Internet Explorer hijacked, history shows sites not visited

waddler_8

Sorry Andy, I've been out at the football most of the day.

Unfortunately that log doesn't tell us much as it needs to be run in normal mode for it to be at it's best.

I think the best way for you to go is to format the drive and re-install windows - do you have your dell disks?

There's a dell specific tutorial here , and a general XP tutorial here.

With the symptoms you describe, I suspect you have some form of rootkit/bootkit. Everything used so far isn't detecting anything much - so that would mean taking a look outside of windows using a linux boot disk and some specially prepared scripts to get offline dumps of the MBR & kernel drivers & uploading them somewhere for me to take a look at them.

These root/bootkits can infect anything from the MBR (Master Boot Record) through the Partition Table to the VBR (Volume Boot Record).

If you're wondering how you got infected with this, my guess is it would almost certainly be via the use of BitTorrent.

Out of interest, looking at the mbam protection log what process does it give for the blocked connection attempts - iexplore.exe?

One last roll of the dice may be TDSSKiller, but I wouldn't be hopefull of it finding anything.

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

• Double click TDSSKiller.exe
• Click Change parameters
• Check Verify file digital signatures & Detect TDLFS file system (Services & drivers & boot sectors are pre-checked)
• Click OK
• Click Start scan
• If Malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue
• If suspicious objects are found, the default action will be Skip, ensure Skip is selected then click Continue
• If Unsigned files are found, the default action will be Skip, ensure Skip is selected then click Continue
• It may ask you to reboot to complete the process. Click on Reboot Now and allow the computer to reboot.
• A log will be created at the root of your C: drive. The log is named TDSSkiller.Version_Date_Time_log.txt
• If a reboot isn't required, click on Report. A log file should open.
• Post the contents in your next reply

AndyPreston_2

Thanks, I'll give TDSSkiller a go.

To answer your question, the mbam log doesn't specify which process is responsible for the blocked connections. However mbam hasn't run now for a couple of days (or at least not appeared in the system tray) - I get a Security message at startup saying something like system settings have been changed and the program has to close. I don't know whether this refers to mbam or something else.

I'm a little reluctant to reinstall Windows, first because it seems complicated having never done it before (although the tutorials are helpful, thanks), and second because I'm concerned about whether all the programs I'm running at present will work and recognise file data once reinstalled. Is this something a relative novice should be attempting or am I just being over cautious?!

Also, is it at all possible that the nasty might be hiding in some of my files that I want to save and copy to the reinstalled C drive, thus the reinstalll wouldn't work?

Anyway, I'll post the results of the TDSSkiller log when it's done.

Thanks again, Andy

waddler_8

AndyPreston wrote: »

To answer your question, the mbam log doesn't specify which process is responsible for the blocked connections. However mbam hasn't run now for a couple of days (or at least not appeared in the system tray) - I get a Security message at startup saying something like system settings have been changed and the program has to close. I don't know whether this refers to mbam or something else.

It seems mbam is running for it to give you notification of the blocked connections? Can you run a scan with mbam to check (a quick scan will suffice)? I'm presuming you are updating it and running periodic scans with it and it hasn't found anything. As it doesn't give a process we can assume it is the browser process (iexplore).

AndyPreston wrote: »

I'm a little reluctant to reinstall Windows, first because it seems complicated having never done it before (although the tutorials are helpful, thanks), and second because I'm concerned about whether all the programs I'm running at present will work and recognise file data once reinstalled. Is this something a relative novice should be attempting or am I just being over cautious?!

You're computer in it's current state is broken, so you have few avenues available to you to fix it.

1. Do as you are doing thus far and attempt to fix it yourself with online help & guidance such as I am giving you.
2. Get a techie minded friend to help you for the price of a pint.
3. Take it to a shop and pay a professional to do it.

The help I am giving you is limited in so much as I can attempt to guide you with instructions & links to tutorials, but I can't physically do it for you.

Your current programs will work once windows is reinstalled and all necessary updates done.

AndyPreston wrote: »

Also, is it at all possible that the nasty might be hiding in some of my files that I want to save and copy to the reinstalled C drive, thus the reinstalll wouldn't work?

The reinstall would work as you wouldn't be copying back any backed up files until you had reinstalled Windows. Is malware hiding in your files? In the case of malware other than a virus (and I'm using the true defintion of virus here) - unlikely, and the backups would be scanned before restoring. As far as a virus goes, we've scanned with Avast and you've scanned with AVG and no virus has been detected.

AndyPreston wrote: »

Anyway, I'll post the results of the TDSSkiller log when it's done.

Okay.

We can go the way of linux and do further checks if you want - but it isn't necessarily any quicker or easier. I'm prepared to help either way - it's up to you.

AndyPreston_2

Hi,

Mbam is still installed, it just hasn't appeared in the system tray and hasn't been popping up with the warnings about blocked connections for a few days. The quick scan ran for a while and didn't find any infection, but then 'encountered a problem' and had to close.

Thanks for the reassurance on the reinstall, I think that's the way to go now.


Here's the TDSSkiller log, broken into two parts and posted separately...


19:49:19.0406 3024 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
19:49:19.0750 3024 ============================================================
19:49:19.0750 3024 Current date / time: 2012/04/23 19:49:19.0750
19:49:19.0750 3024 SystemInfo:
19:49:19.0750 3024
19:49:19.0750 3024 OS Version: 5.1.2600 ServicePack: 3.0
19:49:19.0750 3024 Product type: Workstation
19:49:19.0750 3024 ComputerName: OWNER-DCC735BA6
19:49:19.0750 3024 UserName: Owner
19:49:19.0750 3024 Windows directory: C:\WINDOWS
19:49:19.0750 3024 System windows directory: C:\WINDOWS
19:49:19.0750 3024 Processor architecture: Intel x86
19:49:19.0750 3024 Number of processors: 2
19:49:19.0750 3024 Page size: 0x1000
19:49:19.0750 3024 Boot type: Normal boot
19:49:19.0750 3024 ============================================================
19:49:23.0687 3024 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:49:23.0718 3024 Drive \Device\Harddisk1\DR1 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:49:23.0734 3024 Drive \Device\Harddisk2\DR6 - Size: 0x1D1C1115800 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:49:24.0015 3024 Drive \Device\Harddisk3\DR7 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:49:24.0046 3024 \Device\Harddisk0\DR0:
19:49:24.0046 3024 MBR partitions:
19:49:24.0046 3024 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:49:24.0046 3024 \Device\Harddisk1\DR1:
19:49:24.0046 3024 MBR partitions:
19:49:24.0046 3024 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x1242EBBF
19:49:24.0046 3024 \Device\Harddisk2\DR6:
19:49:24.0062 3024 MBR partitions:
19:49:24.0062 3024 \Device\Harddisk2\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E074C1
19:49:24.0062 3024 \Device\Harddisk3\DR7:
19:49:24.0062 3024 MBR partitions:
19:49:24.0062 3024 \Device\Harddisk3\DR7\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
19:49:24.0062 3024 C: <-> \Device\Harddisk0\DR0\Partition0
19:49:24.0109 3024 E: <-> \Device\Harddisk1\DR1\Partition0
19:49:24.0156 3024 F: <-> \Device\Harddisk2\DR6\Partition0
19:49:24.0203 3024 H: <-> \Device\Harddisk3\DR7\Partition0
19:49:24.0203 3024 Initialize success
19:49:24.0203 3024 ============================================================
19:49:49.0781 3972 ============================================================
19:49:49.0781 3972 Scan started
19:49:49.0781 3972 Mode: Manual; SigCheck; TDLFS;
19:49:49.0781 3972 ============================================================
19:49:50.0421 3972 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
19:49:51.0250 3972 61883 - ok
19:49:51.0265 3972 Abiosdsk - ok
19:49:51.0281 3972 abp480n5 - ok
19:49:51.0328 3972 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:49:51.0531 3972 ACPI - ok
19:49:51.0546 3972 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:49:51.0734 3972 ACPIEC - ok
19:49:51.0828 3972 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:49:51.0906 3972 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
19:49:51.0906 3972 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
19:49:52.0000 3972 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:49:52.0015 3972 AdobeFlashPlayerUpdateSvc - ok
19:49:52.0031 3972 adpu160m - ok
19:49:52.0078 3972 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:49:52.0218 3972 aec - ok
19:49:52.0265 3972 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:49:52.0296 3972 AegisP ( UnsignedFile.Multi.Generic ) - warning
19:49:52.0296 3972 AegisP - detected UnsignedFile.Multi.Generic (1)
19:49:52.0328 3972 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:49:52.0406 3972 AFD - ok
19:49:52.0406 3972 Aha154x - ok
19:49:52.0421 3972 aic78u2 - ok
19:49:52.0421 3972 aic78xx - ok
19:49:52.0468 3972 alcan5wn (293bcaf4ef7afcc4b00d28f75c420356) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
19:49:52.0593 3972 alcan5wn - ok
19:49:52.0625 3972 alcaudsl (bdb16789e789f087b43b5f75032d4fdc) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
19:49:52.0656 3972 alcaudsl - ok
19:49:52.0671 3972 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:49:52.0859 3972 Alerter - ok
19:49:52.0890 3972 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:49:52.0953 3972 ALG - ok
19:49:52.0968 3972 AliIde - ok
19:49:52.0968 3972 amsint - ok
19:49:53.0031 3972 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
19:49:53.0156 3972 androidusb - ok
19:49:53.0171 3972 AnyDVD (95cdd12426d96c73ebebe6f36fa350a2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
19:49:53.0218 3972 AnyDVD - ok
19:49:53.0359 3972 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:49:53.0390 3972 Apple Mobile Device - ok
19:49:53.0390 3972 AppMgmt - ok
19:49:53.0437 3972 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:49:53.0671 3972 Arp1394 - ok
19:49:53.0718 3972 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
19:49:53.0984 3972 ASAPIW2k ( UnsignedFile.Multi.Generic ) - warning
19:49:53.0984 3972 ASAPIW2k - detected UnsignedFile.Multi.Generic (1)
19:49:53.0984 3972 asc - ok
19:49:54.0000 3972 asc3350p - ok
19:49:54.0015 3972 asc3550 - ok
19:49:54.0140 3972 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:49:54.0265 3972 aspnet_state - ok
19:49:54.0281 3972 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:49:54.0468 3972 AsyncMac - ok
19:49:54.0500 3972 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:49:54.0625 3972 atapi - ok
19:49:54.0640 3972 Atdisk - ok
19:49:54.0687 3972 Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed) C:\WINDOWS\system32\Ati2evxx.exe
19:49:54.0750 3972 Ati HotKey Poller - ok
19:49:54.0796 3972 ATI Smart (d41eb535e2b2d8872463e5f59f215d4e) C:\WINDOWS\system32\ati2sgag.exe
19:49:54.0843 3972 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
19:49:54.0843 3972 ATI Smart - detected UnsignedFile.Multi.Generic (1)
19:49:54.0906 3972 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:49:54.0984 3972 ati2mtag - ok
19:49:55.0015 3972 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:49:55.0203 3972 Atmarpc - ok
19:49:55.0250 3972 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:49:55.0375 3972 AudioSrv - ok
19:49:55.0390 3972 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:49:55.0562 3972 audstub - ok
19:49:55.0609 3972 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
19:49:55.0765 3972 Avc - ok
19:49:56.0000 3972 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:49:56.0203 3972 AVGIDSAgent - ok
19:49:56.0265 3972 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:49:56.0296 3972 AVGIDSDriver - ok
19:49:56.0343 3972 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:49:56.0359 3972 AVGIDSEH - ok
19:49:56.0406 3972 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:49:56.0421 3972 AVGIDSFilter - ok
19:49:56.0484 3972 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:49:56.0515 3972 AVGIDSShim - ok
19:49:56.0546 3972 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:49:56.0578 3972 Avgldx86 - ok
19:49:56.0593 3972 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:49:56.0625 3972 Avgmfx86 - ok
19:49:56.0625 3972 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:49:56.0640 3972 Avgrkx86 - ok
19:49:56.0687 3972 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:49:56.0718 3972 Avgtdix - ok
19:49:56.0765 3972 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:49:56.0781 3972 avgwd - ok
19:49:56.0796 3972 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:49:56.0953 3972 Beep - ok
19:49:57.0000 3972 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:49:57.0250 3972 BITS - ok
19:49:57.0312 3972 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:49:57.0328 3972 Bonjour Service - ok
19:49:57.0406 3972 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:49:57.0531 3972 Browser - ok
19:49:57.0562 3972 C-DillaCdaC11BA (3de014dfc14e8530f3a85572e2763446) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
19:49:57.0593 3972 C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - warning
19:49:57.0593 3972 C-DillaCdaC11BA - detected UnsignedFile.Multi.Generic (1)
19:49:57.0718 3972 catchme - ok
19:49:57.0734 3972 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:49:57.0875 3972 cbidf2k - ok
19:49:57.0921 3972 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:49:58.0078 3972 CCDECODE - ok
19:49:58.0078 3972 cd20xrnt - ok
19:49:58.0109 3972 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:49:58.0281 3972 Cdaudio - ok
19:49:58.0328 3972 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:49:58.0437 3972 Cdfs - ok
19:49:58.0484 3972 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:49:58.0640 3972 Cdrom - ok
19:49:58.0640 3972 Changer - ok
19:49:58.0656 3972 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:49:58.0781 3972 CiSvc - ok
19:49:58.0796 3972 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:49:58.0937 3972 ClipSrv - ok
19:49:59.0015 3972 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:49:59.0140 3972 clr_optimization_v2.0.50727_32 - ok
19:49:59.0156 3972 CmdIde - ok
19:49:59.0156 3972 COMSysApp - ok
19:49:59.0187 3972 Cpqarray - ok
19:49:59.0234 3972 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
19:49:59.0234 3972 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
19:49:59.0234 3972 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
19:49:59.0281 3972 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:49:59.0421 3972 CryptSvc - ok
19:49:59.0437 3972 dac2w2k - ok
19:49:59.0453 3972 dac960nt - ok
19:49:59.0484 3972 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:49:59.0515 3972 DcomLaunch - ok
19:49:59.0578 3972 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:49:59.0718 3972 Dhcp - ok
19:49:59.0750 3972 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:49:59.0890 3972 Disk - ok
19:49:59.0906 3972 dmadmin - ok
19:49:59.0937 3972 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:50:00.0078 3972 dmboot - ok
19:50:00.0109 3972 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:50:00.0250 3972 dmio - ok
19:50:00.0281 3972 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:50:00.0453 3972 dmload - ok
19:50:00.0468 3972 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:50:00.0625 3972 dmserver - ok
19:50:00.0656 3972 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:50:00.0796 3972 DMusic - ok
19:50:00.0828 3972 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:50:00.0859 3972 Dnscache - ok
19:50:00.0890 3972 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:50:01.0031 3972 Dot3svc - ok
19:50:01.0046 3972 dpti2o - ok
19:50:01.0062 3972 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:50:01.0187 3972 drmkaud - ok
19:50:01.0250 3972 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:50:01.0281 3972 E100B - ok
19:50:01.0312 3972 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:50:01.0437 3972 EapHost - ok
19:50:01.0468 3972 ElbyCDFL (075d91e4de09a6f1ede77c341803d454) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
19:50:01.0500 3972 ElbyCDFL - ok
19:50:01.0546 3972 ElbyCDIO (945ef111161bae49075107e5bc11a23f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
19:50:01.0578 3972 ElbyCDIO - ok
19:50:01.0609 3972 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
19:50:01.0625 3972 ElbyDelay - ok
19:50:01.0671 3972 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:50:01.0812 3972 ERSvc - ok
19:50:01.0843 3972 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:50:01.0875 3972 Eventlog - ok
19:50:01.0921 3972 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:50:02.0000 3972 EventSystem - ok
19:50:02.0046 3972 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:50:02.0250 3972 Fastfat - ok
19:50:02.0281 3972 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:50:02.0328 3972 FastUserSwitchingCompatibility - ok
19:50:02.0390 3972 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:50:02.0531 3972 Fdc - ok
19:50:02.0578 3972 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:50:02.0734 3972 Fips - ok
19:50:02.0843 3972 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:50:02.0937 3972 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:50:02.0937 3972 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:50:02.0937 3972 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:50:03.0093 3972 Flpydisk - ok
19:50:03.0140 3972 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:50:03.0265 3972 FltMgr - ok
19:50:03.0406 3972 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:50:03.0437 3972 FontCache3.0.0.0 - ok
19:50:03.0484 3972 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
19:50:03.0515 3972 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
19:50:03.0515 3972 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
19:50:03.0562 3972 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe
19:50:03.0593 3972 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
19:50:03.0593 3972 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
19:50:03.0593 3972 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:50:03.0750 3972 Fs_Rec - ok
19:50:03.0750 3972 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:50:03.0890 3972 Ftdisk - ok
19:50:03.0937 3972 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:50:04.0015 3972 GEARAspiWDM - ok
19:50:04.0046 3972 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:50:04.0187 3972 Gpc - ok
19:50:04.0250 3972 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:50:04.0265 3972 gupdate - ok
19:50:04.0281 3972 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:50:04.0312 3972 gupdatem - ok
19:50:04.0343 3972 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:50:04.0484 3972 HDAudBus - ok
19:50:04.0515 3972 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:50:04.0656 3972 helpsvc - ok
19:50:04.0671 3972 HidServ - ok
19:50:04.0703 3972 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:50:04.0875 3972 hidusb - ok
19:50:04.0890 3972 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:50:05.0031 3972 hkmsvc - ok
19:50:05.0031 3972 hpn - ok
19:50:05.0093 3972 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:50:05.0156 3972 HTTP - ok
19:50:05.0203 3972 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:50:05.0328 3972 HTTPFilter - ok
19:50:05.0343 3972 i2omgmt - ok
19:50:05.0343 3972 i2omp - ok
19:50:05.0375 3972 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
19:50:05.0500 3972 i8042prt - ok
19:50:05.0625 3972 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:50:05.0671 3972 idsvc - ok
19:50:05.0718 3972 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:50:05.0875 3972 Imapi - ok
19:50:05.0921 3972 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:50:06.0046 3972 ImapiService - ok
19:50:06.0062 3972 ini910u - ok
19:50:06.0062 3972 IntelIde - ok
19:50:06.0125 3972 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:50:06.0312 3972 intelppm - ok
19:50:06.0328 3972 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:50:06.0500 3972 Ip6Fw - ok
19:50:06.0546 3972 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:50:06.0687 3972 IpFilterDriver - ok
19:50:06.0687 3972 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:50:06.0812 3972 IpInIp - ok
19:50:06.0843 3972 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:50:06.0984 3972 IpNat - ok
19:50:07.0078 3972 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
19:50:07.0109 3972 iPod Service - ok
19:50:07.0140 3972 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:50:07.0312 3972 IPSec - ok
19:50:07.0328 3972 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:50:07.0453 3972 IRENUM - ok
19:50:07.0500 3972 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:50:07.0625 3972 isapnp - ok
19:50:07.0765 3972 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
19:50:07.0781 3972 JavaQuickStarterService - ok
19:50:07.0843 3972 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:50:08.0031 3972 Kbdclass - ok
19:50:08.0109 3972 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:50:08.0234 3972 kbdhid - ok
19:50:08.0312 3972 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:50:08.0437 3972 kmixer - ok
19:50:08.0453 3972 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:50:08.0546 3972 KSecDD - ok
19:50:08.0593 3972 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:50:08.0656 3972 LanmanServer - ok
19:50:08.0718 3972 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:50:08.0781 3972 lanmanworkstation - ok
19:50:08.0796 3972 lbrtfdc - ok
19:50:09.0046 3972 LeapFrog Connect Device Service (24a7d535bd9e58e5bc1ac52ef7e2ec8e) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
19:50:09.0265 3972 LeapFrog Connect Device Service - ok
19:50:09.0328 3972 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:50:09.0484 3972 LmHosts - ok
19:50:09.0531 3972 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
19:50:09.0562 3972 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
19:50:09.0562 3972 MarvinBus - detected UnsignedFile.Multi.Generic (1)
19:50:09.0640 3972 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
19:50:09.0671 3972 MBAMProtector - ok
19:50:09.0734 3972 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:50:09.0781 3972 MBAMService - ok
19:50:09.0812 3972 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:50:09.0968 3972 Messenger - ok
19:50:10.0000 3972 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:50:10.0171 3972 mnmdd - ok
19:50:10.0218 3972 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:50:10.0390 3972 mnmsrvc - ok
19:50:10.0437 3972 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:50:10.0593 3972 Modem - ok
19:50:10.0656 3972 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:50:10.0796 3972 Mouclass - ok
19:50:10.0843 3972 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:50:10.0984 3972 mouhid - ok
19:50:11.0000 3972 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:50:11.0125 3972 MountMgr - ok
19:50:11.0140 3972 mraid35x - ok
19:50:11.0156 3972 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:50:11.0281 3972 MRxDAV - ok
19:50:11.0296 3972 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:50:11.0375 3972 MRxSmb - ok
19:50:11.0406 3972 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:50:11.0531 3972 MSDTC - ok
19:50:11.0578 3972 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
19:50:11.0718 3972 MSDV - ok
19:50:11.0718 3972 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:50:11.0875 3972 Msfs - ok
19:50:11.0890 3972 MSIServer - ok
19:50:11.0921 3972 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:50:12.0062 3972 MSKSSRV - ok
19:50:12.0093 3972 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:50:12.0250 3972 MSPCLOCK - ok
19:50:12.0265 3972 MSPQM (bad59648ba099da4a17680b39730cb3d)

AndyPreston_2

C:\WINDOWS\system32\drivers\MSPQM.sys
19:50:12.0421 3972 MSPQM - ok
19:50:12.0468 3972 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:50:12.0578 3972 mssmbios - ok
19:50:12.0625 3972 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:50:12.0781 3972 MSTEE - ok
19:50:12.0796 3972 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:50:12.0843 3972 Mup - ok
19:50:12.0875 3972 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:50:13.0031 3972 NABTSFEC - ok
19:50:13.0078 3972 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:50:13.0218 3972 napagent - ok
19:50:13.0234 3972 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:50:13.0375 3972 NDIS - ok
19:50:13.0421 3972 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:50:13.0609 3972 NdisIP - ok
19:50:13.0656 3972 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:50:13.0703 3972 NdisTapi - ok
19:50:13.0750 3972 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:50:13.0937 3972 Ndisuio - ok
19:50:14.0015 3972 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:50:14.0187 3972 NdisWan - ok
19:50:14.0234 3972 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:50:14.0281 3972 NDProxy - ok
19:50:14.0312 3972 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:50:14.0437 3972 NetBIOS - ok
19:50:14.0484 3972 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:50:14.0703 3972 NetBT - ok
19:50:14.0750 3972 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:50:15.0015 3972 NetDDE - ok
19:50:15.0015 3972 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:50:15.0187 3972 NetDDEdsdm - ok
19:50:15.0203 3972 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:50:15.0421 3972 Netlogon - ok
19:50:15.0484 3972 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:50:15.0718 3972 Netman - ok
19:50:15.0843 3972 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:50:15.0890 3972 NetTcpPortSharing - ok
19:50:15.0968 3972 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:50:16.0171 3972 NIC1394 - ok
19:50:16.0281 3972 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:50:16.0312 3972 Nla - ok
19:50:16.0359 3972 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:50:16.0500 3972 Npfs - ok
19:50:16.0562 3972 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:50:16.0750 3972 Ntfs - ok
19:50:16.0781 3972 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:50:16.0906 3972 NtLmSsp - ok
19:50:16.0937 3972 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:50:17.0078 3972 NtmsSvc - ok
19:50:17.0125 3972 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:50:17.0265 3972 Null - ok
19:50:17.0296 3972 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:50:17.0437 3972 NwlnkFlt - ok
19:50:17.0468 3972 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:50:17.0593 3972 NwlnkFwd - ok
19:50:17.0640 3972 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:50:17.0765 3972 ohci1394 - ok
19:50:17.0843 3972 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:50:17.0875 3972 ose - ok
19:50:17.0906 3972 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:50:18.0031 3972 Parport - ok
19:50:18.0031 3972 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:50:18.0156 3972 PartMgr - ok
19:50:18.0171 3972 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:50:18.0312 3972 ParVdm - ok
19:50:18.0359 3972 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:50:18.0468 3972 pccsmcfd - ok
19:50:18.0484 3972 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:50:18.0609 3972 PCI - ok
19:50:18.0625 3972 PCIDump - ok
19:50:18.0625 3972 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:50:18.0750 3972 PCIIde - ok
19:50:18.0796 3972 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
19:50:18.0828 3972 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
19:50:18.0828 3972 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
19:50:18.0859 3972 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:50:19.0015 3972 Pcmcia - ok
19:50:19.0046 3972 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
19:50:19.0093 3972 pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:50:19.0093 3972 pcouffin - detected UnsignedFile.Multi.Generic (1)
19:50:19.0093 3972 PDCOMP - ok
19:50:19.0109 3972 PDFRAME - ok
19:50:19.0125 3972 PDRELI - ok
19:50:19.0125 3972 PDRFRAME - ok
19:50:19.0140 3972 perc2 - ok
19:50:19.0156 3972 perc2hib - ok
19:50:19.0203 3972 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:50:19.0234 3972 PlugPlay - ok
19:50:19.0265 3972 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:50:19.0390 3972 PolicyAgent - ok
19:50:19.0437 3972 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:50:19.0593 3972 PptpMiniport - ok
19:50:19.0625 3972 PRISMSVC (db794c66fac2ca24c3e99f11eb502fb7) C:\WINDOWS\system32\PRISMSVC.EXE
19:50:19.0640 3972 PRISMSVC ( UnsignedFile.Multi.Generic ) - warning
19:50:19.0640 3972 PRISMSVC - detected UnsignedFile.Multi.Generic (1)
19:50:19.0656 3972 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:50:19.0765 3972 ProtectedStorage - ok
19:50:19.0796 3972 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:50:19.0921 3972 PSched - ok
19:50:19.0968 3972 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:50:20.0093 3972 Ptilink - ok
19:50:20.0109 3972 ql1080 - ok
19:50:20.0125 3972 Ql10wnt - ok
19:50:20.0140 3972 ql12160 - ok
19:50:20.0140 3972 ql1240 - ok
19:50:20.0156 3972 ql1280 - ok
19:50:20.0187 3972 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:50:20.0312 3972 RasAcd - ok
19:50:20.0343 3972 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:50:20.0484 3972 RasAuto - ok
19:50:20.0531 3972 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:50:20.0671 3972 Rasl2tp - ok
19:50:20.0703 3972 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:50:20.0828 3972 RasMan - ok
19:50:20.0843 3972 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:50:20.0968 3972 RasPppoe - ok
19:50:20.0984 3972 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:50:21.0125 3972 Raspti - ok
19:50:21.0171 3972 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:50:21.0296 3972 Rdbss - ok
19:50:21.0328 3972 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:50:21.0468 3972 RDPCDD - ok
19:50:21.0515 3972 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:50:21.0578 3972 RDPWD - ok
19:50:21.0640 3972 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:50:21.0765 3972 RDSessMgr - ok
19:50:21.0812 3972 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:50:21.0968 3972 redbook - ok
19:50:22.0000 3972 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:50:22.0140 3972 RemoteAccess - ok
19:50:22.0156 3972 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:50:22.0296 3972 RpcLocator - ok
19:50:22.0343 3972 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:50:22.0375 3972 RpcSs - ok
19:50:22.0406 3972 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:50:22.0546 3972 RSVP - ok
19:50:22.0593 3972 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:50:22.0718 3972 SamSs - ok
19:50:22.0796 3972 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:50:22.0921 3972 SCardSvr - ok
19:50:22.0984 3972 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:50:23.0109 3972 Schedule - ok
19:50:23.0140 3972 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:50:23.0218 3972 Secdrv - ok
19:50:23.0234 3972 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:50:23.0375 3972 seclogon - ok
19:50:23.0390 3972 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:50:23.0515 3972 SENS - ok
19:50:23.0578 3972 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:50:23.0703 3972 Serial - ok
19:50:23.0843 3972 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:50:23.0921 3972 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:50:23.0921 3972 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:50:23.0953 3972 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:50:24.0109 3972 Sfloppy - ok
19:50:24.0156 3972 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:50:24.0281 3972 SharedAccess - ok
19:50:24.0328 3972 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:50:24.0375 3972 ShellHWDetection - ok
19:50:24.0390 3972 Simbad - ok
19:50:24.0421 3972 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:50:24.0562 3972 SLIP - ok
19:50:24.0796 3972 SMART Board Service (92190d70c94f705482aa945347c91c2b) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
19:50:25.0109 3972 SMART Board Service - ok
19:50:25.0156 3972 SMART Display Controller (79ab684ed628ac7b9263b0ed9af04657) C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
19:50:25.0187 3972 SMART Display Controller - ok
19:50:25.0218 3972 SMART SNMP Agent Service (de7cdaa210a537a7726a10b428daa150) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
19:50:25.0375 3972 SMART SNMP Agent Service - ok
19:50:25.0390 3972 Sparrow - ok
19:50:25.0437 3972 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:50:25.0562 3972 splitter - ok
19:50:25.0609 3972 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:50:25.0671 3972 Spooler - ok
19:50:25.0718 3972 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:50:25.0796 3972 sr - ok
19:50:25.0828 3972 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:50:25.0890 3972 srservice - ok
19:50:25.0921 3972 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:50:25.0984 3972 Srv - ok
19:50:26.0031 3972 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
19:50:26.0109 3972 ssadbus - ok
19:50:26.0140 3972 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
19:50:26.0359 3972 ssadmdfl - ok
19:50:26.0375 3972 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
19:50:26.0531 3972 ssadmdm - ok
19:50:26.0562 3972 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
19:50:26.0609 3972 ssadserd - ok
19:50:26.0671 3972 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:50:26.0718 3972 SSDPSRV - ok
19:50:26.0781 3972 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
19:50:26.0843 3972 ss_bbus - ok
19:50:26.0875 3972 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
19:50:26.0890 3972 ss_bmdfl - ok
19:50:26.0921 3972 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
19:50:26.0937 3972 ss_bmdm - ok
19:50:27.0015 3972 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
19:50:27.0093 3972 STHDA - ok
19:50:27.0140 3972 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:50:27.0265 3972 stisvc - ok
19:50:27.0312 3972 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:50:27.0437 3972 streamip - ok
19:50:27.0484 3972 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:50:27.0640 3972 swenum - ok
19:50:27.0703 3972 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:50:27.0828 3972 swmidi - ok
19:50:27.0843 3972 SwPrv - ok
19:50:27.0859 3972 symc810 - ok
19:50:27.0875 3972 symc8xx - ok
19:50:27.0875 3972 sym_hi - ok
19:50:27.0890 3972 sym_u3 - ok
19:50:27.0921 3972 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:50:28.0046 3972 sysaudio - ok
19:50:28.0078 3972 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:50:28.0218 3972 SysmonLog - ok
19:50:28.0250 3972 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:50:28.0375 3972 TapiSrv - ok
19:50:28.0406 3972 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:50:28.0437 3972 Tcpip - ok
19:50:28.0468 3972 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:50:28.0640 3972 TDPIPE - ok
19:50:28.0671 3972 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:50:28.0796 3972 TDTCP - ok
19:50:28.0843 3972 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:50:28.0953 3972 TermDD - ok
19:50:29.0000 3972 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:50:29.0125 3972 TermService - ok
19:50:29.0156 3972 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:50:29.0187 3972 Themes - ok
19:50:29.0187 3972 TosIde - ok
19:50:29.0250 3972 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:50:29.0375 3972 TrkWks - ok
19:50:29.0437 3972 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:50:29.0546 3972 Udfs - ok
19:50:29.0703 3972 UleadBurningHelper (810883e6225c0037f2553d964fc866e3) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
19:50:29.0718 3972 UleadBurningHelper - ok
19:50:29.0750 3972 ultra - ok
19:50:29.0812 3972 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:50:29.0984 3972 Update - ok
19:50:30.0031 3972 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:50:30.0125 3972 upnphost - ok
19:50:30.0125 3972 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:50:30.0265 3972 UPS - ok
19:50:30.0312 3972 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:50:30.0437 3972 usbccgp - ok
19:50:30.0500 3972 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:50:30.0671 3972 usbehci - ok
19:50:30.0703 3972 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:50:30.0859 3972 usbhub - ok
19:50:30.0875 3972 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:50:31.0000 3972 usbprint - ok
19:50:31.0031 3972 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:50:31.0156 3972 usbscan - ok
19:50:31.0203 3972 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:50:31.0328 3972 USBSTOR - ok
19:50:31.0359 3972 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:50:31.0484 3972 usbuhci - ok
19:50:31.0531 3972 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:50:31.0656 3972 VgaSave - ok
19:50:31.0671 3972 ViaIde - ok
19:50:31.0718 3972 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:50:31.0843 3972 VolSnap - ok
19:50:31.0859 3972 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:50:31.0937 3972 VSS - ok
19:50:32.0015 3972 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
19:50:32.0062 3972 vToolbarUpdater10.2.0 - ok
19:50:32.0109 3972 vulfnths (c0f55cc0903cfdc819f6d857402b697c) C:\WINDOWS\System32\Drivers\vulfnth.sys
19:50:32.0171 3972 vulfnths ( UnsignedFile.Multi.Generic ) - warning
19:50:32.0171 3972 vulfnths - detected UnsignedFile.Multi.Generic (1)
19:50:32.0203 3972 vulfntrs (545d98a7f61af1c7c4ad38b8f333e0b7) C:\WINDOWS\System32\Drivers\vulfntr.sys
19:50:32.0265 3972 vulfntrs ( UnsignedFile.Multi.Generic ) - warning
19:50:32.0265 3972 vulfntrs - detected UnsignedFile.Multi.Generic (1)
19:50:32.0296 3972 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:50:32.0437 3972 W32Time - ok
19:50:32.0453 3972 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:50:32.0593 3972 Wanarp - ok
19:50:32.0656 3972 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:50:32.0703 3972 Wdf01000 - ok
19:50:32.0718 3972 WDICA - ok
19:50:32.0765 3972 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:50:32.0890 3972 wdmaud - ok
19:50:32.0921 3972 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:50:33.0046 3972 WebClient - ok
19:50:33.0125 3972 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:50:33.0250 3972 winmgmt - ok
19:50:33.0312 3972 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
19:50:33.0421 3972 WmdmPmSN - ok
19:50:33.0468 3972 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:50:33.0625 3972 WmiApSrv - ok
19:50:33.0750 3972 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:50:33.0859 3972 WMPNetworkSvc - ok
19:50:33.0890 3972 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:50:34.0000 3972 WpdUsb - ok
19:50:34.0031 3972 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:50:34.0156 3972 WS2IFSL - ok
19:50:34.0203 3972 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:50:34.0343 3972 wscsvc - ok
19:50:34.0375 3972 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:50:34.0515 3972 WSTCODEC - ok
19:50:34.0562 3972 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:50:34.0687 3972 wuauserv - ok
19:50:34.0734 3972 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:50:34.0796 3972 WudfPf - ok
19:50:34.0812 3972 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:50:34.0859 3972 WudfRd - ok
19:50:34.0875 3972 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:50:34.0906 3972 WudfSvc - ok
19:50:34.0937 3972 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:50:35.0078 3972 WZCSVC - ok
19:50:35.0093 3972 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:50:35.0218 3972 xmlprov - ok
19:50:35.0250 3972 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:50:35.0437 3972 \Device\Harddisk0\DR0 - ok
19:50:35.0484 3972 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk1\DR1
19:50:35.0593 3972 \Device\Harddisk1\DR1 - ok
19:50:35.0593 3972 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR6
19:50:36.0421 3972 \Device\Harddisk2\DR6 - ok
19:50:36.0437 3972 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR7
19:50:37.0093 3972 \Device\Harddisk3\DR7 - ok
19:50:37.0109 3972 Boot (0x1200) (8864506a33d792cb15fd33a5dbce1475) \Device\Harddisk0\DR0\Partition0
19:50:37.0109 3972 \Device\Harddisk0\DR0\Partition0 - ok
19:50:37.0140 3972 Boot (0x1200) (68d11768b5752487bfd361610c53d701) \Device\Harddisk1\DR1\Partition0
19:50:37.0140 3972 \Device\Harddisk1\DR1\Partition0 - ok
19:50:37.0156 3972 Boot (0x1200) (29d80938c9b1c5507885302d3553a6b1) \Device\Harddisk2\DR6\Partition0
19:50:37.0156 3972 \Device\Harddisk2\DR6\Partition0 - ok
19:50:37.0156 3972 Boot (0x1200) (628568a83e84febb7cc4cd883b373563) \Device\Harddisk3\DR7\Partition0
19:50:37.0156 3972 \Device\Harddisk3\DR7\Partition0 - ok
19:50:37.0156 3972 ============================================================
19:50:37.0156 3972 Scan finished
19:50:37.0156 3972 ============================================================
19:50:37.0265 4360 Detected object count: 16
19:50:37.0265 4360 Actual detected object count: 16
19:51:06.0890 4360 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0890 4360 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0890 4360 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0890 4360 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0890 4360 ASAPIW2k ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0890 4360 ASAPIW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0890 4360 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0890 4360 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0906 4360 C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0906 4360 C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0906 4360 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0906 4360 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0906 4360 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0906 4360 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0906 4360 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0906 4360 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0906 4360 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0906 4360 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0921 4360 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0921 4360 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0921 4360 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0921 4360 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0921 4360 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0921 4360 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0921 4360 PRISMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0921 4360 PRISMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0921 4360 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0921 4360 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0921 4360 vulfnths ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0921 4360 vulfnths ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:06.0937 4360 vulfntrs ( UnsignedFile.Multi.Generic ) - skipped by user
19:51:06.0937 4360 vulfntrs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:24.0375 2068 Deinitialize success


It doesn't look like that gets us very far forward so I guess it's on to the reinstall...

Really appreciate all the assistance, thank you again for your time (and patience!). Cheers, Andy

waddler_8

AndyPreston wrote: »

It doesn't look like that gets us very far forward so I guess it's on to the reinstall...

Really appreciate all the assistance, thank you again for your time (and patience!). Cheers, Andy

No problem.

The unsigned files all check out. let us know how the reinstall goes or if you need any further help.

AndyPreston_2

Sorry, back again with another query.....

I never had a Windows disk from Dell when I got the PC. I know that in theory I can use Dell's built in program PC Restore to reset to the factory settings, following these steps...
http://support.dell.com/support/topics/global.aspx/support/kcs/document?c=us&l=en&s=gen&docid=DSN_181316&isLegacy=true

However, this requires me to press Ctrl F11 when the Dell screen appears on startup ... and I only have a USB keyboard with no PS/2 port, so I can't press the keys when required as the keyboard only becomes active when Windows loads.

The Dell advice says that if the key strokes don't work, I have to do a manual reinstall ... and for this I need the disks, which I haven't got.....

Is there any other way or do I admit defeat and take it to the local PC repair shop?

Thanks again, Andy

waddler_8

That probably isn't going to work anyway. Dells have a custom MBR that gives access to the hidden Dell recovery & utilities partitions, neither of which the aswMBR scan showed.

AndyPreston wrote: »

18:34:32.343 Disk 0 MBR read successfully
18:34:32.343 Disk 0 MBR scan
18:34:32.578 Disk 0 Windows XP default MBR code
18:34:32.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
18:34:32.593 Disk 0 scanning sectors +976752000

You could always contact Dell support.

AndyPreston_2

Thanks again for your reply. I have to say I've not been too impressed with Dell customer support when I've called previously - although that was a few years ago so may be worth another try. Otherwise I think it's off to the PC repair shop to buy a copy of XP and/or let them have a go at it.

Many, many thanks for all your time and assistance with this - it really is most appreciated. I'll let you know how I get on as and when!

All the best, Andy

waddler_8

It's totally up to you, but if you want - try this.


Download GETxPUD.exe to your desktop.

• Run GETxPUD.exe
• A new folder will appear on the desktop.
• Open the GETxPUD folder and click on get&burn.bat
• The program will download an .iso image, and when finished will open BurnCDCC ready to burn the image.
• Click on Start and follow the prompts to burn the image to a CD.

Download driver.sh to a USB drive.
Download dumpit to the same USB drive

• The computer must be set to boot from the CD.
• Insert the USB drive and CD into the computer and boot the computer from the CD
• Follow the prompts
• A Welcome to xPUD screen will appear
• Press File
• Expand mnt
• Expand sdb1 (your USB)
• Confirm that you see driver.sh & Dumpit
• Click Tool at the top
• Choose Open Terminal
• Type bash driver.sh & Press Enter and let it run uninterrupted.
  • note - all text entries (bash driver.sh) are case sensitive
• After it has finished it will say "Done"
• Type Exit to close the terminal window and a report will be located at sdb1 (Your USB) named report.txt
• Then right click dumpit and choose "Execute"
• It'll create some files on the USB drive, mbr.zip being one of them.

Should you choose to, when you've done that, let me know.