Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hit with Malware, Can't update Windows!!


  • This topic is locked This topic is locked
20 replies to this topic

#1 richcon1983

richcon1983

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 08 January 2014 - 01:43 PM

Hey all,

 

Thanks for taking the time to look at my post. I was hit with some pretty bad malware a couple months ago. I did some online scans and removed alot of it for the most part I believe. However, I still can't update Windows for some reason. Maybe there is some residual malware still lurking about. Thanks again, here are my logs.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26
Run by Contreras at 10:35:07 on 2014-01-08
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2036.769 [GMT -8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Panasonic\MFStation\KmPcFax.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ups.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Amazon Cloud Drive] c:\users\contreras\appdata\local\amazon\cloud drive\AmazonCloudDrive.exe
uRun: [HP Photosmart 7520 series (NET)] "c:\program files\hp\hp photosmart 7520 series\bin\ScanToPCActivationApp.exe" -deviceID "CN2CB3B0V405XX:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [Panasonic Device Manager for Multi-Function Station software] c:\program files\panasonic\mfstation\PCCMFSDM.exe
mRun: [Panasonic PCFAX for Multi-Function Station software] c:\program files\panasonic\mfstation\KmPcFax.exe -1
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [Panasonic Device Monitor Wakeup] c:\program files\panasonic\device monitor\dmwakeup.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVSetupPending] c:\windows\temp\avsetup_520284c2\SetupPending.exe
StartupFolder: c:\users\contre~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\contre~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
Trusted Zone: chase.com
Trusted Zone: dogdaycare.com
Trusted Zone: wellsfargo.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://gis.pima.gov/mapguide/viewer/ver65/mgaxctrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} - hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP12-14923/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.5.1
TCP: Interfaces\{EDC25846-AE7D-47C3-ACFC-7CA3F662CA4F} : DHCPNameServer = 192.168.5.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\contreras\appdata\roaming\mozilla\firefox\profiles\b53skuln.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\pdflite\npPdfViewer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-19 398184]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~1\panaso~1\localcom\lmsrvnt.exe [2011-6-16 49152]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-29 21104]
R3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TsUSB2.sys [2013-4-30 54016]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2011-7-21 254720]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2011-7-21 398720]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\temp\avsetup_520284c2\avupgsvc.exe" /tempstart:""c:\windows\temp\avsetup_520284c2\setup.exe" /notempcleanup /crossupgrade" --> c:\windows\temp\avsetup_520284c2\avupgsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-29 682344]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-25 30192]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
.
=============== File Associations ===============
.
FileExt: .chm: PDFlite.Document="c:\program files\pdflite\pdflite.exe" "%1"
.
=============== Created Last 30 ================
.
2013-12-31 00:13:55    --------    d-----w-    c:\users\contreras\appdata\local\IsolatedStorage
2013-12-31 00:09:21    --------    d-----w-    c:\program files\TurboTax
2013-12-30 22:33:04    --------    d-----w-    c:\users\contreras\appdata\local\Adobe
2013-12-13 18:14:31    --------    d-----w-    c:\users\contreras\appdata\roaming\PDFlite
2013-12-13 18:12:14    --------    d-----w-    c:\users\contreras\appdata\roaming\FileAssociationManager
2013-12-13 18:12:14    --------    d-----w-    c:\program files\FileAssociationManager
.
==================== Find3M  ====================
.
2013-12-13 18:23:47    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-13 18:23:47    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 10:36:10.65 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 13 January 2014 - 10:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

This process is shown as running on your DDS log.

mRun: [AVSetupPending] c:\windows\temp\avsetup_520284c2\SetupPending.exe

Did you complete the installation of Avira?
===

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Wait for further instructions.

#3 richcon1983

richcon1983
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 13 January 2014 - 01:42 PM

Hi Nasdaq,

 

Thanks for taking the time to reply. I believe I uninstalled Avira a while ago because of the ads that kept popping up for it. Here is my Farbar log.

 

 

Farbar Service Scanner Version: 08-01-2014
Ran by Contreras (administrator) on 13-01-2014 at 10:39:16
Running from "C:\Users\Contreras\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 14 January 2014 - 09:41 AM

Nothing obvious was found.

Let continue.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#5 richcon1983

richcon1983
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 14 January 2014 - 11:46 AM

ComboFix 14-01-13.01 - Contreras 01/14/2014   8:26.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2036.887 [GMT -8:00]
Running from: c:\users\Contreras\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Contreras\AppData\Local\assembly\tmp
c:\users\Contreras\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-14 to 2014-01-14  )))))))))))))))))))))))))))))))
.
.
2014-01-14 16:37 . 2014-01-14 16:37    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-01-14 16:37 . 2014-01-14 16:37    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-11 19:39 . 2014-01-13 21:20    --------    d-----w-    c:\users\Contreras\AppData\Roaming\Personal Finance Software
2014-01-11 19:38 . 2014-01-11 19:38    --------    d-----w-    c:\program files\Dave Ramsey's Financial Peace Financial Software 5.4
2013-12-31 00:13 . 2013-12-31 00:13    --------    d-----w-    c:\users\Contreras\AppData\Local\IsolatedStorage
2013-12-31 00:09 . 2013-12-31 00:09    --------    d-----w-    c:\program files\TurboTax
2013-12-30 22:33 . 2013-12-30 22:33    --------    d-----w-    c:\users\Contreras\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-08 18:49 . 2012-03-30 17:11    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-08 18:49 . 2011-05-20 18:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-07 05:37 . 2013-12-26 16:39    929792    ----a-w-    c:\program files\mozilla firefox\plugins\buicap32.dll
2010-08-07 05:38 . 2013-12-26 16:39    57344    ----a-w-    c:\program files\mozilla firefox\plugins\EpsStmApiWrapper.dll
2010-08-07 05:37 . 2013-12-26 16:39    30208    ----a-w-    c:\program files\mozilla firefox\plugins\lfbmp13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    401920    ----a-w-    c:\program files\mozilla firefox\plugins\lfcmp13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    73216    ----a-w-    c:\program files\mozilla firefox\plugins\lffax13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    47104    ----a-w-    c:\program files\mozilla firefox\plugins\lfgif13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    270848    ----a-w-    c:\program files\mozilla firefox\plugins\LFJ2K13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    90112    ----a-w-    c:\program files\mozilla firefox\plugins\lfjbg13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    31744    ----a-w-    c:\program files\mozilla firefox\plugins\lflmb13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    26112    ----a-w-    c:\program files\mozilla firefox\plugins\lfpcx13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    181248    ----a-w-    c:\program files\mozilla firefox\plugins\lfpng13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    129536    ----a-w-    c:\program files\mozilla firefox\plugins\lftif13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    268288    ----a-w-    c:\program files\mozilla firefox\plugins\LTDIS13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    1402368    ----a-w-    c:\program files\mozilla firefox\plugins\ltdlg13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    966144    ----a-w-    c:\program files\mozilla firefox\plugins\ltdlgres13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    206848    ----a-w-    c:\program files\mozilla firefox\plugins\ltefx13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    142336    ----a-w-    c:\program files\mozilla firefox\plugins\ltfil13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    448000    ----a-w-    c:\program files\mozilla firefox\plugins\ltimg13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    444928    ----a-w-    c:\program files\mozilla firefox\plugins\ltkrn13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    35328    ----a-w-    c:\program files\mozilla firefox\plugins\LTTWN13n.DLL
2010-08-07 05:37 . 2013-12-26 16:39    655872    ----a-w-    c:\program files\mozilla firefox\plugins\msvcr90.dll
2010-08-07 05:37 . 2013-12-26 16:39    1167872    ----a-w-    c:\program files\mozilla firefox\plugins\SierraScannerSDK.dll
2010-08-07 05:37 . 2013-12-26 16:39    772096    ----a-w-    c:\program files\mozilla firefox\plugins\Ts2Dll.dll
2010-08-07 05:37 . 2013-12-26 16:39    385024    ----a-w-    c:\program files\mozilla firefox\plugins\ts4dll.dll
2010-07-02 05:05 . 2013-12-26 16:39    119808    ----a-w-    c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Contreras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Contreras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Contreras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Contreras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 17093512]
"Amazon Cloud Drive"="c:\users\Contreras\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-11-12 646528]
"HP Photosmart 7520 series (NET)"="c:\program files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-02 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-10-08 2643320]
"Panasonic Device Manager for Multi-Function Station software"="c:\program files\Panasonic\MFStation\PCCMFSDM.exe" [2010-04-12 139264]
"Panasonic PCFAX for Multi-Function Station software"="c:\program files\Panasonic\MFStation\KmPcFax.exe" [2010-05-19 765952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2010-09-10 143360]
"Panasonic Device Monitor Wakeup"="c:\program files\Panasonic\Device Monitor\dmwakeup.exe" [2010-01-09 413696]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-02-16 298616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
.
c:\users\Contreras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 7520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2CB3B0V405XX;CONNECTION=NW;MONITOR=1; [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-11-9 6186872]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-5-17 1157448]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE -silent [2013-5-17 1179464]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-25 15:02    10536    ----a-w-    c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2324036839-2533619613-836406636-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
getPlusHelper    REG_MULTI_SZ       getPlusHelper
nosGetPlusHelper    REG_MULTI_SZ       nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 03:53    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:49]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 17:09]
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 17:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ups.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: chase.com
Trusted Zone: dogdaycare.com
Trusted Zone: wellsfargo.com
TCP: DhcpNameServer = 192.168.5.1
DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} - hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab
FF - ProfilePath - c:\users\Contreras\AppData\Roaming\Mozilla\Firefox\Profiles\b53skuln.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\users\Contreras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-14 08:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
.
c:\users\Contreras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk 1172 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-01-14  08:40:04
ComboFix-quarantined-files.txt  2014-01-14 16:40
.
Pre-Run: 210,779,729,920 bytes free
Post-Run: 212,325,777,408 bytes free
.
- - End Of File - - 13A6E1E07B7E2D0F0671CDC8C8440372
5C616939100B85E558DA92B899A0FC36
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 14 January 2014 - 01:50 PM

Open notepad and copy/paste the text in the quote box below into it:
 
Driver::
AviraUpgradeService

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Restart the computer normally.

Try the Miscrosoft Updates.
If still a problem please run this tool.

MiniToolBox
http://www.spywareinfoforum.com/index.php?/topic/131884-minitoolbox-by-farbar/page__p__766332&#entry766332


Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Please post the logs.

Let me know what problem persists.

#7 richcon1983

richcon1983
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 16 January 2014 - 11:07 AM

Hi Nasdaq,

 

I'm still not able to update Windows. I'm getting the error code 80096001 when I try.

 

Here's my logs:

 

 

ComboFix 14-01-14.02 - Contreras 01/14/2014  14:12:47.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2036.1130 [GMT -8:00]
Running from: c:\users\Contreras\Desktop\ComboFix.exe
Command switches used :: c:\users\Contreras\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AviraUpgradeService
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-14 to 2014-01-14  )))))))))))))))))))))))))))))))
.
.
2014-01-14 22:24 . 2014-01-14 22:24    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-01-14 22:24 . 2014-01-14 22:24    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-11 19:39 . 2014-01-13 21:20    --------    d-----w-    c:\users\Contreras\AppData\Roaming\Personal Finance Software
2014-01-11 19:38 . 2014-01-11 19:38    --------    d-----w-    c:\program files\Dave Ramsey's Financial Peace Financial Software 5.4
2013-12-31 00:13 . 2013-12-31 00:13    --------    d-----w-    c:\users\Contreras\AppData\Local\IsolatedStorage
2013-12-31 00:09 . 2013-12-31 00:09    --------    d-----w-    c:\program files\TurboTax
2013-12-30 22:33 . 2013-12-30 22:33    --------    d-----w-    c:\users\Contreras\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-08 18:49 . 2012-03-30 17:11    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-08 18:49 . 2011-05-20 18:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-07 05:37 . 2013-12-26 16:39    929792    ----a-w-    c:\program files\mozilla firefox\plugins\buicap32.dll
2010-08-07 05:38 . 2013-12-26 16:39    57344    ----a-w-    c:\program files\mozilla firefox\plugins\EpsStmApiWrapper.dll
2010-08-07 05:37 . 2013-12-26 16:39    30208    ----a-w-    c:\program files\mozilla firefox\plugins\lfbmp13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    401920    ----a-w-    c:\program files\mozilla firefox\plugins\lfcmp13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    73216    ----a-w-    c:\program files\mozilla firefox\plugins\lffax13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    47104    ----a-w-    c:\program files\mozilla firefox\plugins\lfgif13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    270848    ----a-w-    c:\program files\mozilla firefox\plugins\LFJ2K13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    90112    ----a-w-    c:\program files\mozilla firefox\plugins\lfjbg13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    31744    ----a-w-    c:\program files\mozilla firefox\plugins\lflmb13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    26112    ----a-w-    c:\program files\mozilla firefox\plugins\lfpcx13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    181248    ----a-w-    c:\program files\mozilla firefox\plugins\lfpng13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    129536    ----a-w-    c:\program files\mozilla firefox\plugins\lftif13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    268288    ----a-w-    c:\program files\mozilla firefox\plugins\LTDIS13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    1402368    ----a-w-    c:\program files\mozilla firefox\plugins\ltdlg13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    966144    ----a-w-    c:\program files\mozilla firefox\plugins\ltdlgres13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    206848    ----a-w-    c:\program files\mozilla firefox\plugins\ltefx13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    142336    ----a-w-    c:\program files\mozilla firefox\plugins\ltfil13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    448000    ----a-w-    c:\program files\mozilla firefox\plugins\ltimg13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    444928    ----a-w-    c:\program files\mozilla firefox\plugins\ltkrn13n.dll
2010-08-07 05:37 . 2013-12-26 16:39    35328    ----a-w-    c:\program files\mozilla firefox\plugins\LTTWN13n.DLL
2010-08-07 05:37 . 2013-12-26 16:39    655872    ----a-w-    c:\program files\mozilla firefox\plugins\msvcr90.dll
2010-08-07 05:37 . 2013-12-26 16:39    1167872    ----a-w-    c:\program files\mozilla firefox\plugins\SierraScannerSDK.dll
2010-08-07 05:37 . 2013-12-26 16:39    772096    ----a-w-    c:\program files\mozilla firefox\plugins\Ts2Dll.dll
2010-08-07 05:37 . 2013-12-26 16:39    385024    ----a-w-    c:\program files\mozilla firefox\plugins\ts4dll.dll
2010-07-02 05:05 . 2013-12-26 16:39    119808    ----a-w-    c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Contreras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Contreras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Contreras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\Contreras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 17093512]
"Amazon Cloud Drive"="c:\users\Contreras\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-11-12 646528]
"HP Photosmart 7520 series (NET)"="c:\program files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-02 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-10-08 2643320]
"Panasonic Device Manager for Multi-Function Station software"="c:\program files\Panasonic\MFStation\PCCMFSDM.exe" [2010-04-12 139264]
"Panasonic PCFAX for Multi-Function Station software"="c:\program files\Panasonic\MFStation\KmPcFax.exe" [2010-05-19 765952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2010-09-10 143360]
"Panasonic Device Monitor Wakeup"="c:\program files\Panasonic\Device Monitor\dmwakeup.exe" [2010-01-09 413696]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-02-16 298616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
.
c:\users\Contreras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 7520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2CB3B0V405XX;CONNECTION=NW;MONITOR=1; [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-11-9 6186872]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-5-17 1157448]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE -silent [2013-5-17 1179464]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-5-13 1058088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-25 15:02    10536    ----a-w-    c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2324036839-2533619613-836406636-1000]
"EnableNotificationsRef"=dword:00000002
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
getPlusHelper    REG_MULTI_SZ       getPlusHelper
nosGetPlusHelper    REG_MULTI_SZ       nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 03:53    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:49]
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 17:09]
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 17:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ups.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: chase.com
Trusted Zone: dogdaycare.com
Trusted Zone: wellsfargo.com
TCP: DhcpNameServer = 192.168.5.1
DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} - hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab
FF - ProfilePath - c:\users\Contreras\AppData\Roaming\Mozilla\Firefox\Profiles\b53skuln.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-14 14:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1156)
c:\users\Contreras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\msiexec.exe
c:\progra~1\PANASO~1\LocalCom\lmsrvnt.exe
c:\progra~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intuit\QuickBooks 2011\QBW32.EXE
c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe
c:\windows\system32\RunDll32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\program files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-01-14  14:33:37 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-14 22:33
.
Pre-Run: 212,689,387,520 bytes free
Post-Run: 212,410,568,704 bytes free
.
- - End Of File - - 0E95D4539AA0CF5DF9071CBB42609DCB
5C616939100B85E558DA92B899A0FC36

 

 

 

 

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Contreras (administrator) on 16-01-2014 at 07:58:48
Running from "C:\Users\Contreras\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2014 07:47:31 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (01/16/2014 07:47:31 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_21; ;DBF=C:\Users\Contreras\Documents\Contreras Religious Art\Quickbooks 2011\Contreras Religious Art.qbw;ENG=QB_data_engine_21;DBN=5e5c3c06733442fea62ac3fb245e9d52

Error: (01/16/2014 07:47:31 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection Error:Invalid user ID or password

Error: (01/15/2014 08:35:08 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (01/15/2014 08:35:08 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_21; ;DBF=C:\Users\Contreras\Documents\Contreras Religious Art\Quickbooks 2011\Contreras Religious Art.qbw;ENG=QB_data_engine_21;DBN=45a6c318225143d9ab05e7ec614765b0

Error: (01/15/2014 08:35:08 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection Error:Invalid user ID or password

Error: (01/14/2014 02:43:04 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (01/14/2014 02:43:04 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_21; ;DBF=C:\Users\Contreras\Documents\Contreras Religious Art\Quickbooks 2011\Contreras Religious Art.qbw;ENG=QB_data_engine_21;DBN=b586377a9d954a82b0a26cfba2d65e2c

Error: (01/14/2014 02:43:04 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2011":
Connection Error:Invalid user ID or password

Error: (01/14/2014 02:42:17 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (01/14/2014 02:24:23 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/14/2014 02:24:16 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/14/2014 02:19:01 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/14/2014 02:11:45 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/14/2014 02:10:36 PM) (Source: Service Control Manager) (User: )
Description: Panasonic Trap Monitor Service1

Error: (01/14/2014 09:00:33 AM) (Source: Service Control Manager) (User: )
Description: Avira Upgrade Service%%3

Error: (01/14/2014 08:37:33 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/14/2014 08:32:03 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/14/2014 08:26:01 AM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (01/14/2014 08:23:24 AM) (Source: Service Control Manager) (User: )
Description: Panasonic Trap Monitor Service1


Microsoft Office Sessions:
=========================
Error: (01/16/2014 07:47:31 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2011DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (01/16/2014 07:47:31 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2011Connection String:CON=QBConnectionPool-Probe-QB_data_engine_21; ;DBF=C:\Users\Contreras\Documents\Contreras Religious Art\Quickbooks 2011\Contreras Religious Art.qbw;ENG=QB_data_engine_21;DBN=5e5c3c06733442fea62ac3fb245e9d52

Error: (01/16/2014 07:47:31 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2011Connection Error:Invalid user ID or password

Error: (01/15/2014 08:35:08 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2011DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (01/15/2014 08:35:08 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2011Connection String:CON=QBConnectionPool-Probe-QB_data_engine_21; ;DBF=C:\Users\Contreras\Documents\Contreras Religious Art\Quickbooks 2011\Contreras Religious Art.qbw;ENG=QB_data_engine_21;DBN=45a6c318225143d9ab05e7ec614765b0

Error: (01/15/2014 08:35:08 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2011Connection Error:Invalid user ID or password

Error: (01/14/2014 02:43:04 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2011DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'

Error: (01/14/2014 02:43:04 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2011Connection String:CON=QBConnectionPool-Probe-QB_data_engine_21; ;DBF=C:\Users\Contreras\Documents\Contreras Religious Art\Quickbooks 2011\Contreras Religious Art.qbw;ENG=QB_data_engine_21;DBN=b586377a9d954a82b0a26cfba2d65e2c

Error: (01/14/2014 02:43:04 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2011Connection Error:Invalid user ID or password

Error: (01/14/2014 02:42:17 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle


CodeIntegrity Errors:
===================================
  Date: 2013-02-21 18:12:52.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-21 18:12:51.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-21 18:12:51.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-21 18:12:50.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-21 18:12:50.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-21 18:12:49.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-21 18:12:42.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-21 18:12:41.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-21 18:12:41.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-02-21 18:12:40.649
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.


**** End of log ****


 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 16 January 2014 - 11:27 AM


Try this fix.

Automatically reset Windows Update components
http://support.microsoft.com/kb/971058

Use the Windows Vista XP fix.

Restart the computer normally.

How is it now?

#9 richcon1983

richcon1983
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 16 January 2014 - 01:40 PM

I ran the fix but nothing's changed. I'm still not able to update Windows.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 17 January 2014 - 08:44 AM

Reset your Winsock.


Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point

Restart the computer normally.

The suggested fix.

1. Click on Start button.
2. Type Cmd in the Start Search text box.
3. Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
4. Type netsh int ip reset in the Command Prompt shell, and then press the Enter key.
5. Restart the computer.

The command will remove all user configured settings on and return it to original default state by rewriting pertinent registry keys that are used by the Internet Protocol (TCP/IP) stack to achieve the same result as the removal and the reinstallation of the protocol.
===

How is it now?

#11 richcon1983

richcon1983
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 17 January 2014 - 11:47 AM

Man this is frustrating. I reset my Winsock as you instructed, rebooted the computer and tried to update. I'm still getting the same error code 80096001.

Do my logs look clean? Is there anything else that would be restricting me from updating? Thanks for the help.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 18 January 2014 - 10:09 AM

Lets check deeper.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#13 richcon1983

richcon1983
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 20 January 2014 - 06:45 PM

I ran a full scan with the Avast standalone program. It took over 6 hours but it finally finished. It found these two files which said they were suspicious:
 
C:\Windows\Prefetch\AgG1FgAppHistory.db
 
C:\Windows\Prefetch\AgRobust.db
 
 
Here are my logs:
 
15:46:28.0862 0x0c54  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
15:46:34.0501 0x0c54  ============================================================
15:46:34.0501 0x0c54  Current date / time: 2014/01/18 15:46:34.0501
15:46:34.0501 0x0c54  SystemInfo:
15:46:34.0501 0x0c54  
15:46:34.0501 0x0c54  OS Version: 6.0.6002 ServicePack: 2.0
15:46:34.0501 0x0c54  Product type: Workstation
15:46:34.0502 0x0c54  ComputerName: OFFICE-PC
15:46:34.0502 0x0c54  UserName: Contreras
15:46:34.0502 0x0c54  Windows directory: C:\Windows
15:46:34.0502 0x0c54  System windows directory: C:\Windows
15:46:34.0502 0x0c54  Processor architecture: Intel x86
15:46:34.0502 0x0c54  Number of processors: 2
15:46:34.0502 0x0c54  Page size: 0x1000
15:46:34.0502 0x0c54  Boot type: Normal boot
15:46:34.0502 0x0c54  ============================================================
15:46:36.0498 0x0c54  KLMD registered as C:\Windows\system32\drivers\31877095.sys
15:46:36.0530 0x0c54  System UUID: {65802506-339C-0E8E-1247-624983D5979B}
15:46:36.0956 0x0c54  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:46:37.0035 0x0c54  ============================================================
15:46:37.0035 0x0c54  \Device\Harddisk0\DR0:
15:46:37.0035 0x0c54  MBR partitions:
15:46:37.0035 0x0c54  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
15:46:37.0035 0x0c54  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0x24016000
15:46:37.0035 0x0c54  ============================================================
15:46:37.0077 0x0c54  C: <-> \Device\Harddisk0\DR0\Partition2
15:46:37.0111 0x0c54  D: <-> \Device\Harddisk0\DR0\Partition1
15:46:37.0154 0x0c54  ============================================================
15:46:37.0155 0x0c54  Initialize success
15:46:37.0155 0x0c54  ============================================================
15:50:06.0302 0x11c0  ============================================================
15:50:06.0302 0x11c0  Scan started
15:50:06.0302 0x11c0  Mode: Manual; SigCheck; TDLFS;
15:50:06.0302 0x11c0  ============================================================
15:50:06.0302 0x11c0  KSN ping started
15:50:11.0575 0x11c0  KSN ping finished: true
15:50:13.0259 0x11c0  ================ Scan system memory ========================
15:50:13.0259 0x11c0  System memory - ok
15:50:13.0259 0x11c0  ================ Scan services =============================
15:50:14.0320 0x11c0  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:50:14.0476 0x11c0  ACPI - ok
15:50:14.0632 0x11c0  [ F3463E6967C3C396921551C0CDC633C1, 6B34A5A878CBA647C9C6D89155B7120C99FA58421F9950DFB069728913CE55B3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:50:14.0757 0x11c0  Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
15:50:19.0624 0x11c0  Detect skipped due to KSN trusted
15:50:19.0624 0x11c0  Adobe LM Service - ok
15:50:19.0796 0x11c0  [ 3927397AC60D943DAF8808AFFED582B7, 2688254085C219E8CA9C5494ABDAD8FAE52533CEF7FA3C152715E0B78D591BCF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:50:19.0843 0x11c0  AdobeARMservice - ok
15:50:19.0999 0x11c0  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:50:20.0061 0x11c0  AdobeFlashPlayerUpdateSvc - ok
15:50:20.0139 0x11c0  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:50:20.0186 0x11c0  adp94xx - ok
15:50:20.0217 0x11c0  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:50:20.0248 0x11c0  adpahci - ok
15:50:20.0264 0x11c0  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:50:20.0279 0x11c0  adpu160m - ok
15:50:20.0295 0x11c0  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:50:20.0311 0x11c0  adpu320 - ok
15:50:20.0357 0x11c0  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:50:20.0420 0x11c0  AeLookupSvc - ok
15:50:20.0482 0x11c0  [ 330A1E4DF07C2E29949ED8631CD8828E, 139127405B2D635B0252FF8D7308D671546F20B051C93C50A9013E7AB9D54835 ] AERTFilters     C:\Windows\system32\AERTSrv.exe
15:50:20.0545 0x11c0  AERTFilters - ok
15:50:20.0607 0x11c0  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
15:50:20.0732 0x11c0  AFD - ok
15:50:20.0779 0x11c0  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:50:20.0779 0x11c0  agp440 - ok
15:50:20.0810 0x11c0  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:50:20.0825 0x11c0  aic78xx - ok
15:50:20.0841 0x11c0  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
15:50:20.0888 0x11c0  ALG - ok
15:50:20.0903 0x11c0  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
15:50:20.0919 0x11c0  aliide - ok
15:50:20.0935 0x11c0  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:50:20.0950 0x11c0  amdagp - ok
15:50:20.0997 0x11c0  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
15:50:20.0997 0x11c0  amdide - ok
15:50:21.0075 0x11c0  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:50:21.0184 0x11c0  AmdK7 - ok
15:50:21.0215 0x11c0  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:50:21.0309 0x11c0  AmdK8 - ok
15:50:21.0325 0x11c0  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
15:50:21.0387 0x11c0  Appinfo - ok
15:50:21.0434 0x11c0  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
15:50:21.0449 0x11c0  arc - ok
15:50:21.0481 0x11c0  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:50:21.0496 0x11c0  arcsas - ok
15:50:21.0605 0x11c0  [ 40C145F12FF461A0220303BDA134F598, 27623BE626417151F62200127B8C68F35FB78D21E4D14B69E2B20F81C5D84C61 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:50:21.0637 0x11c0  aspnet_state - ok
15:50:21.0683 0x11c0  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:50:21.0715 0x11c0  AsyncMac - ok
15:50:21.0761 0x11c0  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
15:50:21.0761 0x11c0  atapi - ok
15:50:21.0949 0x11c0  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:50:22.0042 0x11c0  AudioEndpointBuilder - ok
15:50:22.0058 0x11c0  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:50:22.0089 0x11c0  Audiosrv - ok
15:50:22.0136 0x11c0  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:50:22.0183 0x11c0  Beep - ok
15:50:22.0276 0x11c0  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
15:50:22.0354 0x11c0  BFE - ok
15:50:22.0448 0x11c0  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
15:50:22.0651 0x11c0  BITS - ok
15:50:22.0682 0x11c0  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:50:22.0697 0x11c0  blbdrive - ok
15:50:22.0729 0x11c0  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:50:22.0807 0x11c0  bowser - ok
15:50:22.0853 0x11c0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:50:22.0885 0x11c0  BrFiltLo - ok
15:50:22.0900 0x11c0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:50:22.0931 0x11c0  BrFiltUp - ok
15:50:22.0963 0x11c0  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
15:50:23.0009 0x11c0  Browser - ok
15:50:23.0041 0x11c0  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:50:23.0181 0x11c0  Brserid - ok
15:50:23.0212 0x11c0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:50:23.0275 0x11c0  BrSerWdm - ok
15:50:23.0306 0x11c0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:50:23.0353 0x11c0  BrUsbMdm - ok
15:50:23.0384 0x11c0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:50:23.0477 0x11c0  BrUsbSer - ok
15:50:23.0509 0x11c0  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:50:23.0571 0x11c0  BTHMODEM - ok
15:50:23.0649 0x11c0  [ 248DFA5762DDE38DFDDBBD44149E9D7A, D696D5698B7B5B331A6ED39172015349685450D10F63B1E4D4112199198FA5C7 ] BVRPMPR5        C:\Windows\system32\drivers\BVRPMPR5.SYS
15:50:23.0711 0x11c0  BVRPMPR5 - detected UnsignedFile.Multi.Generic ( 1 )
15:50:28.0781 0x11c0  Detect skipped due to KSN trusted
15:50:28.0781 0x11c0  BVRPMPR5 - ok
15:50:28.0844 0x11c0  catchme - ok
15:50:28.0875 0x11c0  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:50:28.0906 0x11c0  cdfs - ok
15:50:28.0969 0x11c0  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:50:29.0000 0x11c0  cdrom - ok
15:50:29.0047 0x11c0  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
15:50:29.0078 0x11c0  CertPropSvc - ok
15:50:29.0109 0x11c0  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:50:29.0171 0x11c0  circlass - ok
15:50:29.0249 0x11c0  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
15:50:29.0296 0x11c0  CLFS - ok
15:50:29.0312 0x11c0  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:50:29.0327 0x11c0  clr_optimization_v2.0.50727_32 - ok
15:50:29.0468 0x11c0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:50:29.0499 0x11c0  clr_optimization_v4.0.30319_32 - ok
15:50:29.0530 0x11c0  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:50:29.0546 0x11c0  cmdide - ok
15:50:29.0561 0x11c0  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:50:29.0577 0x11c0  Compbatt - ok
15:50:29.0593 0x11c0  COMSysApp - ok
15:50:29.0717 0x11c0  [ D01F685F8B4598D144B0CCE9FF95D8D5, A68EF814CDBD7291DEF4745FE14D5080041BD3275AB12629C7811506AF2B8E17 ] cpudrv          C:\Program Files\SystemRequirementsLab\cpudrv.sys
15:50:29.0811 0x11c0  cpudrv - ok
15:50:29.0842 0x11c0  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:50:29.0858 0x11c0  crcdisk - ok
15:50:29.0889 0x11c0  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:50:29.0920 0x11c0  Crusoe - ok
15:50:29.0983 0x11c0  [ FB27772BEAF8E1D28CCD825C09DA939B, D074A314FB3E6B2248F2DB0A734B98A110F618804449E055B4178BF414826982 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:50:30.0029 0x11c0  CryptSvc - ok
15:50:30.0092 0x11c0  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:50:30.0170 0x11c0  DcomLaunch - ok
15:50:30.0217 0x11c0  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:50:30.0295 0x11c0  DfsC - ok
15:50:30.0451 0x11c0  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
15:50:30.0622 0x11c0  DFSR - ok
15:50:30.0669 0x11c0  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:50:30.0731 0x11c0  Dhcp - ok
15:50:30.0778 0x11c0  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
15:50:30.0794 0x11c0  disk - ok
15:50:30.0841 0x11c0  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:50:30.0934 0x11c0  Dnscache - ok
15:50:30.0981 0x11c0  [ 13511564CAC5A005255765E322C16967, BC4A5E7F975BC8C0E1746B13B3D9163C5E020AD458484424876B7F00EDC8ADEE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
15:50:30.0997 0x11c0  DockLoginService - ok
15:50:31.0043 0x11c0  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
15:50:31.0106 0x11c0  dot3svc - ok
15:50:31.0199 0x11c0  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
15:50:31.0262 0x11c0  DPS - ok
15:50:31.0309 0x11c0  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:50:31.0340 0x11c0  drmkaud - ok
15:50:31.0402 0x11c0  [ C68AC676B0EF30CFBB1080ADCE49EB1F, 62A808F2BB22507B66AE825315BBB655776AFEFD9E7DE33795DD308ACE87F0CD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:50:31.0480 0x11c0  DXGKrnl - ok
15:50:31.0527 0x11c0  [ 04944F4FC4F0477185F5D26AE0DDB90E, 2D67A90905871A26FA227AF0B31F7A0026E100E3253BF3B6791F593E56619F9E ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
15:50:31.0543 0x11c0  e1express - ok
15:50:31.0605 0x11c0  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:50:31.0652 0x11c0  E1G60 - ok
15:50:31.0683 0x11c0  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
15:50:31.0730 0x11c0  EapHost - ok
15:50:31.0777 0x11c0  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:50:31.0808 0x11c0  Ecache - ok
15:50:31.0870 0x11c0  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:50:31.0917 0x11c0  ehRecvr - ok
15:50:31.0933 0x11c0  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
15:50:32.0011 0x11c0  ehSched - ok
15:50:32.0011 0x11c0  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
15:50:32.0042 0x11c0  ehstart - ok
15:50:32.0104 0x11c0  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:50:32.0120 0x11c0  elxstor - ok
15:50:32.0182 0x11c0  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:50:32.0291 0x11c0  EMDMgmt - ok
15:50:32.0323 0x11c0  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:50:32.0369 0x11c0  ErrDev - ok
15:50:32.0447 0x11c0  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
15:50:32.0494 0x11c0  EventSystem - ok
15:50:32.0541 0x11c0  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:50:32.0572 0x11c0  exfat - ok
15:50:32.0619 0x11c0  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:50:32.0681 0x11c0  fastfat - ok
15:50:32.0728 0x11c0  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:50:32.0759 0x11c0  fdc - ok
15:50:32.0775 0x11c0  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
15:50:32.0791 0x11c0  fdPHost - ok
15:50:32.0806 0x11c0  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:50:32.0884 0x11c0  FDResPub - ok
15:50:32.0915 0x11c0  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:50:32.0931 0x11c0  FileInfo - ok
15:50:32.0947 0x11c0  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:50:32.0993 0x11c0  Filetrace - ok
15:50:33.0009 0x11c0  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:33.0040 0x11c0  flpydisk - ok
15:50:33.0087 0x11c0  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:50:33.0103 0x11c0  FltMgr - ok
15:50:33.0181 0x11c0  [ 8CE364388C8ECA59B14B539179276D44, AD37AD512412A1A0955218A3DA0D6FBE1E30F373153CAF5912EFC076D348FED8 ] FontCache       C:\Windows\system32\FntCache.dll
15:50:33.0321 0x11c0  FontCache - ok
15:50:33.0415 0x11c0  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:50:33.0430 0x11c0  FontCache3.0.0.0 - ok
15:50:33.0446 0x11c0  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:50:33.0477 0x11c0  Fs_Rec - ok
15:50:33.0508 0x11c0  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:50:33.0524 0x11c0  gagp30kx - ok
15:50:33.0602 0x11c0  [ 0879DC7444A201DF84E69C5DD5083D61, 04DA6A5BED342A7C6CBF52DF784C17AF8A53D73F179BF70A80B556F884BEC98B ] getPlusHelper   C:\Program Files\NOS\bin\getPlus_Helper.dll
15:50:33.0602 0x11c0  getPlusHelper - ok
15:50:33.0711 0x11c0  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:50:33.0727 0x11c0  GoogleDesktopManager-051210-111108 - ok
15:50:33.0773 0x11c0  [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist      C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
15:50:33.0789 0x11c0  GoToAssist - ok
15:50:33.0851 0x11c0  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
15:50:33.0929 0x11c0  gpsvc - ok
15:50:34.0054 0x11c0  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:50:34.0070 0x11c0  gupdate - ok
15:50:34.0085 0x11c0  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:50:34.0085 0x11c0  gupdatem - ok
15:50:34.0132 0x11c0  [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:50:34.0148 0x11c0  gusvc - ok
15:50:34.0226 0x11c0  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:50:34.0304 0x11c0  HDAudBus - ok
15:50:34.0319 0x11c0  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:50:34.0382 0x11c0  HidBth - ok
15:50:34.0413 0x11c0  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:50:34.0475 0x11c0  HidIr - ok
15:50:34.0522 0x11c0  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
15:50:34.0553 0x11c0  hidserv - ok
15:50:34.0569 0x11c0  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:50:34.0600 0x11c0  HidUsb - ok
15:50:34.0631 0x11c0  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:50:34.0663 0x11c0  hkmsvc - ok
15:50:34.0694 0x11c0  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:50:34.0709 0x11c0  HpCISSs - ok
15:50:34.0741 0x11c0  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:50:34.0850 0x11c0  HTTP - ok
15:50:34.0865 0x11c0  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:50:34.0881 0x11c0  i2omp - ok
15:50:34.0928 0x11c0  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:50:34.0959 0x11c0  i8042prt - ok
15:50:35.0084 0x11c0  [ 997E8F5939F2D12CD9F2E6B395724C16, C22F10BADE29DA6F7EB79D9F5D81D9FBEC17D4D4F8B25E0AF4E5CEAE28E8ABF6 ] iaStor          C:\Windows\system32\drivers\iastor.sys
15:50:35.0099 0x11c0  iaStor - ok
15:50:35.0131 0x11c0  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:50:35.0146 0x11c0  iaStorV - ok
15:50:35.0240 0x11c0  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:50:35.0349 0x11c0  idsvc - ok
15:50:35.0536 0x11c0  [ A9221D13D8F1F772010EE293BA9BAEB7, 9CA897E102D66D0E7F57F2F91B5365064A184870463B8702AE18F663A8EC30A8 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:50:35.0833 0x11c0  igfx - ok
15:50:35.0864 0x11c0  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:50:35.0879 0x11c0  iirsp - ok
15:50:36.0035 0x11c0  [ 9908D8A397B76CD8D31D0D383C5773C9, FFA6996BE9F11A81CB63C849C2400EB44A07706D1EEB7A3502D4110DAC3684A2 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:50:36.0129 0x11c0  IKEEXT - ok
15:50:36.0223 0x11c0  [ F8F53C5449F15B23D4C61D51D2701DA8, BDAE41E3A5798FA11E979DAE84EB5F21D9C271196A757429ED1DACD732822CF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:50:36.0379 0x11c0  IntcAzAudAddService - ok
15:50:36.0425 0x11c0  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:50:36.0441 0x11c0  intelide - ok
15:50:36.0566 0x11c0  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:50:36.0644 0x11c0  intelppm - ok
15:50:36.0815 0x11c0  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:50:36.0862 0x11c0  IntuitUpdateServiceV4 - ok
15:50:36.0893 0x11c0  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:50:36.0925 0x11c0  IPBusEnum - ok
15:50:36.0956 0x11c0  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:50:36.0987 0x11c0  IpFilterDriver - ok
15:50:37.0065 0x11c0  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:50:37.0143 0x11c0  iphlpsvc - ok
15:50:37.0159 0x11c0  IpInIp - ok
15:50:37.0174 0x11c0  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:50:37.0190 0x11c0  IPMIDRV - ok
15:50:37.0221 0x11c0  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:50:37.0237 0x11c0  IPNAT - ok
15:50:37.0252 0x11c0  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:50:37.0283 0x11c0  IRENUM - ok
15:50:37.0315 0x11c0  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:50:37.0346 0x11c0  isapnp - ok
15:50:37.0393 0x11c0  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:50:37.0408 0x11c0  iScsiPrt - ok
15:50:37.0424 0x11c0  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:50:37.0439 0x11c0  iteatapi - ok
15:50:37.0455 0x11c0  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:50:37.0471 0x11c0  iteraid - ok
15:50:37.0486 0x11c0  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:50:37.0502 0x11c0  kbdclass - ok
15:50:37.0549 0x11c0  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:50:37.0580 0x11c0  kbdhid - ok
15:50:37.0611 0x11c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
15:50:37.0689 0x11c0  KeyIso - ok
15:50:37.0736 0x11c0  [ 2B2F1638466E8CB091400C9019CC730E, 7E0861EBA191779743F930D63C8F4FA1ABC56C04BBCBD76B6B8A5A8E9EB310A7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:50:37.0783 0x11c0  KSecDD - ok
15:50:37.0845 0x11c0  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:50:37.0923 0x11c0  KtmRm - ok
15:50:37.0970 0x11c0  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:50:38.0032 0x11c0  LanmanServer - ok
15:50:38.0095 0x11c0  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:50:38.0141 0x11c0  LanmanWorkstation - ok
15:50:38.0656 0x11c0  [ 3C17225800828DA4FD8F86984D44E7FE, 53DDE8BEB77B2D96090C773BE4A6A4412A46E7C3B082E88FE0DC2C3742A10019 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
15:50:39.0046 0x11c0  LeapFrog Connect Device Service - ok
15:50:39.0093 0x11c0  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:50:39.0124 0x11c0  lltdio - ok
15:50:39.0155 0x11c0  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:50:39.0202 0x11c0  lltdsvc - ok
15:50:39.0233 0x11c0  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:50:39.0265 0x11c0  lmhosts - ok
15:50:39.0296 0x11c0  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:50:39.0311 0x11c0  LSI_FC - ok
15:50:39.0327 0x11c0  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:50:39.0327 0x11c0  LSI_SAS - ok
15:50:39.0343 0x11c0  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:50:39.0358 0x11c0  LSI_SCSI - ok
15:50:39.0389 0x11c0  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:50:39.0421 0x11c0  luafv - ok
15:50:39.0467 0x11c0  [ 629CABB0421668C9D3D402A3C3D77E14, 967DB88807D389A6993224B4B625D40F1EC17F5EE21E38DA6771D97E53E694EA ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:50:39.0483 0x11c0  MBAMProtector - detected UnsignedFile.Multi.Generic ( 1 )
15:50:44.0491 0x11c0  Detect skipped due to KSN trusted
15:50:44.0491 0x11c0  MBAMProtector - ok
15:50:44.0600 0x11c0  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF, 807934D61E9A6C8302C934DCC3901A80A7068C9BC8EB4FAE24A32D97CB1DF963 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:50:44.0631 0x11c0  MBAMScheduler - detected UnsignedFile.Multi.Generic ( 1 )
15:50:49.0639 0x11c0  Detect skipped due to KSN trusted
15:50:49.0639 0x11c0  MBAMScheduler - ok
15:50:49.0717 0x11c0  [ 916B8954AC3E06DC9E898AFFB41F3FB6, 8AD3D605F1681D743C7ACDB7CA4A1299F86B96959A7609A803A5823B30A21E82 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:50:49.0810 0x11c0  MBAMService - detected UnsignedFile.Multi.Generic ( 1 )
15:50:54.0818 0x11c0  Detect skipped due to KSN trusted
15:50:54.0818 0x11c0  MBAMService - ok
15:50:54.0958 0x11c0  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:50:55.0036 0x11c0  Mcx2Svc - ok
15:50:55.0067 0x11c0  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
15:50:55.0083 0x11c0  megasas - ok
15:50:55.0130 0x11c0  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
15:50:55.0192 0x11c0  MegaSR - ok
15:50:55.0208 0x11c0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
15:50:55.0223 0x11c0  MMCSS - ok
15:50:55.0255 0x11c0  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
15:50:55.0317 0x11c0  Modem - ok
15:50:55.0333 0x11c0  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:50:55.0348 0x11c0  monitor - ok
15:50:55.0379 0x11c0  motandroidusb - ok
15:50:55.0411 0x11c0  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:50:55.0426 0x11c0  mouclass - ok
15:50:55.0426 0x11c0  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:50:55.0473 0x11c0  mouhid - ok
15:50:55.0489 0x11c0  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:50:55.0489 0x11c0  MountMgr - ok
15:50:55.0551 0x11c0  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:50:55.0567 0x11c0  MozillaMaintenance - ok
15:50:55.0613 0x11c0  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:50:55.0629 0x11c0  mpio - ok
15:50:55.0645 0x11c0  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:50:55.0676 0x11c0  mpsdrv - ok
15:50:55.0769 0x11c0  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:50:55.0816 0x11c0  MpsSvc - ok
15:50:55.0863 0x11c0  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:50:55.0894 0x11c0  Mraid35x - ok
15:50:55.0957 0x11c0  [ 80B2EC735495823AE5771A5F603E73BD, 431F3AE1919B5A46450C2AA0C89241B1FF470AFA92CB022BB6C1D6D2B22002D0 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:50:55.0972 0x11c0  MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
15:51:01.0073 0x11c0  Detect skipped due to KSN trusted
15:51:01.0073 0x11c0  MREMP50 - ok
15:51:01.0089 0x11c0  MREMP50a64 - ok
15:51:01.0120 0x11c0  [ 37D7C22F7E26DA90E2D2D260E5D27846, 3806234AA25FB4C89A7E442C287A2AA84BB8E70B6F2577A9EE9E46E902E6AA49 ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:51:01.0136 0x11c0  MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
15:51:06.0003 0x11c0  Detect skipped due to KSN trusted
15:51:06.0003 0x11c0  MRESP50 - ok
15:51:06.0003 0x11c0  MRESP50a64 - ok
15:51:06.0097 0x11c0  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:51:06.0175 0x11c0  MRxDAV - ok
15:51:06.0221 0x11c0  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:51:06.0284 0x11c0  mrxsmb - ok
15:51:06.0331 0x11c0  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:51:06.0393 0x11c0  mrxsmb10 - ok
15:51:06.0409 0x11c0  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:51:06.0440 0x11c0  mrxsmb20 - ok
15:51:06.0471 0x11c0  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:51:06.0471 0x11c0  msahci - ok
15:51:06.0502 0x11c0  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:51:06.0518 0x11c0  msdsm - ok
15:51:06.0549 0x11c0  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
15:51:06.0596 0x11c0  MSDTC - ok
15:51:06.0627 0x11c0  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:51:06.0658 0x11c0  Msfs - ok
15:51:06.0705 0x11c0  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:51:06.0721 0x11c0  msisadrv - ok
15:51:06.0736 0x11c0  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:51:06.0767 0x11c0  MSiSCSI - ok
15:51:06.0767 0x11c0  msiserver - ok
15:51:06.0830 0x11c0  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:51:06.0861 0x11c0  MSKSSRV - ok
15:51:06.0877 0x11c0  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:51:06.0923 0x11c0  MSPCLOCK - ok
15:51:06.0939 0x11c0  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:51:06.0986 0x11c0  MSPQM - ok
15:51:07.0064 0x11c0  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:51:07.0079 0x11c0  MsRPC - ok
15:51:07.0111 0x11c0  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:51:07.0126 0x11c0  mssmbios - ok
15:51:07.0157 0x11c0  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:51:07.0189 0x11c0  MSTEE - ok
15:51:07.0235 0x11c0  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:51:07.0267 0x11c0  Mup - ok
15:51:07.0345 0x11c0  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
15:51:07.0407 0x11c0  napagent - ok
15:51:07.0501 0x11c0  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:51:07.0594 0x11c0  NativeWifiP - ok
15:51:07.0813 0x11c0  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:51:07.0844 0x11c0  NDIS - ok
15:51:07.0891 0x11c0  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:51:07.0906 0x11c0  NdisTapi - ok
15:51:07.0922 0x11c0  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:51:07.0937 0x11c0  Ndisuio - ok
15:51:07.0969 0x11c0  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:51:08.0031 0x11c0  NdisWan - ok
15:51:08.0047 0x11c0  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:51:08.0062 0x11c0  NDProxy - ok
15:51:08.0078 0x11c0  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:51:08.0109 0x11c0  NetBIOS - ok
15:51:08.0203 0x11c0  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:51:08.0249 0x11c0  netbt - ok
15:51:08.0281 0x11c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
15:51:08.0281 0x11c0  Netlogon - ok
15:51:08.0483 0x11c0  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
15:51:08.0530 0x11c0  Netman - ok
15:51:08.0561 0x11c0  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
15:51:08.0639 0x11c0  netprofm - ok
15:51:08.0686 0x11c0  [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:51:08.0733 0x11c0  NetTcpPortSharing - ok
15:51:08.0749 0x11c0  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:51:08.0764 0x11c0  nfrd960 - ok
15:51:08.0795 0x11c0  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:51:08.0827 0x11c0  NlaSvc - ok
15:51:08.0873 0x11c0  [ 0E58F99692802C501454EAC3D2AC3394, 73EBA4A9DFE710E9695350F11C1A72045983DD5AD073136147D1CBC663B80530 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
15:51:08.0889 0x11c0  nosGetPlusHelper - ok
15:51:08.0936 0x11c0  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:51:08.0998 0x11c0  Npfs - ok
15:51:09.0014 0x11c0  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
15:51:09.0045 0x11c0  nsi - ok
15:51:09.0061 0x11c0  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:51:09.0107 0x11c0  nsiproxy - ok
15:51:09.0326 0x11c0  [ 6A4A98CEE84CF9E99564510DDA4BAA47, 18C3D8C0F12761D3B7FC43D9413CF4C4CEBF8CA9BEC521381F40D241B35EA779 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:51:09.0388 0x11c0  Ntfs - ok
15:51:09.0419 0x11c0  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:51:09.0482 0x11c0  ntrigdigi - ok
15:51:09.0513 0x11c0  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
15:51:09.0529 0x11c0  Null - ok
15:51:09.0560 0x11c0  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:51:09.0575 0x11c0  nvraid - ok
15:51:09.0607 0x11c0  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:51:09.0638 0x11c0  nvstor - ok
15:51:09.0653 0x11c0  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:51:09.0669 0x11c0  nv_agp - ok
15:51:09.0685 0x11c0  NwlnkFlt - ok
15:51:09.0685 0x11c0  NwlnkFwd - ok
15:51:09.0716 0x11c0  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:51:09.0778 0x11c0  ohci1394 - ok
15:51:09.0856 0x11c0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:09.0872 0x11c0  ose - ok
15:51:11.0213 0x11c0  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:51:11.0432 0x11c0  osppsvc - ok
15:51:11.0510 0x11c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:51:11.0603 0x11c0  p2pimsvc - ok
15:51:11.0619 0x11c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:51:11.0666 0x11c0  p2psvc - ok
15:51:11.0744 0x11c0  [ A6645E6CC84D55A783EA5F2F58B9B523, 3FA1B21BC96ECF441964E78AE29B05C61541864BCCB2B2850B24AB4996BDEF60 ] Panasonic Local Printer Service C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
15:51:11.0759 0x11c0  Panasonic Local Printer Service - detected UnsignedFile.Multi.Generic ( 1 )
15:51:16.0689 0x11c0  Detect skipped due to KSN trusted
15:51:16.0689 0x11c0  Panasonic Local Printer Service - ok
15:51:16.0736 0x11c0  [ FB38D6A1D8B586AAECE581FE4B80D938, AB84DF709EF404D05CF33D8BBE4DF291BFFFF3A45CEA875BFD53C9DCB72575FF ] Panasonic Trap Monitor Service C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
15:51:16.0751 0x11c0  Panasonic Trap Monitor Service - detected UnsignedFile.Multi.Generic ( 1 )
15:51:21.0837 0x11c0  Detect skipped due to KSN trusted
15:51:21.0837 0x11c0  Panasonic Trap Monitor Service - ok
15:51:21.0884 0x11c0  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
15:51:21.0931 0x11c0  Parport - ok
15:51:21.0977 0x11c0  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:51:21.0977 0x11c0  partmgr - ok
15:51:21.0993 0x11c0  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:51:22.0040 0x11c0  Parvdm - ok
15:51:22.0071 0x11c0  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:51:22.0118 0x11c0  PcaSvc - ok
15:51:22.0165 0x11c0  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
15:51:22.0180 0x11c0  pci - ok
15:51:22.0196 0x11c0  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
15:51:22.0211 0x11c0  pciide - ok
15:51:22.0227 0x11c0  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:51:22.0243 0x11c0  pcmcia - ok
15:51:22.0305 0x11c0  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:51:22.0399 0x11c0  PEAUTH - ok
15:51:22.0477 0x11c0  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
15:51:22.0617 0x11c0  pla - ok
15:51:22.0664 0x11c0  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:51:22.0711 0x11c0  PlugPlay - ok
15:51:22.0742 0x11c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:51:22.0773 0x11c0  PNRPAutoReg - ok
15:51:22.0820 0x11c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:51:22.0851 0x11c0  PNRPsvc - ok
15:51:22.0945 0x11c0  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:51:23.0069 0x11c0  PolicyAgent - ok
15:51:23.0101 0x11c0  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:51:23.0132 0x11c0  PptpMiniport - ok
15:51:23.0147 0x11c0  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
15:51:23.0179 0x11c0  Processor - ok
15:51:23.0225 0x11c0  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
15:51:23.0257 0x11c0  ProfSvc - ok
15:51:23.0272 0x11c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
15:51:23.0272 0x11c0  ProtectedStorage - ok
15:51:23.0319 0x11c0  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:51:23.0350 0x11c0  PSched - ok
15:51:23.0413 0x11c0  [ 03E0FE281823BA64B3782F5B38950E73, D47E5536AD28D02B7D784846CFB2F4FD96187BFD64FC07BACDE9DC7B75D1D2E2 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
15:51:23.0413 0x11c0  PxHelp20 - ok
15:51:23.0522 0x11c0  [ EB03B4DDB4027E488F6EFC591DC48460, DA88DCB4E3586730CBE5155468E50A145819B319355BB8F21A10EDA777FE515B ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:51:23.0537 0x11c0  QBCFMonitorService - detected UnsignedFile.Multi.Generic ( 1 )
15:51:28.0561 0x11c0  Detect skipped due to KSN trusted
15:51:28.0561 0x11c0  QBCFMonitorService - ok
15:51:28.0654 0x11c0  [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:51:28.0670 0x11c0  QBFCService - detected UnsignedFile.Multi.Generic ( 1 )
15:51:33.0677 0x11c0  Detect skipped due to KSN trusted
15:51:33.0677 0x11c0  QBFCService - ok
15:51:33.0787 0x11c0  [ 78AFB70DBE365BD6140E6740792AC3EA, 32DBFDA80C62B6752BB17F5A3843314ED33F8B77760B5691F910AD632EE5DD0F ] QBVSS           C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
15:51:33.0865 0x11c0  QBVSS - detected UnsignedFile.Multi.Generic ( 1 )
15:51:38.0872 0x11c0  Detect skipped due to KSN trusted
15:51:38.0872 0x11c0  QBVSS - ok
15:51:38.0950 0x11c0  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:51:39.0044 0x11c0  ql2300 - ok
15:51:39.0075 0x11c0  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:51:39.0091 0x11c0  ql40xx - ok
15:51:39.0137 0x11c0  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
15:51:39.0169 0x11c0  QWAVE - ok
15:51:39.0184 0x11c0  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:51:39.0215 0x11c0  QWAVEdrv - ok
15:51:39.0340 0x11c0  [ E642B131FB74CAF4BB8A014F31113142, 18A81B27FB2DA556AC51DBA8956203A6E821D75B2B09F11049250E732318F573 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
15:51:39.0527 0x11c0  R300 - ok
15:51:39.0543 0x11c0  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:51:39.0574 0x11c0  RasAcd - ok
15:51:39.0621 0x11c0  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
15:51:39.0652 0x11c0  RasAuto - ok
15:51:39.0668 0x11c0  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:51:39.0699 0x11c0  Rasl2tp - ok
15:51:39.0746 0x11c0  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
15:51:39.0793 0x11c0  RasMan - ok
15:51:39.0839 0x11c0  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:51:39.0855 0x11c0  RasPppoe - ok
15:51:39.0902 0x11c0  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:51:39.0933 0x11c0  RasSstp - ok
15:51:39.0995 0x11c0  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:51:40.0027 0x11c0  rdbss - ok
15:51:40.0042 0x11c0  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:51:40.0073 0x11c0  RDPCDD - ok
15:51:40.0105 0x11c0  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:51:40.0151 0x11c0  rdpdr - ok
15:51:40.0151 0x11c0  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:51:40.0214 0x11c0  RDPENCDD - ok
15:51:40.0261 0x11c0  [ 79C6DF8477250F5C54F7C5AE1D6B814E, 34D6FBF08C7A00B6FC878311BC91C1DB9D4B30EDAF84870FCF7B275D8540038C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:51:40.0354 0x11c0  RDPWD - ok
15:51:40.0401 0x11c0  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:51:40.0448 0x11c0  RemoteAccess - ok
15:51:40.0495 0x11c0  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:51:40.0510 0x11c0  RemoteRegistry - ok
15:51:40.0573 0x11c0  [ F17713D108ACA124A139FDE877EEF68A, AB254B8B4BDB10685280A8595CA69FEA2F1E68923E676C8CAF3F5468AE4C566E ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
15:51:40.0604 0x11c0  RimUsb - ok
15:51:40.0635 0x11c0  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
15:51:40.0651 0x11c0  RpcLocator - ok
15:51:40.0682 0x11c0  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
15:51:40.0713 0x11c0  RpcSs - ok
15:51:40.0729 0x11c0  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:51:40.0775 0x11c0  rspndr - ok
15:51:40.0775 0x11c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
15:51:40.0791 0x11c0  SamSs - ok
15:51:40.0807 0x11c0  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:51:40.0822 0x11c0  sbp2port - ok
15:51:40.0853 0x11c0  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:51:40.0885 0x11c0  SCardSvr - ok
15:51:40.0947 0x11c0  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
15:51:41.0041 0x11c0  Schedule - ok
15:51:41.0056 0x11c0  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:51:41.0072 0x11c0  SCPolicySvc - ok
15:51:41.0103 0x11c0  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:51:41.0197 0x11c0  SDRSVC - ok
15:51:41.0212 0x11c0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:51:41.0259 0x11c0  secdrv - ok
15:51:41.0306 0x11c0  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
15:51:41.0321 0x11c0  seclogon - ok
15:51:41.0337 0x11c0  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
15:51:41.0368 0x11c0  SENS - ok
15:51:41.0384 0x11c0  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:51:41.0431 0x11c0  Serenum - ok
15:51:41.0462 0x11c0  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
15:51:41.0524 0x11c0  Serial - ok
15:51:41.0540 0x11c0  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:51:41.0571 0x11c0  sermouse - ok
15:51:41.0602 0x11c0  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:51:41.0618 0x11c0  SessionEnv - ok
15:51:41.0649 0x11c0  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:51:41.0665 0x11c0  sffdisk - ok
15:51:41.0680 0x11c0  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:51:41.0711 0x11c0  sffp_mmc - ok
15:51:41.0727 0x11c0  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:51:41.0758 0x11c0  sffp_sd - ok
15:51:41.0758 0x11c0  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:51:41.0805 0x11c0  sfloppy - ok
15:51:41.0867 0x11c0  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:51:41.0930 0x11c0  SharedAccess - ok
15:51:41.0977 0x11c0  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:51:42.0039 0x11c0  ShellHWDetection - ok
15:51:42.0055 0x11c0  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:51:42.0070 0x11c0  sisagp - ok
15:51:42.0086 0x11c0  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:51:42.0101 0x11c0  SiSRaid2 - ok
15:51:42.0117 0x11c0  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:51:42.0133 0x11c0  SiSRaid4 - ok
15:51:42.0289 0x11c0  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
15:51:42.0538 0x11c0  slsvc - ok
15:51:42.0585 0x11c0  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:51:42.0632 0x11c0  SLUINotify - ok
15:51:42.0679 0x11c0  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:51:42.0679 0x11c0  SNMPTRAP - ok
15:51:42.0694 0x11c0  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:51:42.0710 0x11c0  spldr - ok
15:51:42.0757 0x11c0  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
15:51:42.0803 0x11c0  Spooler - ok
15:51:42.0866 0x11c0  sprtsvc_dellsupportcenter - ok
15:51:42.0928 0x11c0  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:51:42.0975 0x11c0  srv - ok
15:51:43.0037 0x11c0  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:51:43.0084 0x11c0  srv2 - ok
15:51:43.0131 0x11c0  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:51:43.0178 0x11c0  srvnet - ok
15:51:43.0209 0x11c0  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:51:43.0240 0x11c0  SSDPSRV - ok
15:51:43.0287 0x11c0  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:51:43.0334 0x11c0  SstpSvc - ok
15:51:43.0381 0x11c0  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:51:43.0412 0x11c0  StillCam - ok
15:51:43.0474 0x11c0  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
15:51:43.0521 0x11c0  stisvc - ok
15:51:43.0583 0x11c0  [ 1D0063597C3666404FCF97698ABEB019, 352A63C97F930499BC598C2A398663377D7CCD4A42770E35635C90EDC4DA530A ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:51:43.0583 0x11c0  stllssvr - ok
15:51:43.0615 0x11c0  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:51:43.0630 0x11c0  swenum - ok
15:51:43.0661 0x11c0  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
15:51:43.0708 0x11c0  swprv - ok
15:51:43.0724 0x11c0  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:51:43.0739 0x11c0  Symc8xx - ok
15:51:43.0755 0x11c0  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:51:43.0771 0x11c0  Sym_hi - ok
15:51:43.0771 0x11c0  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:51:43.0786 0x11c0  Sym_u3 - ok
15:51:43.0849 0x11c0  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
15:51:43.0880 0x11c0  SysMain - ok
15:51:43.0911 0x11c0  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:51:43.0942 0x11c0  TabletInputService - ok
15:51:43.0989 0x11c0  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:51:44.0036 0x11c0  TapiSrv - ok
15:51:44.0051 0x11c0  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
15:51:44.0083 0x11c0  TBS - ok
15:51:44.0161 0x11c0  [ 27D470DABC77BC60D0A3B0E4DEB6CB91, BB505F418856D722CC883CB4EEB51A26E9C62EFDF6E4B5BFCCCDEAE43025130C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:51:44.0223 0x11c0  Tcpip - ok
15:51:44.0285 0x11c0  [ 27D470DABC77BC60D0A3B0E4DEB6CB91, BB505F418856D722CC883CB4EEB51A26E9C62EFDF6E4B5BFCCCDEAE43025130C ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:51:44.0317 0x11c0  Tcpip6 - ok
15:51:44.0363 0x11c0  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:51:44.0441 0x11c0  tcpipreg - ok
15:51:44.0457 0x11c0  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:51:44.0488 0x11c0  TDPIPE - ok
15:51:44.0504 0x11c0  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:51:44.0551 0x11c0  TDTCP - ok
15:51:44.0582 0x11c0  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:51:44.0597 0x11c0  tdx - ok
15:51:44.0644 0x11c0  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:51:44.0660 0x11c0  TermDD - ok
15:51:44.0722 0x11c0  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
15:51:44.0800 0x11c0  TermService - ok
15:51:44.0831 0x11c0  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
15:51:44.0847 0x11c0  Themes - ok
15:51:44.0878 0x11c0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:51:44.0894 0x11c0  THREADORDER - ok
15:51:44.0909 0x11c0  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
15:51:44.0941 0x11c0  TrkWks - ok
15:51:45.0003 0x11c0  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:51:45.0019 0x11c0  TrustedInstaller - ok
15:51:45.0050 0x11c0  [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:51:45.0065 0x11c0  tssecsrv - ok
15:51:45.0128 0x11c0  [ F13E12FC0E9E1D02B6B679A3A08F6C4D, 304A9512001406755D0D610067007530C6DD107EEFE45F6A57ED04953E55E8E8 ] TSUSB2          C:\Windows\system32\DRIVERS\TSUSB2.sys
15:51:45.0159 0x11c0  TSUSB2 - ok
15:51:45.0159 0x11c0  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:51:45.0206 0x11c0  tunmp - ok
15:51:45.0237 0x11c0  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:51:45.0268 0x11c0  tunnel - ok
15:51:45.0268 0x11c0  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:51:45.0284 0x11c0  uagp35 - ok
15:51:45.0346 0x11c0  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:51:45.0377 0x11c0  udfs - ok
15:51:45.0424 0x11c0  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:51:45.0440 0x11c0  UI0Detect - ok
15:51:45.0471 0x11c0  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:51:45.0487 0x11c0  uliagpkx - ok
15:51:45.0502 0x11c0  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:51:45.0518 0x11c0  uliahci - ok
15:51:45.0549 0x11c0  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:51:45.0565 0x11c0  UlSata - ok
15:51:45.0580 0x11c0  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:51:45.0596 0x11c0  ulsata2 - ok
15:51:45.0627 0x11c0  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:51:45.0658 0x11c0  umbus - ok
15:51:45.0674 0x11c0  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
15:51:45.0721 0x11c0  upnphost - ok
15:51:45.0767 0x11c0  [ 32DB9517628FF0D070682AAB61E688F0, F9EF8D0D55DABF00E79B0EFE689C6662430B59093A6C7EACB2069DC70B1FDCC5 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:51:45.0799 0x11c0  usbaudio - ok
15:51:45.0814 0x11c0  [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:51:45.0845 0x11c0  usbccgp - ok
15:51:45.0861 0x11c0  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:51:45.0923 0x11c0  usbcir - ok
15:51:45.0970 0x11c0  [ 79E96C23A97CE7B8F14D310DA2DB0C9B, EB441D3B93965CD927E0C181031AD1082F59F9885BF35CABFDCA08C6C76B0DAF ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:51:46.0001 0x11c0  usbehci - ok
15:51:46.0048 0x11c0  [ 4673BBCB006AF60E7ABDDBE7A130BA42, 0B7DED0D887A3530AA5497FDBCB69389486FB9E2B6FAE3163E33713256D575BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:51:46.0095 0x11c0  usbhub - ok
15:51:46.0126 0x11c0  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:51:46.0157 0x11c0  usbohci - ok
15:51:46.0189 0x11c0  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:51:46.0204 0x11c0  usbprint - ok
15:51:46.0220 0x11c0  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:51:46.0251 0x11c0  usbscan - ok
15:51:46.0267 0x11c0  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:51:46.0313 0x11c0  USBSTOR - ok
15:51:46.0313 0x11c0  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:51:46.0329 0x11c0  usbuhci - ok
15:51:46.0376 0x11c0  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:51:46.0407 0x11c0  usbvideo - ok
15:51:46.0454 0x11c0  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
15:51:46.0485 0x11c0  UxSms - ok
15:51:46.0532 0x11c0  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
15:51:46.0594 0x11c0  vds - ok
15:51:46.0625 0x11c0  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:51:46.0657 0x11c0  vga - ok
15:51:46.0672 0x11c0  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:51:46.0719 0x11c0  VgaSave - ok
15:51:46.0750 0x11c0  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:51:46.0766 0x11c0  viaagp - ok
15:51:46.0766 0x11c0  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:51:46.0797 0x11c0  ViaC7 - ok
15:51:46.0813 0x11c0  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
15:51:46.0828 0x11c0  viaide - ok
15:51:46.0875 0x11c0  [ D32F4A1D897CB6B5A2E5B2524A7C6640, CBDC9D046CC82FF1125C8A184A52A59D90022AE5271E9F2AF6E170771E653676 ] VMUVC           C:\Windows\system32\Drivers\VMUVC.sys
15:51:46.0922 0x11c0  VMUVC - ok
15:51:46.0937 0x11c0  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:51:46.0953 0x11c0  volmgr - ok
15:51:47.0000 0x11c0  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:51:47.0031 0x11c0  volmgrx - ok
15:51:47.0078 0x11c0  [ 147281C01FCB1DF9252DE2A10D5E7093, DF5DCF6FD472F21863DC10B62F7647420B9686607857D08286B618D585E50219 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:51:47.0093 0x11c0  volsnap - ok
15:51:47.0125 0x11c0  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:51:47.0140 0x11c0  vsmraid - ok
15:51:47.0187 0x11c0  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
15:51:47.0296 0x11c0  VSS - ok
15:51:47.0343 0x11c0  [ D3EE7CC6B0C29083A874DB9D890BCEB5, 6F75CFCD91F45C6559D65315EC4B9D73F7AD278C632B733B47382F23F6DDD9B1 ] vvftUVC         C:\Windows\system32\drivers\vvftUVC.sys
15:51:47.0421 0x11c0  vvftUVC - ok
15:51:47.0452 0x11c0  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
15:51:47.0483 0x11c0  W32Time - ok
15:51:47.0515 0x11c0  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:51:47.0546 0x11c0  WacomPen - ok
15:51:47.0561 0x11c0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:51:47.0593 0x11c0  Wanarp - ok
15:51:47.0593 0x11c0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:51:47.0624 0x11c0  Wanarpv6 - ok
15:51:47.0639 0x11c0  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:51:47.0671 0x11c0  wcncsvc - ok
15:51:47.0702 0x11c0  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:51:47.0733 0x11c0  WcsPlugInService - ok
15:51:47.0749 0x11c0  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
15:51:47.0764 0x11c0  Wd - ok
15:51:47.0795 0x11c0  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96, 6A6EFFDB538DE1E201058A00F3E056F1256E92EED943FBFBCE28E54BE751E33D ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:51:47.0827 0x11c0  Wdf01000 - ok
15:51:47.0858 0x11c0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:51:47.0905 0x11c0  WdiServiceHost - ok
15:51:47.0905 0x11c0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:51:47.0936 0x11c0  WdiSystemHost - ok
15:51:47.0951 0x11c0  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
15:51:47.0998 0x11c0  WebClient - ok
15:51:48.0045 0x11c0  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:51:48.0092 0x11c0  Wecsvc - ok
15:51:48.0107 0x11c0  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:51:48.0123 0x11c0  wercplsupport - ok
15:51:48.0185 0x11c0  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:51:48.0201 0x11c0  WerSvc - ok
15:51:48.0248 0x11c0  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:51:48.0295 0x11c0  WinDefend - ok
15:51:48.0357 0x11c0  [ E2EF0E2A004944E6647826A0F415D668, 05FE94C2E8C13CDF54785C9D04D944E4E4025182511B240410B1E8EF505D9A47 ] WinDriver6      C:\Windows\system32\drivers\windrvr6.sys
15:51:48.0404 0x11c0  WinDriver6 - ok
15:51:48.0404 0x11c0  WinHttpAutoProxySvc - ok
15:51:48.0451 0x11c0  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:51:48.0482 0x11c0  Winmgmt - ok
15:51:48.0560 0x11c0  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:51:48.0669 0x11c0  WinRM - ok
15:51:48.0731 0x11c0  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:51:48.0825 0x11c0  Wlansvc - ok
15:51:48.0856 0x11c0  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:51:48.0872 0x11c0  WmiAcpi - ok
15:51:48.0919 0x11c0  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:51:48.0950 0x11c0  wmiApSrv - ok
15:51:48.0997 0x11c0  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:51:49.0090 0x11c0  WMPNetworkSvc - ok
15:51:49.0106 0x11c0  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:51:49.0137 0x11c0  WPCSvc - ok
15:51:49.0184 0x11c0  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:51:49.0277 0x11c0  WPDBusEnum - ok
15:51:49.0293 0x11c0  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:51:49.0309 0x11c0  WpdUsb - ok
15:51:49.0449 0x11c0  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:51:49.0480 0x11c0  WPFFontCache_v0400 - ok
15:51:49.0527 0x11c0  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:51:49.0558 0x11c0  ws2ifsl - ok
15:51:49.0605 0x11c0  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
15:51:49.0636 0x11c0  wscsvc - ok
15:51:49.0636 0x11c0  WSearch - ok
15:51:49.0745 0x11c0  [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:51:49.0855 0x11c0  wuauserv - ok
15:51:49.0901 0x11c0  [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:51:49.0933 0x11c0  WUDFRd - ok
15:51:49.0964 0x11c0  [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:51:49.0995 0x11c0  wudfsvc - ok
15:51:50.0073 0x11c0  [ 9EEA6D029FEF5F3016D089B1A603837D, 0DB78D89A64B0C6C98E4E4454692EB7A51B0B3B1FA54CECB74D5B55AE7BEF4C9 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
15:51:50.0167 0x11c0  xnacc - ok
15:51:50.0198 0x11c0  ================ Scan global ===============================
15:51:50.0229 0x11c0  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
15:51:50.0307 0x11c0  [ D2293B069E4B63DC17B2F08D45E71124, 615305E8B854CFAAC70378B29014517FEBDA6BB90BDC2E455B5127CD7B0AEAB3 ] C:\Windows\system32\winsrv.dll
15:51:50.0323 0x11c0  [ D2293B069E4B63DC17B2F08D45E71124, 615305E8B854CFAAC70378B29014517FEBDA6BB90BDC2E455B5127CD7B0AEAB3 ] C:\Windows\system32\winsrv.dll
15:51:50.0369 0x11c0  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
15:51:50.0369 0x11c0  [ Global ] - ok
15:51:50.0369 0x11c0  ================ Scan MBR ==================================
15:51:50.0401 0x11c0  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:51:50.0681 0x11c0  \Device\Harddisk0\DR0 - ok
15:51:50.0681 0x11c0  ================ Scan VBR ==================================
15:51:50.0713 0x11c0  [ A001707FE155875255EF7C1FB359BCAE ] \Device\Harddisk0\DR0\Partition1
15:51:50.0713 0x11c0  \Device\Harddisk0\DR0\Partition1 - ok
15:51:50.0713 0x11c0  [ 29C149E2CE69732A65D72F2118403BC0 ] \Device\Harddisk0\DR0\Partition2
15:51:50.0713 0x11c0  \Device\Harddisk0\DR0\Partition2 - ok
15:51:50.0713 0x11c0  Waiting for KSN requests completion. In queue: 144
15:51:51.0727 0x11c0  Waiting for KSN requests completion. In queue: 144
15:51:52.0741 0x11c0  Waiting for KSN requests completion. In queue: 144
15:51:53.0755 0x11c0  Waiting for KSN requests completion. In queue: 144
15:51:54.0769 0x11c0  Waiting for KSN requests completion. In queue: 144
15:51:55.0783 0x11c0  Waiting for KSN requests completion. In queue: 144
15:51:56.0859 0x11c0  Win FW state via NFP2: enabled
15:52:01.0898 0x11c0  ============================================================
15:52:01.0898 0x11c0  Scan finished
15:52:01.0898 0x11c0  ============================================================
15:52:01.0898 0x0d14  Detected object count: 0
15:52:01.0898 0x0d14  Actual detected object count: 0
15:52:42.0021 0x16fc  Deinitialize success
 
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-20 09:12:28
-----------------------------
09:12:28.499    OS Version: Windows 6.0.6002 Service Pack 2
09:12:28.499    Number of processors: 2 586 0xF0D
09:12:28.499    ComputerName: OFFICE-PC  UserName: Contreras
09:12:30.371    Initialize success
09:19:04.327    AVAST engine defs: 14012000
09:21:20.796    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:21:20.796    Disk 0 Vendor: WDC_WD3200AAKS-75B3A0 01.03A01 Size: 305245MB BusType: 3
09:21:20.936    Disk 0 MBR read successfully
09:21:20.936    Disk 0 MBR scan
09:21:20.983    Disk 0 Windows VISTA default MBR code
09:21:20.983    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       47 MB offset 63
09:21:21.014    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 98304
09:21:21.030    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       294956 MB offset 21069824
09:21:21.030    Disk 0 scanning sectors +625139712
09:21:21.108    Disk 0 scanning C:\Windows\system32\drivers
09:21:31.342    Service scanning
09:21:54.913    Modules scanning
09:22:02.308    Disk 0 trace - called modules:
09:22:02.339    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
09:22:02.339    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84d85ac8]
09:22:02.339    3 CLASSPNP.SYS[87dac8b3] -> nt!IofCallDriver -> [0x84bf0328]
09:22:02.354    5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83e63820]
09:22:03.166    AVAST engine scan C:\
15:15:03.438    Scan finished successfully
15:22:23.140    Disk 0 MBR has been saved successfully to "C:\Users\Contreras\Desktop\MBR.dat"
15:22:23.155    The log file has been saved successfully to "C:\Users\Contreras\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   565bytes   1 downloads

Edited by richcon1983, 20 January 2014 - 06:47 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 21 January 2014 - 09:06 AM

The logs are clean.

Execute this.

Download ATF Cleaner by Atribune from here hereand save it to your Desktop.
Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache


The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

* The purpose of Prefetch folder is to increase the speed at which you can access the programs that you use on your PC. Unfortunately, Windows doesn't differentiate between a program you use every day and one you use every blue moon, which means that it may be prefetching a lot of stuff that you rarely use, adding to your startup time.
You may find that the first time you boot up after cleaning out this folder, your PC takes longer to get into gear - the second, and subsequent, boots should be quicker.

Keep me posted.

#15 richcon1983

richcon1983
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 21 January 2014 - 11:02 AM

Thanks, still not able to update Windows though. :smash:

 

I'm running Vista so I wasn't able to clear the Prefetch using ATFcleaner. Any other suggestions?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users