1312 smwdm - ok
18:27:21.0300 1312 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:27:21.0300 1312 spldr - ok
18:27:21.0363 1312 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
18:27:21.0378 1312 srv - ok
18:27:21.0410 1312 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
18:27:21.0425 1312 srv2 - ok
18:27:21.0456 1312 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
18:27:21.0456 1312 srvnet - ok
18:27:21.0519 1312 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:27:21.0519 1312 stexstor - ok
18:27:21.0550 1312 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:27:21.0550 1312 storflt - ok
18:27:21.0597 1312 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
18:27:21.0597 1312 storvsc - ok
18:27:21.0612 1312 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
18:27:21.0628 1312 swenum - ok
18:27:21.0722 1312 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
18:27:21.0737 1312 Tcpip - ok
18:27:21.0800 1312 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
18:27:21.0815 1312 TCPIP6 - ok
18:27:21.0846 1312 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
18:27:21.0846 1312 tcpipreg - ok
18:27:21.0893 1312 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
18:27:21.0893 1312 TDPIPE - ok
18:27:21.0909 1312 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
18:27:21.0909 1312 TDTCP - ok
18:27:21.0956 1312 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
18:27:21.0956 1312 tdx - ok
18:27:21.0971 1312 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
18:27:21.0971 1312 TermDD - ok
18:27:22.0065 1312 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:27:22.0065 1312 tssecsrv - ok
18:27:22.0096 1312 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
18:27:22.0096 1312 tunnel - ok
18:27:22.0127 1312 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:27:22.0127 1312 uagp35 - ok
18:27:22.0174 1312 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
18:27:22.0174 1312 udfs - ok
18:27:22.0221 1312 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:27:22.0221 1312 uliagpkx - ok
18:27:22.0252 1312 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
18:27:22.0268 1312 umbus - ok
18:27:22.0283 1312 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:27:22.0283 1312 UmPass - ok
18:27:22.0361 1312 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
18:27:22.0361 1312 usbaudio - ok
18:27:22.0392 1312 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
18:27:22.0392 1312 usbccgp - ok
18:27:22.0408 1312 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
18:27:22.0424 1312 usbcir - ok
18:27:22.0455 1312 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
18:27:22.0455 1312 usbehci - ok
18:27:22.0486 1312 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
18:27:22.0502 1312 usbhub - ok
18:27:22.0564 1312 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
18:27:22.0580 1312 usbohci - ok
18:27:22.0611 1312 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:27:22.0611 1312 usbprint - ok
18:27:22.0658 1312 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:27:22.0658 1312 usbscan - ok
18:27:22.0689 1312 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:27:22.0689 1312 USBSTOR - ok
18:27:22.0720 1312 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
18:27:22.0720 1312 usbuhci - ok
18:27:22.0767 1312 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:27:22.0767 1312 vdrvroot - ok
18:27:22.0798 1312 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:27:22.0798 1312 vga - ok
18:27:22.0829 1312 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:27:22.0829 1312 VgaSave - ok
18:27:22.0860 1312 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
18:27:22.0860 1312 vhdmp - ok
18:27:22.0892 1312 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
18:27:22.0892 1312 viaagp - ok
18:27:22.0923 1312 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:27:22.0923 1312 ViaC7 - ok
18:27:22.0954 1312 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
18:27:22.0954 1312 viaide - ok
18:27:22.0985 1312 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
18:27:22.0985 1312 vmbus - ok
18:27:23.0016 1312 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:27:23.0016 1312 VMBusHID - ok
18:27:23.0048 1312 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
18:27:23.0048 1312 volmgr - ok
18:27:23.0094 1312 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:27:23.0110 1312 volmgrx - ok
18:27:23.0141 1312 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
18:27:23.0157 1312 volsnap - ok
18:27:23.0188 1312 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:27:23.0188 1312 vsmraid - ok
18:27:23.0235 1312 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:27:23.0235 1312 vwifibus - ok
18:27:23.0282 1312 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:27:23.0282 1312 WacomPen - ok
18:27:23.0328 1312 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:27:23.0344 1312 WANARP - ok
18:27:23.0344 1312 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:27:23.0344 1312 Wanarpv6 - ok
18:27:23.0422 1312 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:27:23.0422 1312 Wd - ok
18:27:23.0469 1312 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
18:27:23.0469 1312 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
18:27:23.0484 1312 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
18:27:23.0484 1312 Wdf01000 - detected Virus.Win32.Rloader.a (0)
18:27:23.0578 1312 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:27:23.0578 1312 WfpLwf - ok
18:27:23.0609 1312 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:27:23.0609 1312 WIMMount - ok
18:27:23.0734 1312 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
18:27:23.0734 1312 WinUsb - ok
18:27:23.0765 1312 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:27:23.0765 1312 WmiAcpi - ok
18:27:23.0843 1312 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:27:23.0843 1312 ws2ifsl - ok
18:27:23.0921 1312 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:27:23.0921 1312 WudfPf - ok
18:27:23.0968 1312 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:27:23.0968 1312 WUDFRd - ok
18:27:24.0030 1312 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:27:24.0093 1312 \Device\Harddisk0\DR0 - ok
18:27:24.0093 1312 MBR (0x1B8) (180dbde3af7ea48b3db3ac27b1ddf401) \Device\Harddisk1\DR1
18:27:30.0832 1312 \Device\Harddisk1\DR1 - ok
18:27:30.0848 1312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
18:27:30.0848 1312 \Device\Harddisk2\DR2 - ok
18:27:30.0879 1312 Boot (0x1200) (7f8d6a23a9d64686b8d666cd99015345) \Device\Harddisk0\DR0\Partition0
18:27:30.0879 1312 \Device\Harddisk0\DR0\Partition0 - ok
18:27:30.0894 1312 Boot (0x1200) (e58073e76f7e0195bd352b0ce5ec8e94) \Device\Harddisk0\DR0\Partition1
18:27:30.0894 1312 \Device\Harddisk0\DR0\Partition1 - ok
18:27:30.0910 1312 Boot (0x1200) (d4e835680c21fa669c1f3062fad69d2f) \Device\Harddisk1\DR1\Partition0
18:27:30.0910 1312 \Device\Harddisk1\DR1\Partition0 - ok
18:27:30.0926 1312 Boot (0x1200) (e287fdd61bab789fcf0e1aeb0df3a946) \Device\Harddisk2\DR2\Partition0
18:27:30.0926 1312 \Device\Harddisk2\DR2\Partition0 - ok
18:27:30.0941 1312 ============================================================
18:27:30.0941 1312 Scan finished
18:27:30.0941 1312 ============================================================
18:27:30.0957 1188 Detected object count: 1
18:27:30.0957 1188 Actual detected object count: 1
18:28:52.0670 1188 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
18:28:55.0072 1188 Backup copy not found, trying to cure infected file..
18:28:55.0088 1188 Cure success, using it..
18:28:55.0103 1188 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
18:28:55.0103 1188 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
18:29:06.0663 1952 Deinitialize success


going to take it out of safe mode now. will let you know how that goes.
thanks

#4 misscrow

misscrow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 29 February 2012 - 09:05 AM

o.k been on for about 25mins now and hasn't jammed or restart. Was able to get on the net and get here without being redirected at all, good sign yes??. Not really worried about the speed of the computer, pretty sure thats my fault for filling it up with crap.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 AM

Posted 29 February 2012 - 02:12 PM

Hello, lets do these 2,then mop up and maybe even improve the speed.
Sorry, but I have to ask about updates..

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 misscrow

misscrow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 29 February 2012 - 09:30 PM

What do you mean about updates? Every program you told me to use was updated before use, is that what you meant?

This is what ESET found:

C:\ProgramData\ddde4b\447.mof Win32/RogueAV.A trojan cleaned by deleting - quarantined


Thanks

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 AM

Posted 29 February 2012 - 09:46 PM

OK,you're welcome,Looks much better.
I thought i saw a comment about updating,*oops disregard.

We can run this to see what is on here

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 misscrow

misscrow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 01 March 2012 - 01:09 AM

ok all done here are the results:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Kaz (administrator) on 01-03-2012 at 14:05:25
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kaz-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : BigPond

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : BigPond
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-11-43-7C-82-C1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bdbc:518c:59ae:aeb0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, 1 March 2012 6:27:24 AM
Lease Expires . . . . . . . . . . : Friday, 2 March 2012 6:27:24 AM
Default Gateway . . . . . . . . . : 10.0.0.138
DHCP Server . . . . . . . . . . . : 10.0.0.138
DHCPv6 IAID . . . . . . . . . . . : 234885443
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-50-87-E0-00-11-43-7C-82-C1
DNS Servers . . . . . . . . . . . : 10.0.0.138
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.BigPond:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : BigPond
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:102c:32e1:876e:7946(Preferred)
Link-local IPv6 Address . . . . . : fe80::102c:32e1:876e:7946%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: BigPond.BigPond
Address: 10.0.0.138

Name: google.com
Addresses: 74.125.237.32
74.125.237.33
74.125.237.34
74.125.237.40
74.125.237.35
74.125.237.36
74.125.237.37
74.125.237.41
74.125.237.46
74.125.237.38
74.125.237.39


Pinging google.com [74.125.237.133] with 32 bytes of data:
Reply from 74.125.237.133: bytes=32 time=63ms TTL=50
Reply from 74.125.237.133: bytes=32 time=64ms TTL=49

Ping statistics for 74.125.237.133:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 64ms, Average = 63ms
Server: BigPond.BigPond
Address: 10.0.0.138

Name: yahoo.com
Addresses: 209.191.122.70
98.139.127.62
98.139.183.24


Pinging yahoo.com [98.139.127.62] with 32 bytes of data:
Reply from 98.139.127.62: bytes=32 time=220ms TTL=45
Reply from 98.139.127.62: bytes=32 time=328ms TTL=45

Ping statistics for 98.139.127.62:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 220ms, Maximum = 328ms, Average = 274ms
Server: BigPond.BigPond
Address: 10.0.0.138

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=9ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 9ms, Average = 5ms
===========================================================================
Interface List
11...00 11 43 7c 82 c1 ......Broadcom NetXtreme 57xx Gigabit Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.3 20
10.0.0.0 255.255.255.0 On-link 10.0.0.3 276
10.0.0.3 255.255.255.255 On-link 10.0.0.3 276
10.0.0.255 255.255.255.255 On-link 10.0.0.3 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:102c:32e1:876e:7946/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::102c:32e1:876e:7946/128
On-link
11 276 fe80::bdbc:518c:59ae:aeb0/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/01/2012 07:47:29 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {54cc83b5-ff56-4bf4-b80b-4bd1c5f2a64f}

Error: (03/01/2012 01:55:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/01/2012 01:49:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (02/29/2012 09:46:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: hptskmgr.exe, version: 2.1.4.0, time stamp: 0x3fe65f4a
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000374
Fault offset: 0x000c283b
Faulting process id: 0xac8
Faulting application start time: 0xhptskmgr.exe0
Faulting application path: hptskmgr.exe1
Faulting module path: hptskmgr.exe2
Report Id: hptskmgr.exe3

Error: (02/29/2012 10:33:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/29/2012 10:27:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (02/28/2012 09:18:07 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2377c601-d9d6-447e-9184-0867467517e0}

Error: (02/28/2012 09:12:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: hptskmgr.exe, version: 2.1.4.0, time stamp: 0x3fe65f4a
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000374
Fault offset: 0x000c283b
Faulting process id: 0xa78
Faulting application start time: 0xhptskmgr.exe0
Faulting application path: hptskmgr.exe1
Faulting module path: hptskmgr.exe2
Report Id: hptskmgr.exe3

Error: (02/28/2012 11:25:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: hptskmgr.exe, version: 2.1.4.0, time stamp: 0x3fe65f4a
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000374
Fault offset: 0x000c283b
Faulting process id: 0x91c
Faulting application start time: 0xhptskmgr.exe0
Faulting application path: hptskmgr.exe1
Faulting module path: hptskmgr.exe2
Report Id: hptskmgr.exe3

Error: (02/28/2012 11:12:33 AM) (Source: Application Error) (User: )
Description: Faulting application name: hptskmgr.exe, version: 2.1.4.0, time stamp: 0x3fe65f4a
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000374
Fault offset: 0x000c283b
Faulting process id: 0x9fc
Faulting application start time: 0xhptskmgr.exe0
Faulting application path: hptskmgr.exe1
Faulting module path: hptskmgr.exe2
Report Id: hptskmgr.exe3


System errors:
=============
Error: (03/01/2012 06:28:20 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (03/01/2012 06:27:24 AM) (Source: Microsoft Antimalware) (User: )
Description: %%861 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (03/01/2012 06:24:14 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (02/29/2012 09:42:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/29/2012 09:42:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/29/2012 09:42:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/29/2012 09:40:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/29/2012 09:40:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/29/2012 09:40:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/29/2012 09:35:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/17/2011 08:55:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 119 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

23_24_2500Tour (Version: 40.0.105.000)
2400 (Version: 40.0.105.000)
2400_2500Help (Version: 40.0.105.000)
2400_2500trb (Version: 40.0.105.000)
7-Zip 9.20
Ad-Aware (Version: 9.6.0)
Adobe Acrobat 9 Pro (Version: 9.5.0)
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
AiO_Scan (Version: 40.0.105.000)
AIOMinimal (Version: 40.0.105.000)
AiOSoftware (Version: 40.0.105.000)
Apple Application Support (Version: 1.3.1)
Apple Software Update (Version: 2.1.1.116)
µTorrent (Version: 2.2.1)
AviSynth 2.5
calibre (Version: 0.7.9)
CCleaner (Version: 3.12)
Copy (Version: 5.35.0.065)
CreativeProjects (Version: 5.35.0.059)
CyberLink DVD Suite (Version: 6.0.2604)
CyberLink Power2Go (Version: 6.0.2410a)
CyberLink PowerDVD 8 (Version: 8.0.2217a)
CyberLink PowerProducer (Version: 5.0.1.1323)
Director (Version: 5.35.0.051)
DocProc (Version: 3.5.0.0)
DVD Shrink 3.2
ESET Online Scanner v3
Fax (Version: 40.0.105.000)
Fotosizer 1.32 (Version: 1.32)
HP Image Zone 3.5 (Version: 3.5)
HP PSC & OfficeJet 3.5 (Version: 3.5)
HP Software Update (Version: 1.0.22.20030804)
hpmdtab (Version: 2.0.479.1607)
HPSystemDiagnostics (Version: 1.5.0.0)
InstantShare (Version: 3.5.0.21)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Karen's Directory Printer (Version: 5.3.0.2)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Media Go (Version: 1.3.227)
Memories Disc Creator 2.0 (Version: 2.0.479.1607)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft Antimalware (Version: 2.0.6212.2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Security Essentials (Version: 1.0.1611.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
mkv2vob (Version: 2.4.9)
Nero 7 Lite v7.5.1.1
Overland (Version: 2.1.4)
PhotoGallery (Version: 5.35.0.059)
PlayStation®Network Downloader (Version: 2.00.00005)
PlayStation®Store (Version: 2.7.6.06777)
PrintScreen (Version: 5.35.0.035)
PS3 Media Server (Version: 1.30.1)
PS3 Video 9 5.04 (Version: 5.04)
QFolder (Version: 1.00.0000)
QuickProjects (Version: 5.35.0.047)
QuickTime (Version: 7.67.75.0)
Readme (Version: 40.0.105.000)
Scan (Version: 3.5.0.0)
Shockwave
SkinsHP1 (Version: 5.35.0.043)
SkinsHP2 (Version: 5.35.0.043)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
Sony Ericsson PC Companion 1.60.13 (Version: 1.60.13)
Sony Ericsson PC Suite 6.011.00 (Version: 6.011.00)
SUPERAntiSpyware (Version: 5.0.1144)
TrayApp (Version: 5.35.0.035)
Unload (Version: 3.5.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebReg (Version: 5.31.0.147)
WinRAR archiver

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 75%
Total physical RAM: 1022.14 MB
Available physical RAM: 249.04 MB
Total Pagefile: 2046.14 MB
Available Pagefile: 821.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.21 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:931.41 GB) (Free:649.66 GB) NTFS
4 Drive e: (MUSIC) (Fixed) (Total:931.51 GB) (Free:370.76 GB) NTFS
5 Drive f: (TV) (Fixed) (Total:1863.01 GB) (Free:470.45 GB) NTFS
7 Drive h: (MOVIES) (Fixed) (Total:1396.91 GB) (Free:679.35 GB) FAT32

========================= Users: ========================================

User accounts for \\KAZ-PC

Administrator ASPNET Guest
Kaz


**** End of log ****

I dont have an option to create new system restore points. can only roll back to previous ones?
thanks again

Edited by misscrow, 01 March 2012 - 01:19 AM.


#9 misscrow

misscrow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 01 March 2012 - 03:28 AM

haha finally found it, was in another section. system restore created

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 AM

Posted 01 March 2012 - 11:31 AM

Excelllent!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 misscrow

misscrow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 01 March 2012 - 08:04 PM

Thank you so much for your help, now I dont have to kill the computer.

Edited by misscrow, 01 March 2012 - 08:04 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users