Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't turn on firewall, can't download virus updates, slow comp.


  • Please log in to reply
23 replies to this topic

#1 Halfwit

Halfwit

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 19 April 2013 - 10:02 PM

I am having lots of problems with my laptop thanks to my kids clickity clicking links when I wasn't around. My firewall has shut itself off and I am unable to turn it back on, I am unable to update any anti-virus or anti-malware programs, computer is super slow and is just acting wonky in general.  Yesterday when I tried to open up internet explorer, it shut the window down immediately and gave me the "Windows has encountered an error" message. The only way I was able to get this thing going was to do a system restore and now I am having tons of problems. Have a look at my log below.  Thanks in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Paul at 22:45:30 on 2013-04-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.2814.1577 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Synaptics\Scrybe\scrybe.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30729; .NET4.0C; Zune 4.7; .NET CLR 3.5.30729)" -"http://www.cartoonnetwork.ca/games/ben10/battle-ready/index.php"
mRun: [hpqSRMon] <no file>
mRunOnce: [AvgUninstallURL] cmd.exe /c start
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5CF59E56-F616-456B-9085-97D200C80191} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{772C9A53-E15E-4385-BD08-5BA0F3482794} : DHCPNameServer = 192.168.2.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 74.208.10.249 gs.apple.com
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-4-19 13560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-15 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2013-2-5 28552]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-19 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-19 701512]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-8-24 4174336]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-2 361808]
R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-1-30 245760]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-2 193840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-19 22856]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-20 19968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 a4djavs;Audio 4 DJ WDM Audio;c:\windows\system32\drivers\a4djavs.sys [2011-4-11 346192]
S3 a4djusb;a4djusb;c:\windows\system32\drivers\a4djusb.sys [2011-4-11 94288]
S3 a4djusb_svc;Audio 4 DJ;c:\windows\system32\drivers\a4djusb.sys [2011-4-11 94288]
S3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\drivers\kx1avs.sys [2011-7-7 346192]
S3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\drivers\kx1usb.sys [2011-7-7 70736]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-20 01:46:46 -------- d-----w- c:\programdata\Downloaded Installations
2013-04-20 01:46:44 -------- d-----w- c:\users\paul\appdata\local\adawarebp
2013-04-20 01:44:45 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-04-20 01:44:45 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-04-19 19:12:43 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
==================== Find3M  ====================
.
.
============= FINISH: 22:47:26.64 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 19,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:23 AM

Posted 21 April 2013 - 09:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 Halfwit

Halfwit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 21 April 2013 - 10:24 AM

Hi nasdaq.  Thanks in advance for the help. My firewall is back up and running, but I am still unable to update anti-malware updates. I just tried to update Malwarebytes and got the following message...

 

An error has occurred. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission).   PROGRAM_ERROR_UPDATING (0,0, Connection refused)

 

Below are my log files.

 

ComboFix 13-04-20.02 - Paul 04/21/2013  10:34:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.2814.1609 [GMT -4:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Paul\g2mdlhlpx.exe
c:\windows\system32\SET19A4.tmp
c:\windows\system32\SET1B1E.tmp
c:\windows\system32\SET1CD7.tmp
c:\windows\system32\SET2949.tmp
c:\windows\system32\SET2B9E.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-21 to 2013-04-21  )))))))))))))))))))))))))))))))
.
.
2013-04-20 01:46 . 2013-04-20 01:46 -------- d-----w- c:\programdata\Downloaded Installations
2013-04-20 01:46 . 2013-04-20 01:46 -------- d-----w- c:\users\Paul\AppData\Local\adawarebp
2013-04-20 01:44 . 2013-04-20 01:44 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-04-20 01:44 . 2013-04-20 01:44 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-04-19 19:12 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-06 02:47 . 2013-02-06 02:42 181064 ----a-w- c:\windows\PSEXESVC.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-02 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-12-16 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 a4djavs;Audio 4 DJ WDM Audio;c:\windows\system32\Drivers\a4djavs.sys [x]
R3 a4djusb;a4djusb;c:\windows\system32\Drivers\a4djusb.sys [x]
R3 a4djusb_svc;Audio 4 DJ;c:\windows\system32\Drivers\a4djusb.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
bthsvcs REG_MULTI_SZ    BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{850095A0-68CF-4A94-BDD4-A7BC6544C7A8}.job
- c:\windows\system32\msfeedssync.exe [2011-09-15 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-hpqSRMon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-Lavasoft Ad-Aware Service
AddRemove-Native Instruments Audio 4 DJ Driver - c:\programdata\{56451EE1-D56A-4F15-9716-206EC42A2BEE}\Audio 4 DJ Driver Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-21 10:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5556)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Synaptics\Scrybe\scrybe.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Browny02\BrYNSvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-04-21  10:57:03 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-21 14:56
.
Pre-Run: 71,290,580,992 bytes free
Post-Run: 71,666,618,368 bytes free
.
- - End Of File - - B75B94D2E3E065F5EF1BF6FB573D592B
 

 

 

 Results of screen317's Security Check version 0.99.62 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java™ 6 Update 29 
 Java™ 6 Update 5 
 Java™ 6 Update 7 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 22.0.1229.96 
````````Process Check: objlist.exe by Laurent```````` 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

UNABLE TO LOCATE THE ADWCLEANER TXT FILE ON MY COMPUTER.  I WILL RUN THE PROGRAM AGAIN AND POST THE RESULTS.


Edited by Halfwit, 21 April 2013 - 10:39 AM.


#4 Halfwit

Halfwit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 21 April 2013 - 10:37 AM

Results of the second ADWCLEANER run. 

 

# AdwCleaner v2.200 - Logfile created 04/21/2013 at 11:25:10
# Updated 02/04/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Paul - PAUL-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Paul\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [677 octets] - [21/04/2013 11:25:10]

########## EOF - C:\AdwCleaner[S2].txt - [736 octets] ##########



#5 nasdaq

nasdaq

  • Malware Response Team
  • 19,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:23 AM

Posted 21 April 2013 - 10:39 AM

An error has occurred. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission). PROGRAM_ERROR_UPDATING (0,0, Connection refused)

Please take this up with Malwarebytes support team.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 6 Update 29
Java 6 Update 5
Java 6 Update 7


Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Run the AdwCleaner too again. This time Right click on the .exe file and run as administrator.
I see this item in your ComboFix log
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll, an adware application causing popups.
The tool should remove it.
<<<>>>

#6 Halfwit

Halfwit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 21 April 2013 - 11:09 AM

I am unable to update any of those programs.  For the Java update I got the following message.  "The installer cannot proceed with the current Internet Connection settings. Please visit the following site for more info" and it gives me the link to the java help page.

 

The Adobe would not update and gave me the following message, "Installation encountered errors. Actionlist not found". 

 

I am pretty sure the virus has changed my connection settings somehow.  I am still able to surf the net as well as access my Windows mail. 

 

Below is the latest AdwCleaner log.

 

# AdwCleaner v2.200 - Logfile created 04/21/2013 at 12:01:50
# Updated 02/04/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Paul - PAUL-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Paul\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [804 octets] - [21/04/2013 11:25:10]
AdwCleaner[S3].txt - [736 octets] - [21/04/2013 12:01:50]

########## EOF - C:\AdwCleaner[S3].txt - [795 octets] ##########



#7 nasdaq

nasdaq

  • Malware Response Team
  • 19,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:23 AM

Posted 21 April 2013 - 12:47 PM

Lets check further.

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop, DO NOT ATTACH THE LOG.

#8 Halfwit

Halfwit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 21 April 2013 - 07:46 PM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Scan -- Date : 04/21/2013 20:43:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[21] : NtAlpcConnectPort @ 0x83807887 -> HOOKED (Unknown @ 0x888CA5D8)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250827AS ATA Device +++++
--- User ---
[MBR] 4de1bfe24b120887ebc5459582d73da1
[BSP] adcd762d0cded7baa24eaa567d0ee3f3 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 228924 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 468838400 | Size: 9547 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04212013_02d2043.txt >>
RKreport[1]_S_04212013_02d2043.txt



#9 nasdaq

nasdaq

  • Malware Response Team
  • 19,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:23 AM

Posted 22 April 2013 - 07:50 AM

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#10 Halfwit

Halfwit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 22 April 2013 - 11:56 AM

12:49:17.0187 1388  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:49:17.0258 1388  ============================================================
12:49:17.0258 1388  Current date / time: 2013/04/22 12:49:17.0258
12:49:17.0258 1388  SystemInfo:
12:49:17.0258 1388 
12:49:17.0258 1388  OS Version: 6.0.6002 ServicePack: 2.0
12:49:17.0258 1388  Product type: Workstation
12:49:17.0258 1388  ComputerName: PAUL-LAPTOP
12:49:17.0259 1388  UserName: Paul
12:49:17.0259 1388  Windows directory: C:\Windows
12:49:17.0259 1388  System windows directory: C:\Windows
12:49:17.0259 1388  Processor architecture: Intel x86
12:49:17.0259 1388  Number of processors: 2
12:49:17.0259 1388  Page size: 0x1000
12:49:17.0259 1388  Boot type: Normal boot
12:49:17.0259 1388  ============================================================
12:49:18.0658 1388  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:49:18.0660 1388  ============================================================
12:49:18.0661 1388  \Device\Harddisk0\DR0:
12:49:18.0661 1388  MBR partitions:
12:49:18.0661 1388  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BF1E7C1
12:49:18.0661 1388  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BF1E800, BlocksNum 0x12A5800
12:49:18.0661 1388  ============================================================
12:49:18.0680 1388  C: <-> \Device\Harddisk0\DR0\Partition1
12:49:18.0720 1388  D: <-> \Device\Harddisk0\DR0\Partition2
12:49:18.0720 1388  ============================================================
12:49:18.0720 1388  Initialize success
12:49:18.0720 1388  ============================================================
12:49:26.0756 3552  ============================================================
12:49:26.0756 3552  Scan started
12:49:26.0756 3552  Mode: Manual; SigCheck; TDLFS;
12:49:26.0756 3552  ============================================================
12:49:27.0557 3552  ================ Scan system memory ========================
12:49:27.0557 3552  System memory - ok
12:49:27.0558 3552  ================ Scan services =============================
12:49:27.0864 3552  [ 7B73A609A15979B16F2241636A2F5D13 ] a4djavs         C:\Windows\system32\Drivers\a4djavs.sys
12:49:28.0075 3552  a4djavs - ok
12:49:28.0138 3552  [ 9AEA2035649119F42C11E149AF78D8C2 ] a4djusb         C:\Windows\system32\Drivers\a4djusb.sys
12:49:28.0152 3552  a4djusb - ok
12:49:28.0194 3552  [ 9AEA2035649119F42C11E149AF78D8C2 ] a4djusb_svc     C:\Windows\system32\Drivers\a4djusb.sys
12:49:28.0212 3552  a4djusb_svc - ok
12:49:28.0243 3552  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
12:49:28.0276 3552  ACPI - ok
12:49:28.0297 3552  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:49:28.0324 3552  adp94xx - ok
12:49:28.0343 3552  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:49:28.0363 3552  adpahci - ok
12:49:28.0400 3552  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
12:49:28.0429 3552  adpu160m - ok
12:49:28.0443 3552  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:49:28.0460 3552  adpu320 - ok
12:49:28.0523 3552  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:49:28.0553 3552  AeLookupSvc - ok
12:49:28.0568 3552  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
12:49:28.0588 3552  AFD - ok
12:49:28.0621 3552  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:49:28.0636 3552  agp440 - ok
12:49:28.0671 3552  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:49:28.0699 3552  aic78xx - ok
12:49:28.0756 3552  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
12:49:28.0802 3552  ALG - ok
12:49:28.0830 3552  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:49:28.0844 3552  aliide - ok
12:49:28.0877 3552  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:49:28.0905 3552  amdagp - ok
12:49:28.0935 3552  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:49:28.0949 3552  amdide - ok
12:49:29.0001 3552  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
12:49:29.0039 3552  AmdK7 - ok
12:49:29.0050 3552  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:49:29.0102 3552  AmdK8 - ok
12:49:29.0151 3552  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
12:49:29.0180 3552  Appinfo - ok
12:49:29.0336 3552  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:49:29.0362 3552  Apple Mobile Device - ok
12:49:29.0433 3552  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
12:49:29.0461 3552  arc - ok
12:49:29.0477 3552  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:49:29.0512 3552  arcsas - ok
12:49:29.0573 3552  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:49:29.0628 3552  AsyncMac - ok
12:49:29.0650 3552  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:49:29.0677 3552  atapi - ok
12:49:29.0741 3552  [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr            C:\Windows\system32\DRIVERS\athr.sys
12:49:29.0798 3552  athr - ok
12:49:29.0864 3552  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:49:29.0914 3552  AudioEndpointBuilder - ok
12:49:29.0941 3552  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:49:29.0974 3552  Audiosrv - ok
12:49:30.0051 3552  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
12:49:30.0115 3552  BCM43XV - ok
12:49:30.0144 3552  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:49:30.0194 3552  Beep - ok
12:49:30.0269 3552  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
12:49:30.0323 3552  BFE - ok
12:49:30.0429 3552  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
12:49:30.0512 3552  BITS - ok
12:49:30.0542 3552  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:49:30.0595 3552  blbdrive - ok
12:49:30.0663 3552  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:49:30.0695 3552  Bonjour Service - ok
12:49:30.0726 3552  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:49:30.0741 3552  bowser - ok
12:49:30.0810 3552  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
12:49:30.0833 3552  BrFiltLo - ok
12:49:30.0858 3552  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
12:49:30.0881 3552  BrFiltUp - ok
12:49:30.0935 3552  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
12:49:30.0989 3552  Browser - ok
12:49:31.0030 3552  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\DRIVERS\BrSerId.sys
12:49:31.0091 3552  Brserid - ok
12:49:31.0117 3552  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
12:49:31.0179 3552  BrSerWdm - ok
12:49:31.0208 3552  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
12:49:31.0308 3552  BrUsbMdm - ok
12:49:31.0320 3552  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
12:49:31.0385 3552  BrUsbSer - ok
12:49:31.0504 3552  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
12:49:31.0518 3552  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
12:49:31.0519 3552  BrYNSvc - detected UnsignedFile.Multi.Generic (1)
12:49:31.0550 3552  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:49:31.0643 3552  BTHMODEM - ok
12:49:31.0743 3552  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
12:49:31.0761 3552  BthServ - ok
12:49:31.0776 3552  catchme - ok
12:49:31.0831 3552  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:49:31.0888 3552  cdfs - ok
12:49:31.0900 3552  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:49:31.0925 3552  cdrom - ok
12:49:31.0963 3552  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:49:32.0004 3552  CertPropSvc - ok
12:49:32.0025 3552  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
12:49:32.0058 3552  circlass - ok
12:49:32.0112 3552  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
12:49:32.0152 3552  CLFS - ok
12:49:32.0284 3552  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:49:32.0312 3552  clr_optimization_v2.0.50727_32 - ok
12:49:32.0414 3552  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:49:32.0443 3552  clr_optimization_v4.0.30319_32 - ok
12:49:32.0493 3552  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:49:32.0548 3552  CmBatt - ok
12:49:32.0615 3552  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:49:32.0642 3552  cmdide - ok
12:49:32.0680 3552  [ DDA0CB141150FEF87419926790CD26C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
12:49:32.0721 3552  CnxtHdAudService - ok
12:49:32.0817 3552  [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:49:32.0834 3552  Com4QLBEx - ok
12:49:32.0867 3552  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:49:32.0886 3552  Compbatt - ok
12:49:32.0898 3552  COMSysApp - ok
12:49:32.0963 3552  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:49:32.0978 3552  crcdisk - ok
12:49:33.0016 3552  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
12:49:33.0069 3552  Crusoe - ok
12:49:33.0120 3552  [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:49:33.0149 3552  CryptSvc - ok
12:49:33.0208 3552  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:49:33.0244 3552  DcomLaunch - ok
12:49:33.0281 3552  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:49:33.0334 3552  DfsC - ok
12:49:33.0452 3552  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
12:49:33.0589 3552  DFSR - ok
12:49:33.0603 3552  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
12:49:33.0645 3552  Dhcp - ok
12:49:33.0681 3552  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
12:49:33.0709 3552  disk - ok
12:49:33.0764 3552  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:49:33.0801 3552  Dnscache - ok
12:49:33.0872 3552  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:49:33.0921 3552  dot3svc - ok
12:49:33.0937 3552  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
12:49:34.0008 3552  DPS - ok
12:49:34.0064 3552  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:49:34.0107 3552  drmkaud - ok
12:49:34.0178 3552  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:49:34.0216 3552  DXGKrnl - ok
12:49:34.0229 3552  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
12:49:34.0265 3552  E1G60 - ok
12:49:34.0323 3552  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
12:49:34.0366 3552  EapHost - ok
12:49:34.0379 3552  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
12:49:34.0410 3552  Ecache - ok
12:49:34.0525 3552  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:49:34.0556 3552  ehRecvr - ok
12:49:34.0575 3552  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
12:49:34.0602 3552  ehSched - ok
12:49:34.0619 3552  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
12:49:34.0640 3552  ehstart - ok
12:49:34.0709 3552  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:49:34.0733 3552  elxstor - ok
12:49:34.0795 3552  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
12:49:34.0827 3552  EMDMgmt - ok
12:49:34.0903 3552  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:49:34.0955 3552  ErrDev - ok
12:49:35.0035 3552  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
12:49:35.0063 3552  EventSystem - ok
12:49:35.0110 3552  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
12:49:35.0151 3552  exfat - ok
12:49:35.0166 3552  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:49:35.0193 3552  fastfat - ok
12:49:35.0218 3552  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:49:35.0251 3552  fdc - ok
12:49:35.0303 3552  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:49:35.0337 3552  fdPHost - ok
12:49:35.0372 3552  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:49:35.0470 3552  FDResPub - ok
12:49:35.0514 3552  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:49:35.0575 3552  FileInfo - ok
12:49:35.0670 3552  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:49:35.0757 3552  Filetrace - ok
12:49:35.0787 3552  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:49:35.0842 3552  flpydisk - ok
12:49:35.0883 3552  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:49:35.0902 3552  FltMgr - ok
12:49:35.0973 3552  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
12:49:36.0012 3552  FontCache - ok
12:49:36.0112 3552  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:49:36.0131 3552  FontCache3.0.0.0 - ok
12:49:36.0182 3552  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:49:36.0206 3552  Fs_Rec - ok
12:49:36.0230 3552  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:49:36.0258 3552  gagp30kx - ok
12:49:36.0291 3552  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:49:36.0312 3552  GEARAspiWDM - ok
12:49:36.0359 3552  [ 483924F92E55A5F9423201EC635E2CED ] gfibto          C:\Windows\system32\drivers\gfibto.sys
12:49:36.0381 3552  gfibto - ok
12:49:36.0449 3552  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:49:36.0542 3552  gpsvc - ok
12:49:36.0610 3552  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:49:36.0643 3552  HdAudAddService - ok
12:49:36.0686 3552  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:49:36.0758 3552  HDAudBus - ok
12:49:36.0797 3552  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:49:36.0874 3552  HidBth - ok
12:49:36.0912 3552  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:49:37.0009 3552  HidIr - ok
12:49:37.0060 3552  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
12:49:37.0077 3552  hidserv - ok
12:49:37.0107 3552  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:49:37.0136 3552  HidUsb - ok
12:49:37.0191 3552  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:49:37.0239 3552  hkmsvc - ok
12:49:37.0329 3552  [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
12:49:37.0339 3552  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
12:49:37.0340 3552  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
12:49:37.0376 3552  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
12:49:37.0394 3552  HpCISSs - ok
12:49:37.0452 3552  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:49:37.0479 3552  HpqKbFiltr - ok
12:49:37.0512 3552  [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid       C:\Windows\system32\DRIVERS\HpqRemHid.sys
12:49:37.0537 3552  HpqRemHid - ok
12:49:37.0611 3552  [ D50FDAD1E57AA60F1973CFC77D905F0E ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
12:49:37.0636 3552  hpqwmiex - ok
12:49:37.0695 3552  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:49:37.0752 3552  HSFHWAZL - ok
12:49:37.0839 3552  [ CC267848CB3508E72762BE65734E764D ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:49:37.0917 3552  HSF_DPV - ok
12:49:37.0955 3552  [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:49:37.0982 3552  HSXHWAZL - ok
12:49:38.0007 3552  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:49:38.0069 3552  HTTP - ok
12:49:38.0122 3552  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
12:49:38.0149 3552  i2omp - ok
12:49:38.0164 3552  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:49:38.0207 3552  i8042prt - ok
12:49:38.0227 3552  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
12:49:38.0255 3552  iaStorV - ok
12:49:38.0378 3552  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:49:38.0387 3552  IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:49:38.0387 3552  IDriverT - detected UnsignedFile.Multi.Generic (1)
12:49:38.0519 3552  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:49:38.0604 3552  idsvc - ok
12:49:38.0673 3552  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:49:38.0698 3552  iirsp - ok
12:49:38.0758 3552  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:49:38.0819 3552  IKEEXT - ok
12:49:38.0853 3552  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:49:38.0879 3552  intelide - ok
12:49:38.0907 3552  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:49:38.0960 3552  intelppm - ok
12:49:39.0006 3552  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:49:39.0041 3552  IPBusEnum - ok
12:49:39.0092 3552  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:49:39.0137 3552  IpFilterDriver - ok
12:49:39.0203 3552  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:49:39.0255 3552  iphlpsvc - ok
12:49:39.0269 3552  IpInIp - ok
12:49:39.0299 3552  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
12:49:39.0356 3552  IPMIDRV - ok
12:49:39.0373 3552  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
12:49:39.0445 3552  IPNAT - ok
12:49:39.0559 3552  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:49:39.0641 3552  iPod Service - ok
12:49:39.0700 3552  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:49:39.0754 3552  IRENUM - ok
12:49:39.0786 3552  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:49:39.0814 3552  isapnp - ok
12:49:39.0885 3552  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:49:39.0926 3552  iScsiPrt - ok
12:49:39.0958 3552  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
12:49:39.0986 3552  iteatapi - ok
12:49:40.0000 3552  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
12:49:40.0026 3552  iteraid - ok
12:49:40.0041 3552  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:49:40.0069 3552  kbdclass - ok
12:49:40.0117 3552  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:49:40.0159 3552  kbdhid - ok
12:49:40.0209 3552  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
12:49:40.0237 3552  KeyIso - ok
12:49:40.0282 3552  [ 2B2F1638466E8CB091400C9019CC730E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:49:40.0334 3552  KSecDD - ok
12:49:40.0399 3552  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:49:40.0460 3552  KtmRm - ok
12:49:40.0496 3552  [ 4D5B84C254827B06411A6B4AD59E3B0A ] kx1avs          C:\Windows\system32\Drivers\kx1avs.sys
12:49:40.0527 3552  kx1avs - ok
12:49:40.0542 3552  [ 604C9D59360397A6DAEE67999087A0D4 ] kx1usb_svc      C:\Windows\system32\Drivers\kx1usb.sys
12:49:40.0555 3552  kx1usb_svc - ok
12:49:40.0628 3552  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:49:40.0647 3552  LanmanServer - ok
12:49:40.0679 3552  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:49:40.0720 3552  LanmanWorkstation - ok
12:49:40.0751 3552  Lavasoft Kernexplorer - ok
12:49:40.0786 3552  [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd             C:\Windows\system32\DRIVERS\Lbd.sys
12:49:40.0800 3552  Lbd - ok
12:49:40.0878 3552  [ 984ECB68ED2A2B2E6A544E87E24FBA2D ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:49:40.0885 3552  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:49:40.0885 3552  LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:49:40.0946 3552  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:49:40.0978 3552  lltdio - ok
12:49:41.0039 3552  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:49:41.0076 3552  lltdsvc - ok
12:49:41.0107 3552  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:49:41.0164 3552  lmhosts - ok
12:49:41.0209 3552  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:49:41.0226 3552  LSI_FC - ok
12:49:41.0239 3552  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:49:41.0269 3552  LSI_SAS - ok
12:49:41.0280 3552  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:49:41.0297 3552  LSI_SCSI - ok
12:49:41.0329 3552  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
12:49:41.0361 3552  luafv - ok
12:49:41.0403 3552  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:49:41.0418 3552  MBAMProtector - ok
12:49:41.0475 3552  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:49:41.0516 3552  MBAMScheduler - ok
12:49:41.0554 3552  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:49:41.0617 3552  MBAMService - ok
12:49:41.0668 3552  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:49:41.0697 3552  Mcx2Svc - ok
12:49:41.0752 3552  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:49:41.0774 3552  mdmxsdk - ok
12:49:41.0807 3552  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:49:41.0835 3552  megasas - ok
12:49:41.0880 3552  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
12:49:41.0923 3552  MegaSR - ok
12:49:41.0983 3552  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
12:49:42.0042 3552  MMCSS - ok
12:49:42.0075 3552  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
12:49:42.0105 3552  Modem - ok
12:49:42.0135 3552  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:49:42.0167 3552  monitor - ok
12:49:42.0180 3552  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:49:42.0196 3552  mouclass - ok
12:49:42.0241 3552  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:49:42.0272 3552  mouhid - ok
12:49:42.0319 3552  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
12:49:42.0348 3552  MountMgr - ok
12:49:42.0363 3552  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:49:42.0384 3552  mpio - ok
12:49:42.0397 3552  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:49:42.0424 3552  mpsdrv - ok
12:49:42.0490 3552  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:49:42.0531 3552  MpsSvc - ok
12:49:42.0562 3552  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
12:49:42.0576 3552  Mraid35x - ok
12:49:42.0613 3552  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:49:42.0630 3552  MRxDAV - ok
12:49:42.0671 3552  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:49:42.0715 3552  mrxsmb - ok
12:49:42.0730 3552  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:49:42.0751 3552  mrxsmb10 - ok
12:49:42.0786 3552  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:49:42.0811 3552  mrxsmb20 - ok
12:49:42.0840 3552  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
12:49:42.0867 3552  msahci - ok
12:49:42.0881 3552  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:49:42.0910 3552  msdsm - ok
12:49:42.0971 3552  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
12:49:43.0025 3552  MSDTC - ok
12:49:43.0086 3552  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:49:43.0139 3552  Msfs - ok
12:49:43.0163 3552  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:49:43.0190 3552  msisadrv - ok
12:49:43.0244 3552  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:49:43.0305 3552  MSiSCSI - ok
12:49:43.0337 3552  msiserver - ok
12:49:43.0388 3552  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:49:43.0427 3552  MSKSSRV - ok
12:49:43.0442 3552  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:49:43.0473 3552  MSPCLOCK - ok
12:49:43.0492 3552  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:49:43.0535 3552  MSPQM - ok
12:49:43.0589 3552  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:49:43.0610 3552  MsRPC - ok
12:49:43.0645 3552  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:49:43.0661 3552  mssmbios - ok
12:49:43.0706 3552  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:49:43.0736 3552  MSTEE - ok
12:49:43.0763 3552  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
12:49:43.0779 3552  Mup - ok
12:49:43.0832 3552  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
12:49:43.0879 3552  napagent - ok
12:49:43.0928 3552  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:49:43.0954 3552  NativeWifiP - ok
12:49:43.0989 3552  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:49:44.0016 3552  NDIS - ok
12:49:44.0045 3552  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:49:44.0083 3552  NdisTapi - ok
12:49:44.0100 3552  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:49:44.0139 3552  Ndisuio - ok
12:49:44.0166 3552  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:49:44.0194 3552  NdisWan - ok
12:49:44.0245 3552  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:49:44.0284 3552  NDProxy - ok
12:49:44.0314 3552  [ 7AFD0E39AB15CB355487B7CC19F4E2C5 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
12:49:44.0321 3552  Netaapl ( UnsignedFile.Multi.Generic ) - warning
12:49:44.0321 3552  Netaapl - detected UnsignedFile.Multi.Generic (1)
12:49:44.0376 3552  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:49:44.0431 3552  NetBIOS - ok
12:49:44.0480 3552  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
12:49:44.0529 3552  netbt - ok
12:49:44.0566 3552  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
12:49:44.0593 3552  Netlogon - ok
12:49:44.0653 3552  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
12:49:44.0720 3552  Netman - ok
12:49:44.0739 3552  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
12:49:44.0819 3552  netprofm - ok
12:49:44.0859 3552  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:49:44.0887 3552  NetTcpPortSharing - ok
12:49:44.0927 3552  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:49:44.0953 3552  nfrd960 - ok
12:49:45.0201 3552  [ B489677E8ACB76FB40180A62EA4C2D0F ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
12:49:45.0443 3552  NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
12:49:45.0443 3552  NIHardwareService - detected UnsignedFile.Multi.Generic (1)
12:49:45.0499 3552  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:49:45.0559 3552  NlaSvc - ok
12:49:45.0596 3552  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:49:45.0637 3552  Npfs - ok
12:49:45.0677 3552  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
12:49:45.0731 3552  nsi - ok
12:49:45.0757 3552  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:49:45.0789 3552  nsiproxy - ok
12:49:45.0888 3552  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:49:45.0973 3552  Ntfs - ok
12:49:45.0999 3552  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
12:49:46.0096 3552  ntrigdigi - ok
12:49:46.0170 3552  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
12:49:46.0206 3552  Null - ok
12:49:46.0254 3552  [ 1EFEC38A852AB35883BFFF3427B92B3F ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
12:49:46.0287 3552  NVENETFD - ok
12:49:46.0316 3552  [ 57945C4C155A79CF3E0F463E3CC9923E ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
12:49:46.0340 3552  NVHDA - ok
12:49:46.0692 3552  [ 9DAC05D828E56801FD6CE5FDFCED64AF ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:49:47.0320 3552  nvlddmkm - ok
12:49:47.0394 3552  [ 1EFEC38A852AB35883BFFF3427B92B3F ] NVNET           C:\Windows\system32\DRIVERS\nvmfdx32.sys
12:49:47.0413 3552  NVNET - ok
12:49:47.0453 3552  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:49:47.0496 3552  nvraid - ok
12:49:47.0548 3552  [ 0FB6BF3AB170FC5BD403D25E134EAFDE ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
12:49:47.0609 3552  nvsmu - ok
12:49:47.0647 3552  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:49:47.0700 3552  nvstor - ok
12:49:47.0759 3552  [ 51E7F2C26B6ECE61C5241F1F731EAB2B ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:49:47.0792 3552  nvsvc - ok
12:49:47.0829 3552  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:49:47.0850 3552  nv_agp - ok
12:49:47.0864 3552  NwlnkFlt - ok
12:49:47.0875 3552  NwlnkFwd - ok
12:49:47.0994 3552  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:49:48.0023 3552  odserv - ok
12:49:48.0063 3552  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:49:48.0154 3552  ohci1394 - ok
12:49:48.0219 3552  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:49:48.0235 3552  ose - ok
12:49:48.0294 3552  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
12:49:48.0358 3552  p2pimsvc - ok
12:49:48.0427 3552  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:49:48.0455 3552  p2psvc - ok
12:49:48.0533 3552  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
12:49:48.0631 3552  Parport - ok
12:49:48.0660 3552  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:49:48.0687 3552  partmgr - ok
12:49:48.0708 3552  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
12:49:48.0774 3552  Parvdm - ok
12:49:48.0838 3552  [ 3ADB8BD6154A3EF87496E8FCE9C22493 ] pavboot         C:\Windows\system32\drivers\pavboot.sys
12:49:48.0860 3552  pavboot - ok
12:49:48.0917 3552  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:49:48.0937 3552  PcaSvc - ok
12:49:48.0979 3552  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
12:49:48.0998 3552  pci - ok
12:49:49.0028 3552  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
12:49:49.0055 3552  pciide - ok
12:49:49.0105 3552  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:49:49.0123 3552  pcmcia - ok
12:49:49.0284 3552  [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
12:49:49.0301 3552  PDFProFiltSrvPP - ok
12:49:49.0330 3552  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:49:49.0409 3552  PEAUTH - ok
12:49:49.0529 3552  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
12:49:49.0656 3552  pla - ok
12:49:49.0718 3552  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:49:49.0756 3552  PlugPlay - ok
12:49:49.0802 3552  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
12:49:49.0835 3552  PNRPAutoReg - ok
12:49:49.0868 3552  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
12:49:49.0903 3552  PNRPsvc - ok
12:49:49.0983 3552  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:49:50.0039 3552  PolicyAgent - ok
12:49:50.0096 3552  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:49:50.0140 3552  PptpMiniport - ok
12:49:50.0177 3552  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:49:50.0220 3552  Processor - ok
12:49:50.0257 3552  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:49:50.0291 3552  ProfSvc - ok
12:49:50.0321 3552  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:49:50.0339 3552  ProtectedStorage - ok
12:49:50.0370 3552  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
12:49:50.0396 3552  PSched - ok
12:49:50.0478 3552  [ 624A6D58195B7ED9E01683238105D3BB ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:49:50.0490 3552  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
12:49:50.0490 3552  QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
12:49:50.0554 3552  [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:49:50.0563 3552  QBFCService ( UnsignedFile.Multi.Generic ) - warning
12:49:50.0563 3552  QBFCService - detected UnsignedFile.Multi.Generic (1)
12:49:50.0621 3552  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:49:50.0677 3552  ql2300 - ok
12:49:50.0690 3552  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:49:50.0707 3552  ql40xx - ok
12:49:50.0788 3552  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
12:49:50.0810 3552  QWAVE - ok
12:49:50.0842 3552  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:49:50.0867 3552  QWAVEdrv - ok
12:49:51.0006 3552  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
12:49:51.0026 3552  RapiMgr - ok
12:49:51.0066 3552  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:49:51.0106 3552  RasAcd - ok
12:49:51.0158 3552  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
12:49:51.0224 3552  RasAuto - ok
12:49:51.0281 3552  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:49:51.0316 3552  Rasl2tp - ok
12:49:51.0353 3552  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
12:49:51.0389 3552  RasMan - ok
12:49:51.0419 3552  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:49:51.0447 3552  RasPppoe - ok
12:49:51.0483 3552  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:49:51.0500 3552  RasSstp - ok
12:49:51.0552 3552  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:49:51.0582 3552  rdbss - ok
12:49:51.0614 3552  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:49:51.0651 3552  RDPCDD - ok
12:49:51.0681 3552  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
12:49:51.0732 3552  rdpdr - ok
12:49:51.0791 3552  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:49:51.0822 3552  RDPENCDD - ok
12:49:51.0838 3552  [ 79C6DF8477250F5C54F7C5AE1D6B814E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:49:51.0869 3552  RDPWD - ok
12:49:52.0009 3552  [ 431723F23D0E065BEF502389E8FFDC10 ] Recovery Service for Windows C:\Windows\SMINST\BLService.exe
12:49:52.0040 3552  Recovery Service for Windows - ok
12:49:52.0114 3552  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:49:52.0150 3552  RemoteAccess - ok
12:49:52.0192 3552  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:49:52.0239 3552  RemoteRegistry - ok
12:49:52.0400 3552  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
12:49:52.0423 3552  RichVideo - ok
12:49:52.0471 3552  [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
12:49:52.0497 3552  RimUsb - ok
12:49:52.0525 3552  [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
12:49:52.0555 3552  RimVSerPort - ok
12:49:52.0578 3552  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
12:49:52.0625 3552  ROOTMODEM - ok
12:49:52.0671 3552  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
12:49:52.0687 3552  RpcLocator - ok
12:49:52.0744 3552  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
12:49:52.0779 3552  RpcSs - ok
12:49:52.0817 3552  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:49:52.0849 3552  rspndr - ok
12:49:52.0859 3552  [ 4F31CFDEBD0A5BC27D45E7EBFEFAAF6F ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
12:49:52.0893 3552  RTSTOR - ok
12:49:52.0926 3552  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
12:49:52.0941 3552  SamSs - ok
12:49:52.0951 3552  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:49:52.0966 3552  sbp2port - ok
12:49:53.0003 3552  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:49:53.0032 3552  SCardSvr - ok
12:49:53.0086 3552  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
12:49:53.0163 3552  Schedule - ok
12:49:53.0217 3552  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:49:53.0243 3552  SCPolicySvc - ok
12:49:53.0423 3552  [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater   C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
12:49:53.0479 3552  ScrybeUpdater - ok
12:49:53.0543 3552  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:49:53.0586 3552  SDRSVC - ok
12:49:53.0637 3552  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:49:53.0693 3552  secdrv - ok
12:49:53.0723 3552  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
12:49:53.0756 3552  seclogon - ok
12:49:53.0788 3552  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
12:49:53.0822 3552  SENS - ok
12:49:53.0863 3552  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:49:53.0928 3552  Serenum - ok
12:49:53.0956 3552  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
12:49:54.0016 3552  Serial - ok
12:49:54.0054 3552  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:49:54.0094 3552  sermouse - ok
12:49:54.0156 3552  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:49:54.0210 3552  SessionEnv - ok
12:49:54.0260 3552  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:49:54.0289 3552  sffdisk - ok
12:49:54.0307 3552  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:49:54.0360 3552  sffp_mmc - ok
12:49:54.0387 3552  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:49:54.0422 3552  sffp_sd - ok
12:49:54.0447 3552  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:49:54.0525 3552  sfloppy - ok
12:49:54.0601 3552  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:49:54.0639 3552  SharedAccess - ok
12:49:54.0721 3552  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:49:54.0774 3552  ShellHWDetection - ok
12:49:54.0822 3552  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:49:54.0839 3552  sisagp - ok
12:49:54.0863 3552  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
12:49:54.0878 3552  SiSRaid2 - ok
12:49:54.0891 3552  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:49:54.0911 3552  SiSRaid4 - ok
12:49:55.0084 3552  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
12:49:55.0244 3552  slsvc - ok
12:49:55.0257 3552  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
12:49:55.0313 3552  SLUINotify - ok
12:49:55.0336 3552  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:49:55.0374 3552  Smb - ok
12:49:55.0432 3552  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:49:55.0458 3552  SNMPTRAP - ok
12:49:55.0502 3552  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
12:49:55.0518 3552  spldr - ok
12:49:55.0572 3552  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
12:49:55.0618 3552  Spooler - ok
12:49:55.0682 3552  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:49:55.0725 3552  srv - ok
12:49:55.0749 3552  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:49:55.0790 3552  srv2 - ok
12:49:55.0803 3552  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:49:55.0829 3552  srvnet - ok
12:49:55.0897 3552  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:49:55.0959 3552  SSDPSRV - ok
12:49:55.0971 3552  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:49:56.0015 3552  SstpSvc - ok
12:49:56.0045 3552  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
12:49:56.0084 3552  StillCam - ok
12:49:56.0144 3552  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
12:49:56.0199 3552  stisvc - ok
12:49:56.0275 3552  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:49:56.0289 3552  swenum - ok
12:49:56.0349 3552  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
12:49:56.0382 3552  swprv - ok
12:49:56.0403 3552  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
12:49:56.0417 3552  Symc8xx - ok
12:49:56.0461 3552  [ FE9F8B3A8BC22D85332B42E92308DDF9 ] SYMDNS          C:\Windows\System32\Drivers\SYMDNS.SYS
12:49:56.0473 3552  SYMDNS - ok
12:49:56.0508 3552  [ 06B95820DF51502099A8A15C93E87986 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
12:49:56.0530 3552  SymEvent - ok
12:49:56.0546 3552  [ A0EA9D273889E53CFAABF2444692CCBF ] SYMFW           C:\Windows\System32\Drivers\SYMFW.SYS
12:49:56.0563 3552  SYMFW - ok
12:49:56.0588 3552  [ 8EAB28DD6CD25355B951AE460FA86B48 ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
12:49:56.0602 3552  SymIM - ok
12:49:56.0650 3552  [ C94EACA4B522012EE0691F1E79C42A7D ] SYMNDISV        C:\Windows\System32\Drivers\SYMNDISV.SYS
12:49:56.0665 3552  SYMNDISV - ok
12:49:56.0678 3552  [ 7C6505EA598E58099D3B7E1F70426864 ] SYMREDRV        C:\Windows\System32\Drivers\SYMREDRV.SYS
12:49:56.0692 3552  SYMREDRV - ok
12:49:56.0723 3552  [ E6FF7ACE71D07CA90119F2C6AB592BA4 ] SYMTDI          C:\Windows\System32\Drivers\SYMTDI.SYS
12:49:56.0748 3552  SYMTDI - ok
12:49:56.0792 3552  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
12:49:56.0817 3552  Sym_hi - ok
12:49:56.0831 3552  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
12:49:56.0853 3552  Sym_u3 - ok
12:49:56.0868 3552  [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:49:56.0886 3552  SynTP - ok
12:49:56.0944 3552  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
12:49:57.0005 3552  SysMain - ok
12:49:57.0038 3552  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:49:57.0059 3552  TabletInputService - ok
12:49:57.0092 3552  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:49:57.0126 3552  TapiSrv - ok
12:49:57.0153 3552  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
12:49:57.0190 3552  TBS - ok
12:49:57.0260 3552  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:49:57.0309 3552  Tcpip - ok
12:49:57.0371 3552  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
12:49:57.0414 3552  Tcpip6 - ok
12:49:57.0457 3552  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:49:57.0498 3552  tcpipreg - ok
12:49:57.0528 3552  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:49:57.0561 3552  TDPIPE - ok
12:49:57.0574 3552  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:49:57.0620 3552  TDTCP - ok
12:49:57.0654 3552  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:49:57.0685 3552  tdx - ok
12:49:57.0711 3552  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:49:57.0740 3552  TermDD - ok
12:49:57.0807 3552  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
12:49:57.0842 3552  TermService - ok
12:49:57.0869 3552  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
12:49:57.0893 3552  Themes - ok
12:49:57.0960 3552  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:49:57.0994 3552  THREADORDER - ok
12:49:58.0029 3552  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
12:49:58.0067 3552  TrkWks - ok
12:49:58.0158 3552  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:49:58.0182 3552  TrustedInstaller - ok
12:49:58.0243 3552  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:49:58.0275 3552  tssecsrv - ok
12:49:58.0301 3552  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
12:49:58.0336 3552  tunmp - ok
12:49:58.0365 3552  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:49:58.0380 3552  tunnel - ok
12:49:58.0409 3552  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:49:58.0426 3552  uagp35 - ok
12:49:58.0443 3552  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:49:58.0474 3552  udfs - ok
12:49:58.0541 3552  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:49:58.0578 3552  UI0Detect - ok
12:49:58.0588 3552  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:49:58.0611 3552  uliagpkx - ok
12:49:58.0626 3552  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
12:49:58.0652 3552  uliahci - ok
12:49:58.0665 3552  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
12:49:58.0684 3552  UlSata - ok
12:49:58.0722 3552  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
12:49:58.0746 3552  ulsata2 - ok
12:49:58.0779 3552  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:49:58.0811 3552  umbus - ok
12:49:58.0851 3552  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
12:49:58.0890 3552  upnphost - ok
12:49:58.0935 3552  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
12:49:58.0971 3552  USBAAPL - ok
12:49:59.0003 3552  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:49:59.0028 3552  usbaudio - ok
12:49:59.0038 3552  usbbus - ok
12:49:59.0048 3552  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:49:59.0075 3552  usbccgp - ok
12:49:59.0088 3552  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:49:59.0170 3552  usbcir - ok
12:49:59.0195 3552  UsbDiag - ok
12:49:59.0238 3552  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:49:59.0278 3552  usbehci - ok
12:49:59.0294 3552  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:49:59.0355 3552  usbhub - ok
12:49:59.0367 3552  USBModem - ok
12:49:59.0448 3552  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:49:59.0480 3552  usbohci - ok
12:49:59.0507 3552  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:49:59.0542 3552  usbprint - ok
12:49:59.0583 3552  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:49:59.0623 3552  usbscan - ok
12:49:59.0658 3552  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:49:59.0694 3552  USBSTOR - ok
12:49:59.0724 3552  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:49:59.0758 3552  usbuhci - ok
12:49:59.0772 3552  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:49:59.0807 3552  usbvideo - ok
12:49:59.0851 3552  [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
12:49:59.0893 3552  usb_rndisx - ok
12:49:59.0933 3552  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
12:49:59.0964 3552  UxSms - ok
12:49:59.0993 3552  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
12:50:00.0045 3552  vds - ok
12:50:00.0094 3552  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:50:00.0145 3552  vga - ok
12:50:00.0172 3552  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:50:00.0214 3552  VgaSave - ok
12:50:00.0249 3552  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:50:00.0271 3552  viaagp - ok
12:50:00.0311 3552  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
12:50:00.0349 3552  ViaC7 - ok
12:50:00.0401 3552  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
12:50:00.0420 3552  viaide - ok
12:50:00.0441 3552  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:50:00.0462 3552  volmgr - ok
12:50:00.0503 3552  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:50:00.0539 3552  volmgrx - ok
12:50:00.0553 3552  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:50:00.0580 3552  volsnap - ok
12:50:00.0593 3552  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:50:00.0612 3552  vsmraid - ok
12:50:00.0722 3552  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
12:50:00.0777 3552  VSS - ok
12:50:00.0816 3552  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
12:50:00.0850 3552  W32Time - ok
12:50:00.0937 3552  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:50:01.0039 3552  WacomPen - ok
12:50:01.0088 3552  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:50:01.0129 3552  Wanarp - ok
12:50:01.0144 3552  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:50:01.0173 3552  Wanarpv6 - ok
12:50:01.0245 3552  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
12:50:01.0278 3552  WcesComm - ok
12:50:01.0368 3552  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:50:01.0409 3552  wcncsvc - ok
12:50:01.0452 3552  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:50:01.0495 3552  WcsPlugInService - ok
12:50:01.0536 3552  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
12:50:01.0562 3552  Wd - ok
12:50:01.0621 3552  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:50:01.0655 3552  Wdf01000 - ok
12:50:01.0705 3552  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:50:01.0757 3552  WdiServiceHost - ok
12:50:01.0771 3552  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:50:01.0815 3552  WdiSystemHost - ok
12:50:01.0830 3552  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
12:50:01.0861 3552  WebClient - ok
12:50:01.0876 3552  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:50:01.0914 3552  Wecsvc - ok
12:50:01.0930 3552  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:50:01.0959 3552  wercplsupport - ok
12:50:01.0972 3552  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:50:02.0019 3552  WerSvc - ok
12:50:02.0073 3552  [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:50:02.0109 3552  winachsf - ok
12:50:02.0177 3552  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:50:02.0208 3552  WinDefend - ok
12:50:02.0220 3552  WinHttpAutoProxySvc - ok
12:50:02.0306 3552  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:50:02.0349 3552  Winmgmt - ok
12:50:02.0459 3552  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:50:02.0554 3552  WinRM - ok
12:50:02.0621 3552  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
12:50:02.0653 3552  winusb - ok
12:50:02.0705 3552  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:50:02.0753 3552  Wlansvc - ok
12:50:02.0957 3552  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:50:03.0065 3552  wlidsvc - ok
12:50:03.0138 3552  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:50:03.0177 3552  WmiAcpi - ok
12:50:03.0226 3552  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:50:03.0252 3552  wmiApSrv - ok
12:50:03.0367 3552  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:50:03.0405 3552  WMPNetworkSvc - ok
12:50:03.0539 3552  [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm      c:\Program Files\Zune\WMZuneComm.exe
12:50:03.0567 3552  WMZuneComm - ok
12:50:03.0628 3552  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:50:03.0686 3552  WPCSvc - ok
12:50:03.0728 3552  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:50:03.0772 3552  WPDBusEnum - ok
12:50:03.0802 3552  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
12:50:03.0839 3552  WpdUsb - ok
12:50:04.0046 3552  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:50:04.0083 3552  WPFFontCache_v0400 - ok
12:50:04.0162 3552  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:50:04.0197 3552  ws2ifsl - ok
12:50:04.0251 3552  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
12:50:04.0273 3552  wscsvc - ok
12:50:04.0318 3552  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
12:50:04.0348 3552  WSDPrintDevice - ok
12:50:04.0385 3552  [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
12:50:04.0412 3552  WSDScan - ok
12:50:04.0422 3552  WSearch - ok
12:50:04.0552 3552  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:50:04.0633 3552  wuauserv - ok
12:50:04.0701 3552  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:50:04.0741 3552  WudfPf - ok
12:50:04.0756 3552  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:50:04.0781 3552  WUDFRd - ok
12:50:04.0827 3552  [ 2C0206FF8D2C75AC027D1096FA2FAFDA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:50:04.0880 3552  wudfsvc - ok
12:50:04.0947 3552  [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
12:50:04.0964 3552  XAudio - ok
12:50:05.0005 3552  [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
12:50:05.0049 3552  XAudioService - ok
12:50:05.0302 3552  [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc  c:\Program Files\Zune\ZuneNss.exe
12:50:05.0655 3552  ZuneNetworkSvc - ok
12:50:05.0711 3552  [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc  c:\Program Files\Zune\ZuneWlanCfgSvc.exe
12:50:05.0756 3552  ZuneWlanCfgSvc - ok
12:50:05.0817 3552  ================ Scan global ===============================
12:50:05.0889 3552  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:50:05.0956 3552  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:50:05.0999 3552  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:50:06.0039 3552  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:50:06.0044 3552  [Global] - ok
12:50:06.0045 3552  ================ Scan MBR ==================================
12:50:06.0080 3552  [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0
12:50:06.0529 3552  \Device\Harddisk0\DR0 - ok
12:50:06.0529 3552  ================ Scan VBR ==================================
12:50:06.0536 3552  [ 7D3CE607E6ECC1025EC4A4C9F61A74F4 ] \Device\Harddisk0\DR0\Partition1
12:50:06.0538 3552  \Device\Harddisk0\DR0\Partition1 - ok
12:50:06.0549 3552  [ 3D9C25E74EB21FC1D5DB2902622F1599 ] \Device\Harddisk0\DR0\Partition2
12:50:06.0551 3552  \Device\Harddisk0\DR0\Partition2 - ok
12:50:06.0555 3552  ============================================================
12:50:06.0555 3552  Scan finished
12:50:06.0555 3552  ============================================================
12:50:06.0584 7592  Detected object count: 8
12:50:06.0584 7592  Actual detected object count: 8
12:50:17.0497 7592  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:50:17.0498 7592  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:50:17.0498 7592  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:50:17.0498 7592  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:50:17.0499 7592  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:50:17.0499 7592  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:50:17.0499 7592  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:50:17.0500 7592  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:50:17.0500 7592  Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
12:50:17.0500 7592  Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:50:17.0509 7592  NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
12:50:17.0509 7592  NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:50:17.0510 7592  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
12:50:17.0510 7592  QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:50:17.0515 7592  QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
12:50:17.0515 7592  QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

 

 

 

 

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-22 12:53:29
-----------------------------
12:53:29.887    OS Version: Windows 6.0.6002 Service Pack 2
12:53:29.887    Number of processors: 2 586 0x301
12:53:29.888    ComputerName: PAUL-LAPTOP  UserName: Paul
12:53:30.944    Initialize success
12:53:59.637    AVAST engine download error: 0
12:54:09.844    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
12:54:09.851    Disk 0 Vendor: ST9250827AS 3.AHC Size: 238475MB BusType: 3
12:54:10.039    Disk 0 MBR read successfully
12:54:10.043    Disk 0 MBR scan
12:54:10.052    Disk 0 unknown MBR code
12:54:10.058    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       228924 MB offset 63
12:54:10.091    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         9547 MB offset 468838400
12:54:10.128    Disk 0 scanning sectors +488390656
12:54:10.205    Disk 0 scanning C:\Windows\system32\drivers
12:54:16.922    Service scanning
12:54:39.761    Modules scanning
12:54:53.714    Disk 0 trace - called modules:
12:54:53.767    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:54:54.130    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f69498]
12:54:54.142    3 CLASSPNP.SYS[8079f8b3] -> nt!IofCallDriver -> [0x86d82918]
12:54:54.154    5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x86d8a5a8]
12:54:54.168    Scan finished successfully
12:55:41.688    Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
12:55:41.700    The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"

 

 

 

 

Attached Files

  • Attached File  MBR.zip   547bytes   0 downloads

Edited by Halfwit, 22 April 2013 - 12:22 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 19,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:23 AM

Posted 22 April 2013 - 12:23 PM

The logs are clean.

Please download Farbar Service Scanner and run it on the computer with the issue.
[1] Make sure the following options are checked:
[2] Internet Services
[3] Windows Firewall
[4] System Restore
[5] Security Center/Action center
[6] Windows Update
[7] Windows Defender


Press Scan.
This will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

#12 Halfwit

Halfwit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 22 April 2013 - 12:32 PM

Farbar Service Scanner Version: 14-04-2013
Ran by Paul (administrator) on 22-04-2013 at 13:32:12
Running from "C:\Users\Paul\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****



#13 nasdaq

nasdaq

  • Malware Response Team
  • 19,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:23 AM

Posted 22 April 2013 - 12:40 PM

All logs are clean.

What are the remaining issues with this computer?

#14 Halfwit

Halfwit
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 22 April 2013 - 12:45 PM

Something is blocking me from being able to download any anti-malware or spyware or anti-virusware.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 19,689 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:23 AM

Posted 22 April 2013 - 01:09 PM


Lets start with Java.

Run this tool and try to get the latest version.

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.
In Vista and Windows 7 right click the JavaRa.exe and select run as Administrator.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users