Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected with js/Obfuscator/H.


  • Please log in to reply
42 replies to this topic

#1 dmcmaster

dmcmaster

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 26 October 2012 - 12:41 PM

I am running Windows 7 32 bit with service pack 1. My browser(Firefox) was redirecting me to a page called Software Education, but now just seems to be hanging until I enter an address. Microsoft Security Essentials supposedly removed a virus tool named js/Obfuscator/H. I am certain that there are remnants of something. I have trouble getting the Microsoft Scanner from their security site to scan. It stops in the middle and disappears. Malware Anti Malware Bytes didn't want to download. I sense that something seems to be there of which I only occasionally get any sign. Any help with finding out exactly what is going on would be greatly appreciated.




dmcmaster@sbcglobal.net

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 AM

Posted 26 October 2012 - 01:24 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 dmcmaster

dmcmaster
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 26 October 2012 - 05:02 PM

Here are the logs:


TDSS Log

14:54:30.0684 2724 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:54:30.0716 2724 ============================================================
14:54:30.0716 2724 Current date / time: 2012/10/26 14:54:30.0716
14:54:30.0716 2724 SystemInfo:
14:54:30.0716 2724
14:54:30.0716 2724 OS Version: 6.1.7601 ServicePack: 1.0
14:54:30.0716 2724 Product type: Workstation
14:54:30.0716 2724 ComputerName: COMPUTERONE
14:54:30.0716 2724 UserName: David McMaster
14:54:30.0716 2724 Windows directory: C:\Windows
14:54:30.0716 2724 System windows directory: C:\Windows
14:54:30.0716 2724 Processor architecture: Intel x86
14:54:30.0716 2724 Number of processors: 2
14:54:30.0716 2724 Page size: 0x1000
14:54:30.0716 2724 Boot type: Normal boot
14:54:30.0716 2724 ============================================================
14:54:31.0698 2724 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:54:31.0792 2724 ============================================================
14:54:31.0792 2724 \Device\Harddisk0\DR0:
14:54:31.0808 2724 MBR partitions:
14:54:31.0808 2724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C4800, BlocksNum 0x8B4A800
14:54:31.0808 2724 ============================================================
14:54:31.0854 2724 C: <-> \Device\Harddisk0\DR0\Partition1
14:54:31.0854 2724 ============================================================
14:54:31.0854 2724 Initialize success
14:54:31.0854 2724 ============================================================
14:54:48.0437 2832 ============================================================
14:54:48.0437 2832 Scan started
14:54:48.0437 2832 Mode: Manual; TDLFS;
14:54:48.0437 2832 ============================================================
14:54:48.0609 2832 ================ Scan system memory ========================
14:54:48.0609 2832 System memory - ok
14:54:48.0609 2832 ================ Scan services =============================
14:54:48.0765 2832 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:54:48.0765 2832 1394ohci - ok
14:54:48.0780 2832 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:54:48.0796 2832 ACPI - ok
14:54:48.0796 2832 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:54:48.0796 2832 AcpiPmi - ok
14:54:48.0905 2832 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:54:48.0905 2832 AdobeARMservice - ok
14:54:48.0968 2832 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:54:48.0968 2832 AdobeFlashPlayerUpdateSvc - ok
14:54:48.0999 2832 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:54:49.0014 2832 adp94xx - ok
14:54:49.0030 2832 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:54:49.0030 2832 adpahci - ok
14:54:49.0061 2832 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:54:49.0061 2832 adpu320 - ok
14:54:49.0092 2832 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:54:49.0092 2832 AeLookupSvc - ok
14:54:49.0139 2832 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
14:54:49.0139 2832 AFD - ok
14:54:49.0155 2832 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:54:49.0155 2832 agp440 - ok
14:54:49.0202 2832 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:54:49.0202 2832 aic78xx - ok
14:54:49.0233 2832 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:54:49.0233 2832 ALG - ok
14:54:49.0248 2832 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
14:54:49.0248 2832 aliide - ok
14:54:49.0248 2832 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:54:49.0248 2832 amdagp - ok
14:54:49.0280 2832 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
14:54:49.0280 2832 amdide - ok
14:54:49.0295 2832 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:54:49.0295 2832 AmdK8 - ok
14:54:49.0311 2832 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:54:49.0311 2832 AmdPPM - ok
14:54:49.0342 2832 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:54:49.0358 2832 amdsata - ok
14:54:49.0373 2832 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:54:49.0373 2832 amdsbs - ok
14:54:49.0404 2832 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:54:49.0404 2832 amdxata - ok
14:54:49.0436 2832 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
14:54:49.0436 2832 AppID - ok
14:54:49.0467 2832 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:54:49.0467 2832 AppIDSvc - ok
14:54:49.0482 2832 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
14:54:49.0482 2832 Appinfo - ok
14:54:49.0514 2832 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
14:54:49.0514 2832 AppMgmt - ok
14:54:49.0545 2832 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
14:54:49.0545 2832 arc - ok
14:54:49.0560 2832 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:54:49.0576 2832 arcsas - ok
14:54:49.0592 2832 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:54:49.0592 2832 AsyncMac - ok
14:54:49.0607 2832 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:54:49.0607 2832 atapi - ok
14:54:49.0654 2832 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:54:49.0654 2832 AudioEndpointBuilder - ok
14:54:49.0670 2832 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:54:49.0670 2832 Audiosrv - ok
14:54:49.0685 2832 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:54:49.0701 2832 AxInstSV - ok
14:54:49.0716 2832 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
14:54:49.0732 2832 b06bdrv - ok
14:54:49.0763 2832 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:54:49.0763 2832 b57nd60x - ok
14:54:49.0779 2832 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:54:49.0779 2832 BDESVC - ok
14:54:49.0794 2832 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:54:49.0794 2832 Beep - ok
14:54:49.0826 2832 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
14:54:49.0826 2832 BFE - ok
14:54:49.0872 2832 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
14:54:49.0904 2832 BITS - ok
14:54:49.0935 2832 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:54:49.0935 2832 blbdrive - ok
14:54:49.0966 2832 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:54:49.0982 2832 bowser - ok
14:54:49.0982 2832 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:54:49.0997 2832 BrFiltLo - ok
14:54:49.0997 2832 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:54:49.0997 2832 BrFiltUp - ok
14:54:50.0028 2832 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
14:54:50.0028 2832 Browser - ok
14:54:50.0060 2832 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:54:50.0060 2832 Brserid - ok
14:54:50.0075 2832 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:54:50.0075 2832 BrSerWdm - ok
14:54:50.0091 2832 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:54:50.0091 2832 BrUsbMdm - ok
14:54:50.0091 2832 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:54:50.0091 2832 BrUsbSer - ok
14:54:50.0106 2832 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:54:50.0106 2832 BTHMODEM - ok
14:54:50.0138 2832 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:54:50.0138 2832 bthserv - ok
14:54:50.0169 2832 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:54:50.0169 2832 cdfs - ok
14:54:50.0216 2832 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:54:50.0216 2832 cdrom - ok
14:54:50.0247 2832 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:54:50.0247 2832 CertPropSvc - ok
14:54:50.0247 2832 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
14:54:50.0262 2832 circlass - ok
14:54:50.0278 2832 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:54:50.0278 2832 CLFS - ok
14:54:50.0340 2832 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:54:50.0340 2832 clr_optimization_v2.0.50727_32 - ok
14:54:50.0403 2832 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:54:50.0403 2832 clr_optimization_v4.0.30319_32 - ok
14:54:50.0434 2832 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:54:50.0434 2832 CmBatt - ok
14:54:50.0450 2832 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:54:50.0450 2832 cmdide - ok
14:54:50.0481 2832 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
14:54:50.0481 2832 CNG - ok
14:54:50.0496 2832 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:54:50.0496 2832 Compbatt - ok
14:54:50.0512 2832 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:54:50.0512 2832 CompositeBus - ok
14:54:50.0528 2832 COMSysApp - ok
14:54:50.0543 2832 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:54:50.0559 2832 crcdisk - ok
14:54:50.0606 2832 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:54:50.0606 2832 CryptSvc - ok
14:54:50.0621 2832 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
14:54:50.0621 2832 CSC - ok
14:54:50.0668 2832 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
14:54:50.0684 2832 CscService - ok
14:54:50.0715 2832 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:54:50.0730 2832 DcomLaunch - ok
14:54:50.0746 2832 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:54:50.0762 2832 defragsvc - ok
14:54:50.0762 2832 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:54:50.0762 2832 DfsC - ok
14:54:50.0793 2832 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:54:50.0793 2832 Dhcp - ok
14:54:50.0808 2832 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:54:50.0808 2832 discache - ok
14:54:50.0840 2832 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
14:54:50.0840 2832 Disk - ok
14:54:50.0855 2832 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:54:50.0855 2832 dmvsc - ok
14:54:50.0886 2832 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:54:50.0886 2832 Dnscache - ok
14:54:50.0902 2832 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:54:50.0918 2832 dot3svc - ok
14:54:50.0933 2832 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:54:50.0933 2832 DPS - ok
14:54:50.0949 2832 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:54:50.0949 2832 drmkaud - ok
14:54:50.0964 2832 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:54:50.0996 2832 DXGKrnl - ok
14:54:51.0011 2832 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:54:51.0011 2832 EapHost - ok
14:54:51.0105 2832 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
14:54:51.0167 2832 ebdrv - ok
14:54:51.0183 2832 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:54:51.0183 2832 EFS - ok
14:54:51.0230 2832 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:54:51.0230 2832 elxstor - ok
14:54:51.0245 2832 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:54:51.0245 2832 ErrDev - ok
14:54:51.0276 2832 esgiguard - ok
14:54:51.0308 2832 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:54:51.0308 2832 EventSystem - ok
14:54:51.0323 2832 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:54:51.0323 2832 exfat - ok
14:54:51.0339 2832 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:54:51.0354 2832 fastfat - ok
14:54:51.0370 2832 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:54:51.0370 2832 fdc - ok
14:54:51.0386 2832 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:54:51.0386 2832 fdPHost - ok
14:54:51.0401 2832 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:54:51.0401 2832 FDResPub - ok
14:54:51.0417 2832 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:54:51.0417 2832 FileInfo - ok
14:54:51.0417 2832 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:54:51.0417 2832 Filetrace - ok
14:54:51.0432 2832 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:54:51.0432 2832 flpydisk - ok
14:54:51.0464 2832 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:54:51.0464 2832 FltMgr - ok
14:54:51.0510 2832 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
14:54:51.0526 2832 FontCache - ok
14:54:51.0557 2832 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:54:51.0557 2832 FontCache3.0.0.0 - ok
14:54:51.0573 2832 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:54:51.0573 2832 FsDepends - ok
14:54:51.0604 2832 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:54:51.0604 2832 Fs_Rec - ok
14:54:51.0651 2832 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:54:51.0651 2832 fvevol - ok
14:54:51.0682 2832 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:54:51.0682 2832 gagp30kx - ok
14:54:51.0713 2832 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:54:51.0713 2832 gpsvc - ok
14:54:51.0729 2832 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:54:51.0729 2832 hcw85cir - ok
14:54:51.0760 2832 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:54:51.0776 2832 HdAudAddService - ok
14:54:51.0791 2832 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:54:51.0791 2832 HDAudBus - ok
14:54:51.0807 2832 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:54:51.0807 2832 HidBatt - ok
14:54:51.0807 2832 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:54:51.0807 2832 HidBth - ok
14:54:51.0822 2832 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:54:51.0822 2832 HidIr - ok
14:54:51.0838 2832 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:54:51.0838 2832 hidserv - ok
14:54:51.0854 2832 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:54:51.0854 2832 HidUsb - ok
14:54:51.0885 2832 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:54:51.0900 2832 hkmsvc - ok
14:54:51.0932 2832 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:54:51.0932 2832 HomeGroupListener - ok
14:54:51.0963 2832 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:54:51.0963 2832 HomeGroupProvider - ok
14:54:51.0994 2832 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:54:51.0994 2832 HpSAMD - ok
14:54:52.0010 2832 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:54:52.0025 2832 HTTP - ok
14:54:52.0072 2832 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:54:52.0072 2832 hwpolicy - ok
14:54:52.0103 2832 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:54:52.0103 2832 i8042prt - ok
14:54:52.0134 2832 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:54:52.0134 2832 iaStorV - ok
14:54:52.0181 2832 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:54:52.0212 2832 idsvc - ok
14:54:52.0228 2832 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:54:52.0228 2832 iirsp - ok
14:54:52.0275 2832 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:54:52.0275 2832 IKEEXT - ok
14:54:52.0306 2832 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:54:52.0306 2832 intelide - ok
14:54:52.0322 2832 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:54:52.0322 2832 intelppm - ok
14:54:52.0337 2832 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:54:52.0337 2832 IPBusEnum - ok
14:54:52.0353 2832 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:54:52.0353 2832 IpFilterDriver - ok
14:54:52.0384 2832 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:54:52.0400 2832 iphlpsvc - ok
14:54:52.0415 2832 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:54:52.0415 2832 IPMIDRV - ok
14:54:52.0431 2832 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:54:52.0431 2832 IPNAT - ok
14:54:52.0462 2832 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:54:52.0462 2832 IRENUM - ok
14:54:52.0478 2832 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:54:52.0478 2832 isapnp - ok
14:54:52.0509 2832 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:54:52.0509 2832 iScsiPrt - ok
14:54:52.0524 2832 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:54:52.0524 2832 kbdclass - ok
14:54:52.0556 2832 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:54:52.0556 2832 kbdhid - ok
14:54:52.0571 2832 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:54:52.0571 2832 KeyIso - ok
14:54:52.0587 2832 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:54:52.0602 2832 KSecDD - ok
14:54:52.0602 2832 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:54:52.0602 2832 KSecPkg - ok
14:54:52.0634 2832 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:54:52.0634 2832 KtmRm - ok
14:54:52.0665 2832 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
14:54:52.0680 2832 LanmanServer - ok
14:54:52.0696 2832 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:54:52.0712 2832 LanmanWorkstation - ok
14:54:52.0758 2832 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:54:52.0758 2832 lltdio - ok
14:54:52.0790 2832 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:54:52.0790 2832 lltdsvc - ok
14:54:52.0805 2832 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:54:52.0805 2832 lmhosts - ok
14:54:52.0836 2832 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:54:52.0836 2832 LSI_FC - ok
14:54:52.0852 2832 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:54:52.0868 2832 LSI_SAS - ok
14:54:52.0883 2832 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:54:52.0883 2832 LSI_SAS2 - ok
14:54:52.0899 2832 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:54:52.0899 2832 LSI_SCSI - ok
14:54:52.0930 2832 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:54:52.0930 2832 luafv - ok
14:54:52.0992 2832 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
14:54:52.0992 2832 MBAMSwissArmy - ok
14:54:52.0992 2832 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
14:54:53.0008 2832 megasas - ok
14:54:53.0039 2832 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:54:53.0039 2832 MegaSR - ok
14:54:53.0070 2832 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:54:53.0070 2832 MMCSS - ok
14:54:53.0086 2832 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:54:53.0086 2832 Modem - ok
14:54:53.0117 2832 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:54:53.0117 2832 monitor - ok
14:54:53.0133 2832 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:54:53.0133 2832 mouclass - ok
14:54:53.0164 2832 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\drivers\mouhid.sys
14:54:53.0164 2832 mouhid - ok
14:54:53.0180 2832 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:54:53.0180 2832 mountmgr - ok
14:54:53.0226 2832 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:54:53.0226 2832 MozillaMaintenance - ok
14:54:53.0258 2832 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:54:53.0258 2832 MpFilter - ok
14:54:53.0273 2832 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:54:53.0289 2832 mpio - ok
14:54:53.0382 2832 [ A69630D039C38018689190234F866D77 ] MpKsl56f321bb c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{505CF3E5-608D-403D-8A9E-563915C1C961}\MpKsl56f321bb.sys
14:54:53.0382 2832 MpKsl56f321bb - ok
14:54:53.0414 2832 [ 2C3489660D4A8D514C123C3F0D67DF46 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
14:54:53.0429 2832 MpNWMon - ok
14:54:53.0445 2832 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:54:53.0445 2832 mpsdrv - ok
14:54:53.0476 2832 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:54:53.0492 2832 MpsSvc - ok
14:54:53.0523 2832 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:54:53.0523 2832 MRxDAV - ok
14:54:53.0554 2832 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:54:53.0554 2832 mrxsmb - ok
14:54:53.0570 2832 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:54:53.0570 2832 mrxsmb10 - ok
14:54:53.0585 2832 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:54:53.0585 2832 mrxsmb20 - ok
14:54:53.0616 2832 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:54:53.0616 2832 msahci - ok
14:54:53.0632 2832 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:54:53.0632 2832 msdsm - ok
14:54:53.0648 2832 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:54:53.0648 2832 MSDTC - ok
14:54:53.0663 2832 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:54:53.0663 2832 Msfs - ok
14:54:53.0679 2832 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:54:53.0679 2832 mshidkmdf - ok
14:54:53.0694 2832 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:54:53.0694 2832 msisadrv - ok
14:54:53.0710 2832 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:54:53.0710 2832 MSiSCSI - ok
14:54:53.0710 2832 msiserver - ok
14:54:53.0741 2832 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:54:53.0741 2832 MSKSSRV - ok
14:54:53.0788 2832 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
14:54:53.0788 2832 MsMpSvc - ok
14:54:53.0804 2832 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:54:53.0804 2832 MSPCLOCK - ok
14:54:53.0804 2832 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:54:53.0804 2832 MSPQM - ok
14:54:53.0835 2832 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:54:53.0835 2832 MsRPC - ok
14:54:53.0850 2832 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:54:53.0850 2832 mssmbios - ok
14:54:53.0866 2832 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:54:53.0866 2832 MSTEE - ok
14:54:53.0866 2832 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:54:53.0866 2832 MTConfig - ok
14:54:53.0897 2832 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:54:53.0897 2832 Mup - ok
14:54:53.0913 2832 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
14:54:53.0928 2832 napagent - ok
14:54:53.0960 2832 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:54:53.0960 2832 NativeWifiP - ok
14:54:54.0006 2832 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:54:54.0022 2832 NDIS - ok
14:54:54.0038 2832 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:54:54.0038 2832 NdisCap - ok
14:54:54.0053 2832 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:54:54.0053 2832 NdisTapi - ok
14:54:54.0069 2832 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:54:54.0069 2832 Ndisuio - ok
14:54:54.0084 2832 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:54:54.0084 2832 NdisWan - ok
14:54:54.0100 2832 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:54:54.0100 2832 NDProxy - ok
14:54:54.0100 2832 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:54:54.0100 2832 NetBIOS - ok
14:54:54.0131 2832 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:54:54.0131 2832 NetBT - ok
14:54:54.0131 2832 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
14:54:54.0131 2832 Netlogon - ok
14:54:54.0178 2832 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:54:54.0178 2832 Netman - ok
14:54:54.0194 2832 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:54:54.0209 2832 netprofm - ok
14:54:54.0225 2832 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:54:54.0225 2832 NetTcpPortSharing - ok
14:54:54.0256 2832 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:54:54.0272 2832 nfrd960 - ok
14:54:54.0303 2832 [ 7B01C6172CFD0B10116175E09200D4B4 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:54:54.0303 2832 NisDrv - ok
14:54:54.0334 2832 [ A5CB074F34BBD89948E34A630D459C0C ] NisSrv c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
14:54:54.0334 2832 NisSrv - ok
14:54:54.0365 2832 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:54:54.0365 2832 NlaSvc - ok
14:54:54.0396 2832 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:54:54.0396 2832 Npfs - ok
14:54:54.0412 2832 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:54:54.0412 2832 nsi - ok
14:54:54.0428 2832 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:54:54.0428 2832 nsiproxy - ok
14:54:54.0490 2832 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:54:54.0521 2832 Ntfs - ok
14:54:54.0537 2832 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:54:54.0537 2832 Null - ok
14:54:54.0771 2832 [ 2BC8BC626C672E3868FA168E46ACCB25 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:54:54.0974 2832 nvlddmkm - ok
14:54:55.0005 2832 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:54:55.0020 2832 nvraid - ok
14:54:55.0052 2832 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:54:55.0052 2832 nvstor - ok
14:54:55.0098 2832 [ B86740E5CF3B221327DE7341FFF3D71E ] nvsvc C:\Windows\system32\nvvsvc.exe
14:54:55.0114 2832 nvsvc - ok
14:54:55.0130 2832 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:54:55.0130 2832 nv_agp - ok
14:54:55.0161 2832 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:54:55.0161 2832 ohci1394 - ok
14:54:55.0192 2832 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:54:55.0192 2832 p2pimsvc - ok
14:54:55.0223 2832 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:54:55.0223 2832 p2psvc - ok
14:54:55.0239 2832 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:54:55.0239 2832 Parport - ok
14:54:55.0270 2832 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:54:55.0270 2832 partmgr - ok
14:54:55.0286 2832 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:54:55.0286 2832 Parvdm - ok
14:54:55.0301 2832 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:54:55.0301 2832 PcaSvc - ok
14:54:55.0317 2832 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
14:54:55.0317 2832 pci - ok
14:54:55.0332 2832 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
14:54:55.0332 2832 pciide - ok
14:54:55.0348 2832 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:54:55.0348 2832 pcmcia - ok
14:54:55.0364 2832 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:54:55.0364 2832 pcw - ok
14:54:55.0395 2832 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:54:55.0410 2832 PEAUTH - ok
14:54:55.0442 2832 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:54:55.0457 2832 PeerDistSvc - ok
14:54:55.0520 2832 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
14:54:55.0551 2832 pla - ok
14:54:55.0582 2832 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:54:55.0582 2832 PlugPlay - ok
14:54:55.0613 2832 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:54:55.0613 2832 PNRPAutoReg - ok
14:54:55.0629 2832 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:54:55.0629 2832 PNRPsvc - ok
14:54:55.0660 2832 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:54:55.0660 2832 PolicyAgent - ok
14:54:55.0691 2832 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
14:54:55.0707 2832 Power - ok
14:54:55.0738 2832 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:54:55.0738 2832 PptpMiniport - ok
14:54:55.0754 2832 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
14:54:55.0754 2832 Processor - ok
14:54:55.0785 2832 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
14:54:55.0785 2832 ProfSvc - ok
14:54:55.0800 2832 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:54:55.0800 2832 ProtectedStorage - ok
14:54:55.0832 2832 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:54:55.0832 2832 Psched - ok
14:54:55.0878 2832 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:54:55.0910 2832 ql2300 - ok
14:54:55.0925 2832 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:54:55.0925 2832 ql40xx - ok
14:54:55.0941 2832 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:54:55.0956 2832 QWAVE - ok
14:54:55.0972 2832 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:54:55.0972 2832 QWAVEdrv - ok
14:54:55.0988 2832 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:54:55.0988 2832 RasAcd - ok
14:54:56.0003 2832 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:54:56.0003 2832 RasAgileVpn - ok
14:54:56.0019 2832 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:54:56.0019 2832 RasAuto - ok
14:54:56.0034 2832 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:54:56.0034 2832 Rasl2tp - ok
14:54:56.0066 2832 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
14:54:56.0081 2832 RasMan - ok
14:54:56.0097 2832 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:54:56.0112 2832 RasPppoe - ok
14:54:56.0128 2832 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:54:56.0128 2832 RasSstp - ok
14:54:56.0144 2832 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:54:56.0159 2832 rdbss - ok
14:54:56.0175 2832 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:54:56.0175 2832 rdpbus - ok
14:54:56.0175 2832 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:54:56.0175 2832 RDPCDD - ok
14:54:56.0206 2832 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:54:56.0206 2832 RDPDR - ok
14:54:56.0222 2832 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:54:56.0222 2832 RDPENCDD - ok
14:54:56.0237 2832 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:54:56.0237 2832 RDPREFMP - ok
14:54:56.0268 2832 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:54:56.0268 2832 RDPWD - ok
14:54:56.0300 2832 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:54:56.0300 2832 rdyboost - ok
14:54:56.0315 2832 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:54:56.0331 2832 RemoteAccess - ok
14:54:56.0346 2832 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:54:56.0346 2832 RemoteRegistry - ok
14:54:56.0378 2832 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:54:56.0378 2832 RpcEptMapper - ok
14:54:56.0378 2832 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:54:56.0378 2832 RpcLocator - ok
14:54:56.0409 2832 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
14:54:56.0409 2832 RpcSs - ok
14:54:56.0456 2832 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:54:56.0456 2832 rspndr - ok
14:54:56.0487 2832 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:54:56.0487 2832 s3cap - ok
14:54:56.0502 2832 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
14:54:56.0502 2832 SamSs - ok
14:54:56.0534 2832 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:54:56.0534 2832 sbp2port - ok
14:54:56.0565 2832 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:54:56.0580 2832 SCardSvr - ok
14:54:56.0596 2832 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:54:56.0612 2832 scfilter - ok
14:54:56.0643 2832 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
14:54:56.0643 2832 Schedule - ok
14:54:56.0674 2832 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:54:56.0674 2832 SCPolicySvc - ok
14:54:56.0674 2832 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:54:56.0690 2832 SDRSVC - ok
14:54:56.0690 2832 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:54:56.0690 2832 secdrv - ok
14:54:56.0705 2832 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:54:56.0721 2832 seclogon - ok
14:54:56.0736 2832 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:54:56.0752 2832 SENS - ok
14:54:56.0752 2832 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:54:56.0752 2832 SensrSvc - ok
14:54:56.0768 2832 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:54:56.0768 2832 Serenum - ok
14:54:56.0783 2832 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:54:56.0783 2832 Serial - ok
14:54:56.0783 2832 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:54:56.0783 2832 sermouse - ok
14:54:56.0830 2832 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
14:54:56.0830 2832 SessionEnv - ok
14:54:56.0830 2832 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:54:56.0830 2832 sffdisk - ok
14:54:56.0846 2832 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:54:56.0846 2832 sffp_mmc - ok
14:54:56.0877 2832 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:54:56.0877 2832 sffp_sd - ok
14:54:56.0877 2832 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:54:56.0877 2832 sfloppy - ok
14:54:56.0892 2832 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:54:56.0892 2832 SharedAccess - ok
14:54:56.0924 2832 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:54:56.0924 2832 ShellHWDetection - ok
14:54:56.0939 2832 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:54:56.0939 2832 sisagp - ok
14:54:56.0955 2832 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:54:56.0955 2832 SiSRaid2 - ok
14:54:56.0970 2832 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:54:56.0970 2832 SiSRaid4 - ok
14:54:56.0986 2832 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:54:56.0986 2832 Smb - ok
14:54:57.0017 2832 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:54:57.0017 2832 SNMPTRAP - ok
14:54:57.0033 2832 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:54:57.0033 2832 spldr - ok
14:54:57.0064 2832 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
14:54:57.0064 2832 Spooler - ok
14:54:57.0142 2832 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
14:54:57.0204 2832 sppsvc - ok
14:54:57.0220 2832 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:54:57.0236 2832 sppuinotify - ok
14:54:57.0251 2832 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:54:57.0267 2832 srv - ok
14:54:57.0267 2832 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:54:57.0267 2832 srv2 - ok
14:54:57.0282 2832 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:54:57.0282 2832 srvnet - ok
14:54:57.0314 2832 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:54:57.0314 2832 SSDPSRV - ok
14:54:57.0329 2832 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:54:57.0345 2832 SstpSvc - ok
14:54:57.0360 2832 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:54:57.0360 2832 stexstor - ok
14:54:57.0407 2832 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
14:54:57.0423 2832 StiSvc - ok
14:54:57.0438 2832 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:54:57.0438 2832 storflt - ok
14:54:57.0454 2832 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
14:54:57.0454 2832 StorSvc - ok
14:54:57.0485 2832 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:54:57.0485 2832 storvsc - ok
14:54:57.0501 2832 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:54:57.0501 2832 swenum - ok
14:54:57.0516 2832 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:54:57.0516 2832 swprv - ok
14:54:57.0563 2832 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
14:54:57.0594 2832 SysMain - ok
14:54:57.0610 2832 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:54:57.0610 2832 TabletInputService - ok
14:54:57.0626 2832 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
14:54:57.0626 2832 TapiSrv - ok
14:54:57.0641 2832 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:54:57.0641 2832 TBS - ok
14:54:57.0688 2832 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:54:57.0719 2832 Tcpip - ok
14:54:57.0766 2832 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:54:57.0766 2832 TCPIP6 - ok
14:54:57.0797 2832 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:54:57.0797 2832 tcpipreg - ok
14:54:57.0813 2832 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:54:57.0813 2832 TDPIPE - ok
14:54:57.0844 2832 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:54:57.0844 2832 TDTCP - ok
14:54:57.0860 2832 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:54:57.0860 2832 tdx - ok
14:54:57.0875 2832 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:54:57.0875 2832 TermDD - ok
14:54:57.0906 2832 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
14:54:57.0906 2832 TermService - ok
14:54:57.0922 2832 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:54:57.0922 2832 Themes - ok
14:54:57.0938 2832 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:54:57.0938 2832 THREADORDER - ok
14:54:57.0969 2832 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:54:57.0969 2832 TrkWks - ok
14:54:58.0016 2832 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:54:58.0031 2832 TrustedInstaller - ok
14:54:58.0047 2832 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:54:58.0047 2832 tssecsrv - ok
14:54:58.0062 2832 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:54:58.0062 2832 TsUsbFlt - ok
14:54:58.0078 2832 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:54:58.0078 2832 TsUsbGD - ok
14:54:58.0109 2832 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:54:58.0109 2832 tunnel - ok
14:54:58.0125 2832 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:54:58.0125 2832 uagp35 - ok
14:54:58.0140 2832 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:54:58.0156 2832 udfs - ok
14:54:58.0187 2832 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:54:58.0187 2832 UI0Detect - ok
14:54:58.0218 2832 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:54:58.0218 2832 uliagpkx - ok
14:54:58.0234 2832 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:54:58.0234 2832 umbus - ok
14:54:58.0250 2832 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
14:54:58.0250 2832 UmPass - ok
14:54:58.0265 2832 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
14:54:58.0281 2832 UmRdpService - ok
14:54:58.0296 2832 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:54:58.0296 2832 upnphost - ok
14:54:58.0328 2832 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
14:54:58.0328 2832 usbccgp - ok
14:54:58.0359 2832 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:54:58.0359 2832 usbcir - ok
14:54:58.0374 2832 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:54:58.0374 2832 usbehci - ok
14:54:58.0390 2832 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:54:58.0406 2832 usbhub - ok
14:54:58.0437 2832 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:54:58.0437 2832 usbohci - ok
14:54:58.0452 2832 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:54:58.0452 2832 usbprint - ok
14:54:58.0484 2832 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
14:54:58.0484 2832 USBSTOR - ok
14:54:58.0499 2832 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:54:58.0499 2832 usbuhci - ok
14:54:58.0515 2832 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:54:58.0515 2832 UxSms - ok
14:54:58.0530 2832 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
14:54:58.0530 2832 VaultSvc - ok
14:54:58.0562 2832 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:54:58.0562 2832 vdrvroot - ok
14:54:58.0577 2832 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
14:54:58.0593 2832 vds - ok
14:54:58.0608 2832 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:54:58.0608 2832 vga - ok
14:54:58.0624 2832 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:54:58.0624 2832 VgaSave - ok
14:54:58.0624 2832 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:54:58.0640 2832 vhdmp - ok
14:54:58.0671 2832 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:54:58.0671 2832 viaagp - ok
14:54:58.0671 2832 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:54:58.0671 2832 ViaC7 - ok
14:54:58.0702 2832 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
14:54:58.0702 2832 viaide - ok
14:54:58.0718 2832 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:54:58.0718 2832 vmbus - ok
14:54:58.0733 2832 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:54:58.0733 2832 VMBusHID - ok
14:54:58.0749 2832 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:54:58.0749 2832 volmgr - ok
14:54:58.0764 2832 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:54:58.0764 2832 volmgrx - ok
14:54:58.0780 2832 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:54:58.0780 2832 volsnap - ok
14:54:58.0811 2832 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:54:58.0811 2832 vsmraid - ok
14:54:58.0858 2832 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
14:54:58.0889 2832 VSS - ok
14:54:58.0889 2832 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:54:58.0889 2832 vwifibus - ok
14:54:58.0920 2832 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:54:58.0920 2832 W32Time - ok
14:54:58.0952 2832 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:54:58.0952 2832 WacomPen - ok
14:54:58.0983 2832 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:54:58.0983 2832 WANARP - ok
14:54:58.0983 2832 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:54:58.0983 2832 Wanarpv6 - ok
14:54:59.0045 2832 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:54:59.0076 2832 WatAdminSvc - ok
14:54:59.0123 2832 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
14:54:59.0154 2832 wbengine - ok
14:54:59.0170 2832 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:54:59.0170 2832 WbioSrvc - ok
14:54:59.0186 2832 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:54:59.0201 2832 wcncsvc - ok
14:54:59.0201 2832 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:54:59.0217 2832 WcsPlugInService - ok
14:54:59.0232 2832 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
14:54:59.0232 2832 Wd - ok
14:54:59.0248 2832 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:54:59.0248 2832 Wdf01000 - ok
14:54:59.0279 2832 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:54:59.0279 2832 WdiServiceHost - ok
14:54:59.0279 2832 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:54:59.0279 2832 WdiSystemHost - ok
14:54:59.0310 2832 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
14:54:59.0310 2832 WebClient - ok
14:54:59.0326 2832 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:54:59.0326 2832 Wecsvc - ok
14:54:59.0342 2832 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:54:59.0342 2832 wercplsupport - ok
14:54:59.0357 2832 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:54:59.0357 2832 WerSvc - ok
14:54:59.0388 2832 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:54:59.0388 2832 WfpLwf - ok
14:54:59.0404 2832 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:54:59.0404 2832 WIMMount - ok
14:54:59.0466 2832 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:54:59.0482 2832 WinDefend - ok
14:54:59.0482 2832 WinHttpAutoProxySvc - ok
14:54:59.0529 2832 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:54:59.0544 2832 Winmgmt - ok
14:54:59.0591 2832 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
14:54:59.0607 2832 WinRM - ok
14:54:59.0654 2832 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:54:59.0685 2832 Wlansvc - ok
14:54:59.0700 2832 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:54:59.0700 2832 WmiAcpi - ok
14:54:59.0716 2832 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:54:59.0732 2832 wmiApSrv - ok
14:54:59.0732 2832 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:54:59.0747 2832 WPCSvc - ok
14:54:59.0747 2832 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:54:59.0763 2832 WPDBusEnum - ok
14:54:59.0763 2832 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:54:59.0763 2832 ws2ifsl - ok
14:54:59.0778 2832 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:54:59.0778 2832 wscsvc - ok
14:54:59.0841 2832 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:54:59.0888 2832 wuauserv - ok
14:54:59.0903 2832 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:54:59.0903 2832 WudfPf - ok
14:54:59.0919 2832 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:54:59.0934 2832 wudfsvc - ok
14:54:59.0934 2832 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:54:59.0950 2832 WwanSvc - ok
14:54:59.0950 2832 ================ Scan global ===============================
14:54:59.0981 2832 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:55:00.0012 2832 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
14:55:00.0012 2832 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
14:55:00.0044 2832 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:55:00.0059 2832 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:55:00.0059 2832 [Global] - ok
14:55:00.0059 2832 ================ Scan MBR ==================================
14:55:00.0075 2832 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:55:00.0309 2832 \Device\Harddisk0\DR0 - ok
14:55:00.0309 2832 ================ Scan VBR ==================================
14:55:00.0340 2832 [ 6EA35419F204EEB1122CB90E15F90F6C ] \Device\Harddisk0\DR0\Partition1
14:55:00.0340 2832 \Device\Harddisk0\DR0\Partition1 - ok
14:55:00.0340 2832 ============================================================
14:55:00.0340 2832 Scan finished
14:55:00.0340 2832 ============================================================
14:55:00.0340 1444 Detected object count: 0
14:55:00.0340 1444 Actual detected object count: 0
14:56:15.0487 3248 Deinitialize success




AswMER Log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-26 14:56:49
-----------------------------
14:56:49.152 OS Version: Windows 6.1.7601 Service Pack 1
14:56:49.152 Number of processors: 2 586 0xF0B
14:56:49.152 ComputerName: COMPUTERONE UserName:
14:56:49.683 Initialize success
15:05:45.956 AVAST engine defs: 12102601
15:06:07.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:06:07.625 Disk 0 Vendor: ST380815AS 3.CHF Size: 76319MB BusType: 11
15:06:07.640 Disk 0 MBR read successfully
15:06:07.640 Disk 0 MBR scan
15:06:07.640 Disk 0 Windows 7 default MBR code
15:06:07.656 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 5000 MB offset 2048
15:06:07.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 71317 MB offset 10242048
15:06:07.750 Disk 0 scanning sectors +156299264
15:06:07.859 Disk 0 scanning C:\Windows\system32\drivers
15:06:19.668 Service scanning
15:06:31.555 Service MpKsl56f321bb c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{505CF3E5-608D-403D-8A9E-563915C1C961}\MpKsl56f321bb.sys **LOCKED** 32
15:06:31.664 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:06:50.088 Modules scanning
15:06:58.356 Disk 0 trace - called modules:
15:06:58.372 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
15:06:58.387 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8569a718]
15:06:58.387 3 CLASSPNP.SYS[88b9059e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x855c6030]
15:06:58.684 AVAST engine scan C:\Windows
15:06:59.901 AVAST engine scan C:\Windows\system32
15:09:53.716 AVAST engine scan C:\Windows\system32\drivers
15:10:09.332 AVAST engine scan C:\Users\David McMaster
15:10:49.159 AVAST engine scan C:\ProgramData
15:10:58.768 Scan finished successfully
15:11:18.346 Disk 0 MBR has been saved successfully to "C:\Users\David McMaster\Downloads\MBR.dat"
15:11:18.346 The log file has been saved successfully to "C:\Users\David McMaster\Downloads\aswMBR.txt"




ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3a799d927b4c8e4b8351b05443ebe9e8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-26 08:56:51
# local_time=2012-10-26 03:56:51 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 102827847 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=59751
# found=0
# cleaned=0
# scan_time=1954
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3a799d927b4c8e4b8351b05443ebe9e8
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-26 09:48:40
# local_time=2012-10-26 04:48:40 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5893 16776574 100 94 0 102830144 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=59748
# found=0
# cleaned=0
# scan_time=2767





dmcmaster@sbcglobal.net

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 AM

Posted 26 October 2012 - 06:03 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 dmcmaster

dmcmaster
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 27 October 2012 - 06:31 AM

Malwarebytes wouldn't install and when tried in safe mode wouldn't update due to a reported problem with the remote access manager. However, here are the rest of the logs for which you asked.



Mini Tool Box Log

MiniToolBox by Farbar Version: 23-07-2012
Ran by David McMaster (administrator) on 27-10-2012 at 06:00:46
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ComputerOne
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter Broadband Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadband Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 70.230.153.243(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 68.94.156.1
68.94.157.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-21-5A-61-3A-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1490:1cf1:6a0c:b759%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.183.89(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 234889562
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-F9-6D-FF-00-21-5A-61-3A-26
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{AFF2CF02-68FE-4015-9F1A-042DDA210128}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{66CC76D1-553A-4132-913D-E7F1FAC14DF1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:46e6:99f3::46e6:99f3(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 68.94.156.1
68.94.157.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: google.com
Addresses: 2001:4860:400a:800::1002
74.125.225.135
74.125.225.136
74.125.225.137
74.125.225.142
74.125.225.128
74.125.225.129
74.125.225.130
74.125.225.131
74.125.225.132
74.125.225.133
74.125.225.134


Pinging google.com [74.125.225.96] with 32 bytes of data:
Reply from 74.125.225.96: bytes=32 time=130ms TTL=55
Reply from 74.125.225.96: bytes=32 time=27ms TTL=55

Ping statistics for 74.125.225.96:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 27ms, Maximum = 130ms, Average = 78ms
Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=101ms TTL=52
Reply from 72.30.38.140: bytes=32 time=139ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 101ms, Maximum = 139ms, Average = 120ms
Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
20...........................Broadband Connection
11...00 21 5a 61 3a 26 ......Broadcom NetXtreme Gigabit Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 On-link 70.230.153.243 21
70.230.153.243 255.255.255.255 On-link 70.230.153.243 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
169.254.0.0 255.255.0.0 On-link 169.254.183.89 4501
169.254.183.89 255.255.255.255 On-link 169.254.183.89 4501
169.254.255.255 255.255.255.255 On-link 169.254.183.89 4501
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 169.254.183.89 4502
224.0.0.0 240.0.0.0 On-link 70.230.153.243 21
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 169.254.183.89 4501
255.255.255.255 255.255.255.255 On-link 70.230.153.243 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
13 1025 2002::/16 On-link
13 281 2002:46e6:99f3::46e6:99f3/128
On-link
11 276 fe80::/64 On-link
11 276 fe80::1490:1cf1:6a0c:b759/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/27/2012 05:59:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2012 05:41:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2012 00:30:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (10/25/2012 06:35:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (10/25/2012 04:59:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/25/2012 06:48:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: wtlibrary.exe, version: 2.4.0.3576, time stamp: 0x4ea58213
Faulting module name: wtlibrary.exe, version: 2.4.0.3576, time stamp: 0x4ea58213
Exception code: 0x40000015
Fault offset: 0x005b939a
Faulting process id: 0x5e0
Faulting application start time: 0xwtlibrary.exe0
Faulting application path: wtlibrary.exe1
Faulting module path: wtlibrary.exe2
Report Id: wtlibrary.exe3

Error: (10/25/2012 06:17:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2012 03:00:56 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (10/24/2012 02:57:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (10/24/2012 07:43:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/27/2012 05:55:19 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/27/2012 05:55:14 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/27/2012 05:55:10 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
MpFilter
spldr
Wanarpv6

Error: (10/26/2012 05:09:29 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.139.607.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/26/2012 05:03:46 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.139.607.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/26/2012 05:03:46 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.139.607.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/25/2012 04:58:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (10/25/2012 06:16:06 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (10/23/2012 05:46:05 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (10/22/2012 08:00:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842


Microsoft Office Sessions:
=========================
Error: (10/27/2012 05:59:26 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2012 05:41:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2012 00:30:11 AM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (10/25/2012 06:35:34 PM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (10/25/2012 04:59:48 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/25/2012 06:48:20 AM) (Source: Application Error)(User: )
Description: wtlibrary.exe2.4.0.35764ea58213wtlibrary.exe2.4.0.35764ea5821340000015005b939a5e001cdb2a69f7cd8caC:\Program Files\Watchtower\Watchtower Library 2011\E\wtlibrary.exeC:\Program Files\Watchtower\Watchtower Library 2011\E\wtlibrary.exedf00a483-1e99-11e2-b14d-00215a613a26

Error: (10/25/2012 06:17:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2012 03:00:56 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.

Error: (10/24/2012 02:57:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.

Error: (10/24/2012 07:43:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

7-Zip 9.22beta
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
BitLord 2.1 (Version: 2.1.1-91)
DVD Shrink 3.2
ESET Online Scanner v3
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 26 (Version: 6.0.260)
Major League Baseball 2K11 (Version: 1.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
NVIDIA Control Panel 305.93 (Version: 305.93)
NVIDIA Graphics Driver 305.93 (Version: 305.93)
NVIDIA Install Application (Version: 2.1002.82.513)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Watchtower Library 2011 - English (Version: 13.0)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 2047.37 MB
Available physical RAM: 1457.34 MB
Total Pagefile: 4094.74 MB
Available Pagefile: 3496.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.57 MB

========================= Partitions: =====================================

1 Drive c: (David) (Fixed) (Total:69.65 GB) (Free:43.59 GB) NTFS
2 Drive d: (Major League Baseball 2K11) (CDROM) (Total:4.79 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\COMPUTERONE

Administrator David McMaster Guest

========================= Restore Points ==================================

22-10-2012 13:20:22 Installed SpyHunter
22-10-2012 23:18:30 Removed SpyHunter
24-10-2012 19:57:32 Windows Update
24-10-2012 20:00:56 Windows Modules Installer

**** End of log ****



FSS Log

Farbar Service Scanner Version: 27-10-2012
Ran by David McMaster (administrator) on 27-10-2012 at 06:02:53
Running from "C:\Users\David McMaster\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
WAN connected
Attempt to access Google IP returned error: Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-30 15:46] - [2012-08-22 12:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 07:15] - [2012-06-01 23:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



Adware Cleaner Log

# AdwCleaner v2.005 - Logfile created 10/27/2012 at 06:04:58
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : David McMaster - COMPUTERONE
# Boot Mode : Normal
# Running from : C:\Users\David McMaster\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\OApps

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default-1351092988466 [Profil par défaut]
File : C:\Users\David McMaster\AppData\Roaming\Mozilla\Firefox\Profiles\fk3x1fju.default-1351092988466\prefs.js

C:\Users\David McMaster\AppData\Roaming\Mozilla\Firefox\Profiles\fk3x1fju.default-1351092988466\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2121 octets] - [27/10/2012 06:04:58]

########## EOF - C:\AdwCleaner[S1].txt - [2181 octets] ##########




Junkware Removal Tool Log

Junkware Removal Tool (JRT) by Thisisu
Version: 2.2.1 (10.26.2012)
OS: Windows 7 Professional x86
Ran by David McMaster on Sat 10/27/2012 at 6:11:22.75
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\appid\{186e19a3-b909-4f48-b687-bb81eb8bc7ce}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{f90a5a0d-cd98-49cc-9aa7-9cd11c7478bf}



*** Files:

Successfully deleted: [FILE] "C:\Windows\system32\roboot.exe"



*** Folders:

Successfully deleted: [FOLDER] "C:\ProgramData\speedmaxpc"
Successfully deleted: [FOLDER] "C:\ProgramData\speedypc software"
Successfully deleted: [FOLDER] "C:\Users\David McMaster\AppData\Roaming\speedypc software"



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Sat 10/27/2012 at 6:14:58.53
End of Report



dmcmaster@sbcglobal.net

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 AM

Posted 27 October 2012 - 07:00 AM

Malwarebytes wouldn't install and when tried in safe mode wouldn't update due to a reported problem with the remote access manager. However, here are the rest of the logs for which you asked.


what is exact error you receive?

Did you download malwarebytes from the link i gave?

Do not try to update from SAFEMODE.Boot into safemode with networking and try updating.

#7 dmcmaster

dmcmaster
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 27 October 2012 - 12:47 PM

what is exact error you receive?

Did you download malwarebytes from the link i gave?

Do not try to update from SAFEMODE.Boot into safemode with networking and try updating.




I receive this error "cannot load the remote access connection manager service.
Error 711. The operation could not finish because it could not start the remote access connection
manager in time. Please try the connection again."

I downloaded malwarebytes from the link which you gave me.

I booted into safemode with networking, installed malwarebytes while still in safemode with networking, tried to update it still in safemode with networking and received the error listed above.



dmcmaster@sbcglobal.net

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 AM

Posted 28 October 2012 - 03:55 AM

Boot into normal mode

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 dmcmaster

dmcmaster
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 October 2012 - 06:45 AM

Here is the rkill log, however the autoruns log is impossible to save because the program shuts down before I can save it.

Rkill Log

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/28/2012 06:16:16 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WMPNetworkSvc [Missing Service]
* WSearch [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/28/2012 06:17:11 AM
Execution time: 0 hours(s), 0 minute(s), and 55 seconds(s)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 AM

Posted 28 October 2012 - 07:10 AM

Follow the instructions given here

http://superuser.com/questions/390593/creating-a-vpn-connection-in-windows-7-shows-unavailable-device-missing

Let me know if any of those fixes worked.

#11 dmcmaster

dmcmaster
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 October 2012 - 04:37 PM

I was able to get the autorun scan saved, but I'll have to attach it and send it to you because it doesn't stay open long enough for me to be able to cut and paste it on one of these posts. The instructions didn't seem to change anything. Starting the remote access mamager manually completely escaped me, so I went to the second method and the remote access manager was still missing when I went to safemode with networking to upgrade MAMB. Incidentally, can a person attach anything to one of these posts? If so, how?



dmcmaster@sbcglobal.net

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 AM

Posted 28 October 2012 - 06:50 PM

I was able to get the autorun scan saved, but I'll have to attach it and send it to you because it doesn't stay open long enough for me


Isn't that a text file? Does it close automatically?

Launch Farbar service scanner and type

RasMan;RasAuto

in Search BOX and click on EXPORT SERVICE

Post the generated log

#13 dmcmaster

dmcmaster
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 October 2012 - 07:35 PM

I was able to generate a log but not without some trouble. The search box again wanted to shut down pretty quickly, but I was able to cut and paste what you told me to type in the search box before it closed and then hit the export service box and I was able to get the following:


FSS Log

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan]
"DisplayName"="@%Systemroot%\\system32\\rasmans.dll,-200"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%Systemroot%\\system32\\rasmans.dll,-201"
"ObjectName"="localSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020
"DependOnService"=hex(7):54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,53,00,\
73,00,74,00,70,00,53,00,76,00,63,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,\
00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,\
00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,\
4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,\
6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,\
00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,\
69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,61,00,73,00,6d,00,61,00,6e,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"Medias"=hex(7):72,00,61,00,73,00,74,00,61,00,70,00,69,00,00,00,00,00
"CustomDLL"=hex(7):00,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"AllowL2TPWeakCrypto"=dword:00000000
"AllowPPTPWeakCrypto"=dword:00000000
"KeepRasConnections"=dword:00000000
"AllocatedLuids"=hex:02,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP]
"MaxConfigure"=dword:0000000a
"MaxFailure"=dword:0000000a
"MaxReject"=dword:00000005
"MaxTerminate"=dword:00000002
"Multilink"=dword:00000000
"NegotiateTime"=dword:00000096
"RestartTimer"=dword:00000003

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\ControlProtocols]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\ControlProtocols\BuiltIn]
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\
61,00,73,00,70,00,70,00,70,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\ControlProtocols\Chap]
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\
61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\EAP]
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\
61,00,73,00,70,00,70,00,70,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\EAP\13]
@="Microsoft"
"FriendlyName"="@%SystemRoot%\\system32\\rastls.dll,-2001"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\
61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"ConfigCLSID"="{58AB2366-D597-11d1-B90E-00C04FC9B263}"
"ConfigUiPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"IdentityPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"InteractiveUIPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"InvokePasswordDialog"=dword:00000000
"InvokeUsernameDialog"=dword:00000000
"MPPEEncryptionSupported"=dword:00000001
"NoRootRevocationCheck"=dword:00000001
"PerPolicyConfig"=dword:00000001
"Properties"=dword:1328d8af
"RolesSupported"=dword:00000003
"StandaloneSupported"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\EAP\25]
@="Microsoft"
"FriendlyName"="@%SystemRoot%\\system32\\rastls.dll,-2002"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\
61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"ConfigCLSID"="{58AB2366-D597-11d1-B90E-00C04FC9B263}"
"ConfigUiPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"IdentityPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"InteractiveUIPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"InvokePasswordDialog"=dword:00000000
"InvokeUsernameDialog"=dword:00000000
"MPPEEncryptionSupported"=dword:00000001
"NoRootRevocationCheck"=dword:00000001
"PerPolicyConfig"=dword:00000001
"Properties"=dword:173ef8bf
"RolesSupported"=dword:00000023
"StandaloneSupported"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\PPP\EAP\26]
@="Microsoft"
"FriendlyName"="@%SystemRoot%\\system32\\raschap.dll,-2002"
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\
61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,00
"ConfigCLSID"="{2af6bcaa-f526-4803-aeb8-5777ce386647}"
"ConfigUiPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,00
"IdentityPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,00
"InteractiveUIPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,72,00,61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
00
"InvokePasswordDialog"=dword:00000000
"InvokeUsernameDialog"=dword:00000000
"MPPEEncryptionSupported"=dword:00000001
"PerPolicyConfig"=dword:00000001
"Properties"=dword:032c406e
"RolesSupported"=dword:00000017
"StandaloneSupported"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasMan\Security]
"Security"=hex:01,00,04,80,48,00,00,00,54,00,00,00,00,00,00,00,14,00,00,00,02,\
00,34,00,02,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,0b,00,\
00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasAuto]
"DisplayName"="@%Systemroot%\\system32\\rasauto.dll,-200"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%Systemroot%\\system32\\rasauto.dll,-201"
"ObjectName"="localSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,54,00,61,00,\
70,00,69,00,53,00,72,00,76,00,00,00,52,00,61,00,73,00,41,00,63,00,64,00,00,\
00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,\
00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\
73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,\
00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,\
4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,\
6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,\
00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,\
69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasAuto\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,61,00,73,00,61,00,75,00,74,00,6f,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RasAuto\Security]
"Security"=hex:01,00,04,80,5c,00,00,00,68,00,00,00,00,00,00,00,14,00,00,00,02,\
00,48,00,03,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,\
00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


dmcmaster@sbcglobal.net

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 AM

Posted 28 October 2012 - 07:47 PM

Starting the remote access mamager manually completely escaped me, so I went to the second method and the remote access manager was still missing when I went to safemode with networking to upgrade MAMB.


Can you explain?

Are you missing remote access manager in services?

What happens when you try to start it.

#15 dmcmaster

dmcmaster
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 October 2012 - 09:23 PM

Exactly how would I start the remote access manager manually? I went to windows features in the control panel and found something called RAS Connection Manager Administration Kit (CMAK) and found it unchecked. Is this what you mean? If not, please explain.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users