Jump to content

jdjgill1

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ESET SCAN C:\TDSSKiller_Quarantine\07.03.2013_20.39.43\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\07.03.2013_20.39.43\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan C:\TDSSKiller_Quarantine\07.03.2013_20.39.43\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.SV trojan C:\TDSSKiller_Quarantine\07.03.2013_20.39.43\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan C:\TDSSKiller_Quarantine\07.03.2013_20.39.43\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\07.03.2013_20.39.43\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan C:\TDSSKiller_Quarantine\10.03.2013_20.12.46\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\10.03.2013_20.12.46\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan C:\TDSSKiller_Quarantine\10.03.2013_20.12.46\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.SV trojan C:\TDSSKiller_Quarantine\10.03.2013_20.12.46\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan C:\TDSSKiller_Quarantine\10.03.2013_20.12.46\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\10.03.2013_20.12.46\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan C:\Users\Gill family\Downloads\Setup_FreeConverter.exe Win32/Toolbar.SearchSuite application C:\Users\Gill family\samples\flstudio_10.0.9.exe Win32/OpenCandy application
  2. MBAM Log Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.12.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Gill family :: HOMEPC [administrator] 3/15/2013 10:41:23 PM mbam-log-2013-03-15 (22-41-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223581 Time elapsed: 4 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HJT Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:34:33 PM, on 3/15/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16470) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Gill family\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0908&m=mc7801u R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0908&m=mc7801u R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEA.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Media Server - Cisco Systems, Inc - C:\Program Files (x86)\Cisco Media Center\AVMediaServer.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing) -- End of file - 12007 bytes
  3. IE v 9 I think. Isn't that listed in one of the reports I posted? I'll have to check that out.
  4. Gringo, my attempts at downloading HJT is utter fail. It takes an extremely long time to load the webpage then I am unable to initiate the download upon clicking the button. What do I do???
  5. Here you go, Gringo: ComboFix 13-03-11.01 - Gill family 03/11/2013 19:52:02.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3960.2009 [GMT -4:00] Running from: c:\users\Gill family\Desktop\ComboFix.exe Command switches used :: c:\users\Gill family\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-02-12 to 2013-03-12 ))))))))))))))))))))))))))))))) . . 2013-03-12 00:04 . 2013-03-12 00:04 -------- d-----w- c:\users\Gill family\AppData\Local\temp 2013-03-12 00:04 . 2013-03-12 00:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-08 02:06 . 2013-03-08 02:07 -------- d-----w- C:\MBAR 2013-03-08 01:44 . 2013-03-11 00:19 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-07 02:20 . 2013-03-07 02:20 -------- d-----w- c:\users\Gill family\AppData\Local\AVG Secure Search 2013-03-02 16:36 . 2013-02-19 08:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C920AFB-B54A-4C6E-9182-1E07D073B751}\mpengine.dll 2013-02-15 23:58 . 2013-02-15 23:58 106088 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-02-14 08:12 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-14 08:12 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-13 22:18 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll 2013-02-13 22:18 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll 2013-02-13 22:18 . 2013-01-04 11:31 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 22:18 . 2013-01-04 01:59 2773504 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 22:18 . 2013-01-05 05:37 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-12 08:00 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll 2013-02-12 08:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-02-12 08:00 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll 2013-02-12 08:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-02-12 03:31 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-02-12 03:31 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll 2013-02-12 03:30 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll 2013-02-12 03:30 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll 2013-02-12 03:30 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll 2013-02-12 03:30 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-02-12 03:30 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-19 03:32 . 2012-08-24 17:31 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-02-14 08:08 . 2006-11-02 12:35 70004024 ----a-w- c:\windows\system32\mrt.exe 2013-01-17 06:28 . 2010-03-05 02:04 273840 ------w- c:\windows\system32\MpSigStub.exe 2012-12-14 21:49 . 2010-01-15 00:35 24176 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIEA.EXE" [2011-11-01 278112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-19 1151152] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-10 1560360] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 151064] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 209432] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 182808] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0908&m=mc7801u mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0908&m=mc7801u mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: verizon.com\www22 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-08427587.sys SafeBoot-37107230.sys SafeBoot-55783572.sys SafeBoot-93453408.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3779299010-2798533009-2750939736-1000\Software\SecuROM\License information*] "datasecu"=hex:c6,15,76,90,f2,84,db,c8,99,26,37,85,fa,98,7c,6a,0a,3c,1a,fb,38, 9f,6d,fa,db,12,fe,c1,7c,d7,94,b2,c1,67,63,c1,76,5b,83,a5,87,91,b3,56,8a,9c,\ "rkeysecu"=hex:9a,a4,35,e7,53,7a,f0,3c,fd,bd,a2,f7,9a,ba,71,73 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-03-11 20:09:26 ComboFix-quarantined-files.txt 2013-03-12 00:09 . Pre-Run: 50,828,619,776 bytes free Post-Run: 50,912,362,496 bytes free . - - End Of File - - 491CE7336091CD3C0CC5E8D1651B1DBB
  6. Thank you, Gringo. I will follow your instruction later this evening. I truly appreciate your assistance with this. Dave
  7. Sorry, Wrong report. Here's the one : TDSSKiller.2.8.16.0_10.03.2013_20.12.45_log.txt
  8. Ok Gringo, here's the new TDSSKiller report: site said report is too long to copy/paste.. TDSSKiller.2.8.16.0_10.03.2013_20.05.47_log.txt
  9. Gringo, sorry for the late reply. Here are the results of the TDSSKILLER : 20:39:43.0061 1080 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:39:43.0700 1080 ============================================================ 20:39:43.0700 1080 Current date / time: 2013/03/07 20:39:43.0700 20:39:43.0700 1080 SystemInfo: 20:39:43.0700 1080 20:39:43.0700 1080 OS Version: 6.0.6002 ServicePack: 2.0 20:39:43.0700 1080 Product type: Workstation 20:39:43.0700 1080 ComputerName: HOMEPC 20:39:43.0700 1080 UserName: Gill family 20:39:43.0700 1080 Windows directory: C:\Windows 20:39:43.0700 1080 System windows directory: C:\Windows 20:39:43.0700 1080 Running under WOW64 20:39:43.0700 1080 Processor architecture: Intel x64 20:39:43.0716 1080 Number of processors: 2 20:39:43.0716 1080 Page size: 0x1000 20:39:43.0716 1080 Boot type: Normal boot 20:39:43.0716 1080 ============================================================ 20:39:59.0488 1080 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:39:59.0519 1080 ============================================================ 20:39:59.0519 1080 \Device\Harddisk0\DR0: 20:39:59.0519 1080 MBR partitions: 20:39:59.0519 1080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800 20:39:59.0519 1080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x12017000 20:39:59.0519 1080 ============================================================ 20:39:59.0768 1080 C: <-> \Device\Harddisk0\DR0\Partition1 20:40:01.0765 1080 D: <-> \Device\Harddisk0\DR0\Partition2 20:40:01.0765 1080 ============================================================ 20:40:01.0765 1080 Initialize success 20:40:01.0765 1080 ============================================================ 20:40:22.0271 4724 ============================================================ 20:40:22.0271 4724 Scan started 20:40:22.0271 4724 Mode: Manual; SigCheck; TDLFS; 20:40:22.0271 4724 ============================================================ 20:40:25.0734 4724 ================ Scan system memory ======================== 20:40:25.0734 4724 System memory - ok 20:40:25.0734 4724 ================ Scan services ============================= 20:40:27.0232 4724 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 20:40:27.0497 4724 ACPI - ok 20:40:27.0700 4724 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:40:28.0043 4724 adp94xx - ok 20:40:28.0136 4724 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:40:28.0214 4724 adpahci - ok 20:40:28.0261 4724 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 20:40:28.0370 4724 adpu160m - ok 20:40:28.0464 4724 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:40:28.0604 4724 adpu320 - ok 20:40:28.0651 4724 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:40:29.0384 4724 AeLookupSvc - ok 20:40:29.0478 4724 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 20:40:29.0587 4724 AFD - ok 20:40:29.0618 4724 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:40:29.0665 4724 agp440 - ok 20:40:29.0681 4724 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 20:40:29.0743 4724 aic78xx - ok 20:40:29.0759 4724 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 20:40:30.0367 4724 ALG - ok 20:40:30.0414 4724 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys 20:40:30.0445 4724 aliide - ok 20:40:30.0461 4724 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 20:40:30.0476 4724 amdide - ok 20:40:30.0508 4724 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:40:30.0632 4724 AmdK8 - ok 20:40:30.0664 4724 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 20:40:30.0757 4724 Appinfo - ok 20:40:30.0898 4724 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:40:30.0929 4724 Apple Mobile Device - ok 20:40:30.0991 4724 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 20:40:31.0054 4724 arc - ok 20:40:31.0069 4724 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:40:31.0100 4724 arcsas - ok 20:40:31.0116 4724 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:40:31.0241 4724 AsyncMac - ok 20:40:31.0272 4724 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys 20:40:31.0288 4724 atapi - ok 20:40:31.0350 4724 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:40:31.0475 4724 AudioEndpointBuilder - ok 20:40:31.0553 4724 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:40:31.0615 4724 AudioSrv - ok 20:40:31.0771 4724 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe 20:40:31.0912 4724 AVG Security Toolbar Service - ok 20:40:32.0536 4724 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe 20:40:34.0938 4724 AVGIDSAgent - ok 20:40:34.0985 4724 [ 6AB06C4E99F575B9B5701A33BA9FD19E ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 20:40:35.0000 4724 AVGIDSDriver - ok 20:40:35.0063 4724 [ 0994BA65388C7D5282242D1124FE8373 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 20:40:35.0063 4724 AVGIDSEH - ok 20:40:35.0110 4724 [ BF9EBE32B3827991D2100FCEBCA1AF01 ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 20:40:35.0110 4724 AVGIDSFilter - ok 20:40:35.0172 4724 [ 5D9D7009EDA9338F286730390DBEB5B6 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 20:40:35.0203 4724 Avgldx64 - ok 20:40:35.0219 4724 [ 997D002827D3E3DCBBB25BF46DB161AB ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 20:40:35.0250 4724 Avgmfx64 - ok 20:40:35.0281 4724 [ BCCFE3374C887075CDE2AC8FDB1CB2F8 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 20:40:35.0312 4724 Avgrkx64 - ok 20:40:35.0344 4724 [ 0D49ADCEBE243B79366EA523B647519A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 20:40:35.0390 4724 Avgtdia - ok 20:40:35.0453 4724 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys 20:40:35.0484 4724 avgtp - ok 20:40:35.0546 4724 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe 20:40:35.0593 4724 avgwd - ok 20:40:35.0609 4724 Beep - ok 20:40:35.0718 4724 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 20:40:35.0858 4724 BFE - ok 20:40:36.0077 4724 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll 20:40:37.0153 4724 BITS - ok 20:40:37.0200 4724 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 20:40:37.0387 4724 blbdrive - ok 20:40:37.0699 4724 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:40:37.0871 4724 Bonjour Service - ok 20:40:37.0933 4724 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:40:38.0058 4724 bowser - ok 20:40:38.0105 4724 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 20:40:38.0245 4724 BrFiltLo - ok 20:40:38.0308 4724 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 20:40:38.0432 4724 BrFiltUp - ok 20:40:38.0479 4724 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 20:40:38.0713 4724 Browser - ok 20:40:38.0776 4724 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 20:40:40.0008 4724 Brserid - ok 20:40:40.0070 4724 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 20:40:40.0320 4724 BrSerWdm - ok 20:40:40.0382 4724 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 20:40:40.0757 4724 BrUsbMdm - ok 20:40:40.0835 4724 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 20:40:41.0006 4724 BrUsbSer - ok 20:40:41.0038 4724 [ 86F46C41F773DA5A4A1D221C9201E3B8 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 20:40:41.0147 4724 BthEnum - ok 20:40:41.0209 4724 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:40:41.0506 4724 BTHMODEM - ok 20:40:41.0537 4724 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 20:40:42.0021 4724 BthPan - ok 20:40:42.0131 4724 [ E76F40C8DFFD33B6F142DE90D3CABB73 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 20:40:42.0396 4724 BTHPORT - ok 20:40:42.0474 4724 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll 20:40:42.0599 4724 BthServ - ok 20:40:42.0677 4724 [ CD52602D1884C6867269BABCB67849C5 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 20:40:42.0770 4724 BTHUSB - ok 20:40:42.0801 4724 btwaudio - ok 20:40:42.0801 4724 btwavdt - ok 20:40:42.0817 4724 btwl2cap - ok 20:40:42.0817 4724 btwrchid - ok 20:40:42.0848 4724 catchme - ok 20:40:42.0926 4724 [ C25362669072F6AA8D4C3415D8B30B7A ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys 20:40:43.0051 4724 CAXHWAZL - ok 20:40:43.0082 4724 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:40:43.0160 4724 cdfs - ok 20:40:43.0223 4724 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:40:43.0316 4724 cdrom - ok 20:40:43.0379 4724 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 20:40:43.0503 4724 CertPropSvc - ok 20:40:43.0597 4724 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys 20:40:43.0753 4724 circlass - ok 20:40:44.0580 4724 [ 99D4341773731B0D6D6B81FF3D35D7B0 ] Cisco Media Server C:\Program Files (x86)\Cisco Media Center\AVMediaServer.exe 20:40:45.0344 4724 Cisco Media Server ( UnsignedFile.Multi.Generic ) - warning 20:40:45.0344 4724 Cisco Media Server - detected UnsignedFile.Multi.Generic (1) 20:40:45.0391 4724 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 20:40:45.0485 4724 CLFS - ok 20:40:45.0687 4724 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:40:45.0813 4724 clr_optimization_v2.0.50727_32 - ok 20:40:46.0250 4724 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:40:46.0375 4724 clr_optimization_v2.0.50727_64 - ok 20:40:46.0484 4724 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:40:46.0812 4724 clr_optimization_v4.0.30319_32 - ok 20:40:46.0999 4724 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:40:47.0451 4724 clr_optimization_v4.0.30319_64 - ok 20:40:47.0560 4724 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:40:47.0716 4724 CmBatt - ok 20:40:47.0794 4724 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:40:47.0826 4724 cmdide - ok 20:40:47.0904 4724 [ 73B6990CB91D0B249CB104B7DAC1E4A3 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 20:40:48.0060 4724 CnxtHdAudService - ok 20:40:48.0106 4724 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:40:48.0122 4724 Compbatt - ok 20:40:48.0138 4724 COMSysApp - ok 20:40:48.0169 4724 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:40:48.0200 4724 crcdisk - ok 20:40:48.0262 4724 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:40:48.0356 4724 CryptSvc - ok 20:40:48.0403 4724 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 20:40:48.0512 4724 DcomLaunch - ok 20:40:48.0559 4724 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:40:48.0606 4724 DfsC - ok 20:40:48.0730 4724 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 20:40:49.0214 4724 DFSR - ok 20:40:49.0323 4724 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 20:40:49.0386 4724 Dhcp - ok 20:40:49.0448 4724 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 20:40:49.0495 4724 disk - ok 20:40:49.0542 4724 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:40:49.0838 4724 Dnscache - ok 20:40:49.0900 4724 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 20:40:50.0041 4724 dot3svc - ok 20:40:50.0088 4724 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 20:40:50.0212 4724 DPS - ok 20:40:50.0275 4724 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:40:50.0431 4724 drmkaud - ok 20:40:50.0587 4724 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:40:50.0696 4724 DXGKrnl - ok 20:40:50.0758 4724 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 20:40:50.0899 4724 E1G60 - ok 20:40:50.0946 4724 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 20:40:51.0024 4724 EapHost - ok 20:40:51.0070 4724 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 20:40:51.0102 4724 Ecache - ok 20:40:51.0258 4724 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:40:51.0414 4724 ehRecvr - ok 20:40:51.0445 4724 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 20:40:51.0492 4724 ehSched - ok 20:40:51.0538 4724 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 20:40:51.0648 4724 ehstart - ok 20:40:51.0804 4724 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:40:52.0053 4724 elxstor - ok 20:40:52.0178 4724 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 20:40:52.0365 4724 EMDMgmt - ok 20:40:52.0474 4724 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe 20:40:52.0490 4724 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning 20:40:52.0490 4724 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1) 20:40:52.0724 4724 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe 20:40:52.0896 4724 EpsonCustomerParticipation - ok 20:40:52.0958 4724 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe 20:40:53.0005 4724 EpsonScanSvc - ok 20:40:53.0083 4724 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:40:53.0239 4724 ErrDev - ok 20:40:53.0317 4724 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe 20:40:53.0348 4724 ETService ( UnsignedFile.Multi.Generic ) - warning 20:40:53.0348 4724 ETService - detected UnsignedFile.Multi.Generic (1) 20:40:53.0442 4724 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 20:40:53.0504 4724 EventSystem - ok 20:40:53.0566 4724 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 20:40:53.0629 4724 exfat - ok 20:40:53.0676 4724 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:40:53.0769 4724 fastfat - ok 20:40:53.0801 4724 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:40:53.0879 4724 fdc - ok 20:40:53.0911 4724 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 20:40:56.0297 4724 fdPHost - ok 20:40:56.0438 4724 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 20:40:56.0641 4724 FDResPub - ok 20:40:56.0703 4724 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:40:56.0843 4724 FileInfo - ok 20:40:56.0999 4724 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:41:01.0055 4724 Filetrace - ok 20:41:01.0087 4724 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:41:01.0211 4724 flpydisk - ok 20:41:01.0352 4724 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:41:01.0508 4724 FltMgr - ok 20:41:01.0835 4724 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 20:41:02.0054 4724 FontCache - ok 20:41:02.0116 4724 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:41:02.0163 4724 FontCache3.0.0.0 - ok 20:41:02.0194 4724 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 20:41:02.0257 4724 fssfltr - ok 20:41:02.0725 4724 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 20:41:04.0191 4724 fsssvc - ok 20:41:04.0269 4724 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:41:04.0363 4724 Fs_Rec - ok 20:41:04.0409 4724 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:41:04.0487 4724 gagp30kx - ok 20:41:04.0581 4724 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys 20:41:04.0597 4724 GEARAspiWDM - ok 20:41:04.0753 4724 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 20:41:04.0831 4724 gpsvc - ok 20:41:04.0877 4724 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 20:41:04.0940 4724 gusvc - ok 20:41:05.0018 4724 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:41:05.0283 4724 HdAudAddService - ok 20:41:05.0470 4724 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:41:05.0642 4724 HDAudBus - ok 20:41:05.0673 4724 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:41:06.0094 4724 HidBth - ok 20:41:06.0141 4724 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 20:41:06.0297 4724 HidIr - ok 20:41:06.0391 4724 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll 20:41:06.0453 4724 hidserv - ok 20:41:06.0500 4724 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:41:06.0578 4724 HidUsb - ok 20:41:06.0609 4724 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 20:41:06.0812 4724 hkmsvc - ok 20:41:06.0937 4724 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 20:41:07.0030 4724 HpCISSs - ok 20:41:07.0186 4724 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS 20:41:07.0264 4724 HSFHWAZL - ok 20:41:07.0389 4724 [ 14492080EC1C7FF89673A98F0E6162F1 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll 20:41:07.0467 4724 HsfXAudioService - ok 20:41:07.0561 4724 [ C8ECF7D2FD3F20078DFB3BD5F1E51F23 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys 20:41:08.0013 4724 HSF_DPV - ok 20:41:08.0138 4724 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:41:08.0528 4724 HTTP - ok 20:41:08.0575 4724 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 20:41:08.0590 4724 i2omp - ok 20:41:08.0637 4724 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:41:08.0684 4724 i8042prt - ok 20:41:08.0809 4724 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 20:41:08.0871 4724 IAANTMON - ok 20:41:08.0902 4724 [ FC28E90F2204D8FD147FA9BFA8A51C01 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 20:41:08.0933 4724 iaStor - ok 20:41:08.0996 4724 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 20:41:09.0089 4724 iaStorV - ok 20:41:09.0136 4724 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:41:09.0167 4724 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:41:09.0167 4724 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:41:09.0261 4724 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:41:09.0370 4724 idsvc - ok 20:41:10.0338 4724 [ 8254F64C0B738C167B7F487ED7C28DB5 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 20:41:13.0178 4724 igfx - ok 20:41:13.0193 4724 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:41:13.0256 4724 iirsp - ok 20:41:13.0412 4724 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 20:41:13.0770 4724 IKEEXT - ok 20:41:13.0864 4724 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys 20:41:13.0880 4724 int15 - ok 20:41:13.0942 4724 [ BD37227C07179B1040A8896B9C0C146B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys 20:41:14.0004 4724 IntcHdmiAddService - ok 20:41:14.0051 4724 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 20:41:14.0082 4724 intelide - ok 20:41:14.0145 4724 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:41:14.0207 4724 intelppm - ok 20:41:14.0270 4724 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:41:14.0348 4724 IPBusEnum - ok 20:41:14.0410 4724 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:41:14.0472 4724 IpFilterDriver - ok 20:41:14.0519 4724 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:41:14.0597 4724 iphlpsvc - ok 20:41:14.0613 4724 IpInIp - ok 20:41:14.0661 4724 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 20:41:14.0754 4724 IPMIDRV - ok 20:41:14.0785 4724 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 20:41:14.0848 4724 IPNAT - ok 20:41:14.0957 4724 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:41:15.0004 4724 iPod Service - ok 20:41:15.0035 4724 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:41:15.0597 4724 IRENUM - ok 20:41:15.0612 4724 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:41:15.0660 4724 isapnp - ok 20:41:15.0707 4724 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 20:41:15.0722 4724 iScsiPrt - ok 20:41:15.0785 4724 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 20:41:15.0847 4724 iteatapi - ok 20:41:15.0894 4724 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 20:41:15.0910 4724 iteraid - ok 20:41:15.0988 4724 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:41:16.0019 4724 kbdclass - ok 20:41:16.0034 4724 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:41:16.0128 4724 kbdhid - ok 20:41:16.0159 4724 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 20:41:16.0253 4724 KeyIso - ok 20:41:16.0502 4724 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:41:16.0643 4724 KSecDD - ok 20:41:16.0691 4724 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:41:16.0815 4724 ksthunk - ok 20:41:16.0847 4724 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 20:41:16.0956 4724 KtmRm - ok 20:41:17.0018 4724 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll 20:41:17.0096 4724 LanmanServer - ok 20:41:17.0143 4724 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:41:17.0205 4724 LanmanWorkstation - ok 20:41:17.0315 4724 [ 06DC2FDC6282F0D68910417B1150C848 ] LinksysUpdater C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe 20:41:17.0377 4724 LinksysUpdater ( UnsignedFile.Multi.Generic ) - warning 20:41:17.0377 4724 LinksysUpdater - detected UnsignedFile.Multi.Generic (1) 20:41:17.0408 4724 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:41:17.0502 4724 lltdio - ok 20:41:17.0595 4724 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:41:17.0705 4724 lltdsvc - ok 20:41:17.0736 4724 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:41:17.0845 4724 lmhosts - ok 20:41:17.0892 4724 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:41:17.0923 4724 LSI_FC - ok 20:41:17.0954 4724 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:41:17.0985 4724 LSI_SAS - ok 20:41:18.0001 4724 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:41:18.0032 4724 LSI_SCSI - ok 20:41:18.0063 4724 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 20:41:18.0141 4724 luafv - ok 20:41:18.0297 4724 [ 17F118A3123A566A538341A62E4D8D35 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe 20:41:18.0329 4724 MatSvc - ok 20:41:18.0360 4724 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:41:18.0375 4724 Mcx2Svc - ok 20:41:18.0407 4724 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 20:41:18.0438 4724 mdmxsdk - ok 20:41:18.0500 4724 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 20:41:18.0609 4724 megasas - ok 20:41:18.0734 4724 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 20:41:18.0906 4724 MegaSR - ok 20:41:19.0062 4724 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 20:41:19.0155 4724 MMCSS - ok 20:41:19.0187 4724 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 20:41:19.0249 4724 Modem - ok 20:41:19.0311 4724 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:41:19.0374 4724 monitor - ok 20:41:19.0405 4724 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:41:19.0436 4724 mouclass - ok 20:41:19.0499 4724 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:41:20.0825 4724 mouhid - ok 20:41:20.0856 4724 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 20:41:20.0887 4724 MountMgr - ok 20:41:21.0074 4724 [ 19E4BAA7BE36144C41AF844DE1CFB50D ] Movielink Core Service C:\Program Files (x86)\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe 20:41:21.0386 4724 Movielink Core Service - ok 20:41:21.0417 4724 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 20:41:21.0464 4724 mpio - ok 20:41:21.0480 4724 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:41:21.0542 4724 mpsdrv - ok 20:41:21.0620 4724 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll 20:41:21.0698 4724 MpsSvc - ok 20:41:21.0714 4724 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 20:41:21.0745 4724 Mraid35x - ok 20:41:21.0792 4724 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:41:21.0854 4724 MRxDAV - ok 20:41:21.0885 4724 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:41:21.0932 4724 mrxsmb - ok 20:41:21.0979 4724 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:41:22.0010 4724 mrxsmb10 - ok 20:41:22.0057 4724 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:41:22.0088 4724 mrxsmb20 - ok 20:41:22.0151 4724 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys 20:41:22.0197 4724 msahci - ok 20:41:22.0229 4724 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:41:22.0291 4724 msdsm - ok 20:41:22.0307 4724 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 20:41:22.0385 4724 MSDTC - ok 20:41:22.0416 4724 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:41:22.0494 4724 Msfs - ok 20:41:22.0541 4724 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:41:22.0603 4724 msisadrv - ok 20:41:22.0665 4724 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:41:22.0759 4724 MSiSCSI - ok 20:41:22.0759 4724 msiserver - ok 20:41:22.0806 4724 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:41:22.0868 4724 MSKSSRV - ok 20:41:22.0899 4724 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:41:22.0962 4724 MSPCLOCK - ok 20:41:23.0009 4724 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:41:23.0055 4724 MSPQM - ok 20:41:23.0180 4724 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:41:23.0321 4724 MsRPC - ok 20:41:23.0352 4724 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:41:23.0367 4724 mssmbios - ok 20:41:23.0414 4724 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:41:23.0555 4724 MSTEE - ok 20:41:23.0601 4724 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 20:41:23.0648 4724 Mup - ok 20:41:23.0711 4724 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 20:41:23.0820 4724 napagent - ok 20:41:23.0882 4724 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:41:23.0929 4724 NativeWifiP - ok 20:41:23.0976 4724 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:41:24.0023 4724 NDIS - ok 20:41:24.0054 4724 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:41:24.0101 4724 NdisTapi - ok 20:41:24.0132 4724 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:41:24.0179 4724 Ndisuio - ok 20:41:24.0210 4724 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:41:24.0272 4724 NdisWan - ok 20:41:24.0303 4724 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:41:24.0366 4724 NDProxy - ok 20:41:24.0413 4724 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:41:24.0522 4724 NetBIOS - ok 20:41:24.0569 4724 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 20:41:24.0647 4724 netbt - ok 20:41:24.0662 4724 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 20:41:24.0693 4724 Netlogon - ok 20:41:24.0819 4724 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 20:41:24.0944 4724 Netman - ok 20:41:24.0991 4724 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 20:41:25.0053 4724 netprofm - ok 20:41:25.0100 4724 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:41:25.0381 4724 NetTcpPortSharing - ok 20:41:25.0677 4724 [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys 20:41:26.0224 4724 NETw5v64 - ok 20:41:26.0287 4724 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:41:26.0318 4724 nfrd960 - ok 20:41:26.0396 4724 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 20:41:26.0489 4724 NlaSvc - ok 20:41:26.0677 4724 [ CD2FE9C33CFD0FE0AF124E05907E5C3D ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe 20:41:26.0723 4724 nmservice - ok 20:41:26.0771 4724 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:41:26.0849 4724 Npfs - ok 20:41:26.0896 4724 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 20:41:26.0958 4724 nsi - ok 20:41:26.0990 4724 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:41:27.0161 4724 nsiproxy - ok 20:41:27.0614 4724 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:41:27.0894 4724 Ntfs - ok 20:41:27.0941 4724 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 20:41:28.0066 4724 Null - ok 20:41:28.0082 4724 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:41:28.0113 4724 nvraid - ok 20:41:28.0128 4724 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:41:28.0160 4724 nvstor - ok 20:41:28.0175 4724 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:41:28.0206 4724 nv_agp - ok 20:41:28.0206 4724 NwlnkFlt - ok 20:41:28.0222 4724 NwlnkFwd - ok 20:41:28.0284 4724 [ D955D5DE998DB2476BF0892BE3A96C26 ] o2flash C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe 20:41:28.0284 4724 o2flash ( UnsignedFile.Multi.Generic ) - warning 20:41:28.0284 4724 o2flash - detected UnsignedFile.Multi.Generic (1) 20:41:28.0347 4724 [ 2481724EACE9FC86E454402A280B56C6 ] O2MDRDR C:\Windows\system32\DRIVERS\o2mdx64.sys 20:41:28.0394 4724 O2MDRDR - ok 20:41:28.0456 4724 [ C88959545B5F598791D30314C7DB5718 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sdx64.sys 20:41:28.0472 4724 O2SDRDR - ok 20:41:28.0690 4724 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:41:28.0799 4724 odserv - ok 20:41:28.0846 4724 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:41:28.0986 4724 ohci1394 - ok 20:41:29.0018 4724 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:41:29.0080 4724 ose - ok 20:41:29.0267 4724 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 20:41:29.0376 4724 p2pimsvc - ok 20:41:29.0408 4724 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 20:41:29.0486 4724 p2psvc - ok 20:41:29.0548 4724 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 20:41:29.0782 4724 Parport - ok 20:41:29.0860 4724 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:41:29.0907 4724 partmgr - ok 20:41:29.0938 4724 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 20:41:29.0985 4724 PcaSvc - ok 20:41:30.0016 4724 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 20:41:30.0047 4724 pci - ok 20:41:30.0094 4724 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys 20:41:30.0110 4724 pciide - ok 20:41:30.0141 4724 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:41:30.0172 4724 pcmcia - ok 20:41:30.0219 4724 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:41:30.0328 4724 PEAUTH - ok 20:41:30.0390 4724 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:41:30.0468 4724 PerfHost - ok 20:41:30.0562 4724 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 20:41:30.0796 4724 pla - ok 20:41:30.0874 4724 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:41:30.0999 4724 PlugPlay - ok 20:41:31.0061 4724 [ 4FF73A83A25D0EEAD4F5E6C841BB6704 ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys 20:41:31.0077 4724 pnarp - ok 20:41:31.0124 4724 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 20:41:31.0233 4724 PNRPAutoReg - ok 20:41:31.0389 4724 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 20:41:31.0545 4724 PNRPsvc - ok 20:41:31.0685 4724 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:41:31.0857 4724 PolicyAgent - ok 20:41:31.0919 4724 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:41:32.0013 4724 PptpMiniport - ok 20:41:32.0091 4724 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys 20:41:32.0184 4724 Processor - ok 20:41:32.0262 4724 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 20:41:32.0372 4724 ProfSvc - ok 20:41:32.0387 4724 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 20:41:32.0403 4724 ProtectedStorage - ok 20:41:32.0465 4724 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 20:41:32.0528 4724 PSched - ok 20:41:32.0606 4724 [ 9A68A89F10F283A23AFEE2A1BFE4BFFB ] purendis C:\Windows\system32\DRIVERS\purendis.sys 20:41:32.0621 4724 purendis - ok 20:41:32.0902 4724 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:41:33.0089 4724 ql2300 - ok 20:41:33.0136 4724 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:41:33.0214 4724 ql40xx - ok 20:41:33.0292 4724 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 20:41:33.0370 4724 QWAVE - ok 20:41:33.0386 4724 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:41:33.0464 4724 QWAVEdrv - ok 20:41:33.0510 4724 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:41:33.0744 4724 RasAcd - ok 20:41:33.0807 4724 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 20:41:33.0869 4724 RasAuto - ok 20:41:33.0932 4724 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:41:34.0072 4724 Rasl2tp - ok 20:41:34.0103 4724 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 20:41:34.0150 4724 RasMan - ok 20:41:34.0197 4724 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:41:34.0290 4724 RasPppoe - ok 20:41:34.0337 4724 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:41:34.0384 4724 RasSstp - ok 20:41:34.0415 4724 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:41:34.0478 4724 rdbss - ok 20:41:34.0509 4724 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:41:34.0587 4724 RDPCDD - ok 20:41:34.0634 4724 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 20:41:34.0758 4724 rdpdr - ok 20:41:34.0774 4724 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:41:34.0868 4724 RDPENCDD - ok 20:41:34.0946 4724 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:41:35.0055 4724 RDPWD - ok 20:41:35.0117 4724 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:41:35.0195 4724 RemoteAccess - ok 20:41:35.0273 4724 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:41:35.0336 4724 RemoteRegistry - ok 20:41:35.0367 4724 [ F228CE2F778503CECB2B27097B5B3139 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 20:41:35.0445 4724 RFCOMM - ok 20:41:35.0492 4724 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 20:41:35.0554 4724 RpcLocator - ok 20:41:35.0757 4724 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 20:41:35.0819 4724 RpcSs - ok 20:41:35.0850 4724 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:41:35.0960 4724 rspndr - ok 20:41:35.0975 4724 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 20:41:36.0006 4724 SamSs - ok 20:41:36.0022 4724 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:41:36.0084 4724 sbp2port - ok 20:41:36.0131 4724 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:41:36.0225 4724 SCardSvr - ok 20:41:36.0381 4724 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 20:41:36.0599 4724 Schedule - ok 20:41:36.0630 4724 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:41:36.0677 4724 SCPolicySvc - ok 20:41:36.0708 4724 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 20:41:36.0833 4724 sdbus - ok 20:41:36.0880 4724 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:41:36.0958 4724 SDRSVC - ok 20:41:37.0161 4724 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 20:41:37.0254 4724 SeaPort - ok 20:41:37.0317 4724 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:41:37.0457 4724 secdrv - ok 20:41:37.0535 4724 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 20:41:37.0613 4724 seclogon - ok 20:41:37.0660 4724 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll 20:41:37.0722 4724 SENS - ok 20:41:37.0754 4724 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 20:41:37.0847 4724 Serenum - ok 20:41:37.0925 4724 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 20:41:38.0050 4724 Serial - ok 20:41:38.0097 4724 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:41:38.0159 4724 sermouse - ok 20:41:38.0206 4724 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 20:41:38.0268 4724 SessionEnv - ok 20:41:38.0300 4724 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:41:38.0362 4724 sffdisk - ok 20:41:38.0424 4724 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:41:38.0518 4724 sffp_mmc - ok 20:41:38.0565 4724 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:41:38.0674 4724 sffp_sd - ok 20:41:38.0690 4724 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:41:38.0799 4724 sfloppy - ok 20:41:38.0861 4724 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:41:38.0924 4724 SharedAccess - ok 20:41:38.0970 4724 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:41:39.0033 4724 ShellHWDetection - ok 20:41:39.0048 4724 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 20:41:39.0080 4724 SiSRaid2 - ok 20:41:39.0095 4724 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:41:39.0126 4724 SiSRaid4 - ok 20:41:39.0220 4724 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:41:39.0236 4724 SkypeUpdate - ok 20:41:39.0563 4724 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 20:41:39.0969 4724 slsvc - ok 20:41:40.0031 4724 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 20:41:40.0094 4724 SLUINotify - ok 20:41:40.0140 4724 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:41:40.0374 4724 Smb - ok 20:41:40.0624 4724 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:41:40.0686 4724 SNMPTRAP - ok 20:41:40.0749 4724 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 20:41:40.0764 4724 spldr - ok 20:41:40.0858 4724 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 20:41:40.0967 4724 Spooler - ok 20:41:40.0998 4724 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 20:41:41.0123 4724 srv - ok 20:41:41.0201 4724 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:41:41.0295 4724 srv2 - ok 20:41:41.0357 4724 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:41:41.0420 4724 srvnet - ok 20:41:41.0529 4724 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:41:41.0607 4724 SSDPSRV - ok 20:41:41.0669 4724 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:41:41.0716 4724 SstpSvc - ok 20:41:41.0856 4724 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 20:41:41.0934 4724 stisvc - ok 20:41:41.0981 4724 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:41:41.0997 4724 swenum - ok 20:41:42.0168 4724 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 20:41:42.0262 4724 swprv - ok 20:41:42.0309 4724 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 20:41:42.0449 4724 Symc8xx - ok 20:41:42.0496 4724 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 20:41:42.0668 4724 Sym_hi - ok 20:41:42.0730 4724 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 20:41:42.0792 4724 Sym_u3 - ok 20:41:42.0855 4724 [ 437A9D8B5AE2067D44EB60C953EDC8A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 20:41:42.0902 4724 SynTP - ok 20:41:43.0276 4724 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 20:41:43.0479 4724 SysMain - ok 20:41:43.0526 4724 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:41:43.0682 4724 TabletInputService - ok 20:41:43.0838 4724 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:41:43.0978 4724 TapiSrv - ok 20:41:44.0025 4724 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 20:41:44.0072 4724 TBS - ok 20:41:44.0165 4724 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:41:44.0415 4724 Tcpip - ok 20:41:44.0727 4724 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 20:41:44.0820 4724 Tcpip6 - ok 20:41:44.0883 4724 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:41:44.0945 4724 tcpipreg - ok 20:41:44.0976 4724 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:41:45.0070 4724 TDPIPE - ok 20:41:45.0117 4724 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:41:45.0195 4724 TDTCP - ok 20:41:45.0257 4724 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:41:45.0398 4724 tdx - ok 20:41:45.0429 4724 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:41:45.0476 4724 TermDD - ok 20:41:45.0585 4724 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 20:41:45.0694 4724 TermService - ok 20:41:45.0741 4724 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 20:41:45.0788 4724 Themes - ok 20:41:45.0803 4724 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 20:41:45.0866 4724 THREADORDER - ok 20:41:45.0897 4724 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 20:41:45.0990 4724 TrkWks - ok 20:41:46.0053 4724 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:41:46.0131 4724 TrustedInstaller - ok 20:41:46.0193 4724 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:41:46.0287 4724 tssecsrv - ok 20:41:46.0302 4724 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 20:41:46.0349 4724 tunmp - ok 20:41:46.0412 4724 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:41:46.0458 4724 tunnel - ok 20:41:46.0505 4724 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:41:46.0583 4724 uagp35 - ok 20:41:46.0708 4724 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:41:46.0848 4724 udfs - ok 20:41:46.0895 4724 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:41:46.0958 4724 UI0Detect - ok 20:41:47.0004 4724 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:41:47.0051 4724 uliagpkx - ok 20:41:47.0129 4724 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 20:41:47.0207 4724 uliahci - ok 20:41:47.0223 4724 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 20:41:47.0254 4724 UlSata - ok 20:41:47.0285 4724 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 20:41:47.0316 4724 ulsata2 - ok 20:41:47.0348 4724 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:41:47.0394 4724 umbus - ok 20:41:47.0441 4724 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 20:41:47.0504 4724 upnphost - ok 20:41:47.0535 4724 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 20:41:47.0550 4724 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning 20:41:47.0550 4724 USBAAPL64 - detected UnsignedFile.Multi.Generic (1) 20:41:47.0597 4724 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:41:47.0706 4724 usbaudio - ok 20:41:47.0722 4724 [ E493A1AB49CEC05E48828CF949A5A2C3 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys 20:41:47.0784 4724 usbbus - ok 20:41:47.0847 4724 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:41:47.0925 4724 usbccgp - ok 20:41:47.0940 4724 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:41:48.0050 4724 usbcir - ok 20:41:48.0112 4724 [ 0614C32187D0D12AD971D83DF2EB9B53 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys 20:41:48.0299 4724 UsbDiag - ok 20:41:48.0330 4724 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:41:48.0393 4724 usbehci - ok 20:41:48.0455 4724 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:41:48.0549 4724 usbhub - ok 20:41:48.0580 4724 [ ECC1F29B4D25EF757BD0986C6A0518D6 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys 20:41:48.0627 4724 USBModem - ok 20:41:48.0658 4724 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:41:48.0767 4724 usbohci - ok 20:41:48.0783 4724 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys 20:41:48.0908 4724 usbprint - ok 20:41:48.0970 4724 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:41:49.0064 4724 USBSTOR - ok 20:41:49.0079 4724 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:41:49.0126 4724 usbuhci - ok 20:41:49.0220 4724 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 20:41:49.0282 4724 usbvideo - ok 20:41:49.0329 4724 [ 56ED086F1300ECB1E6F67AC43955E5E9 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS 20:41:49.0360 4724 UVCFTR - ok 20:41:49.0407 4724 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 20:41:49.0438 4724 UxSms - ok 20:41:49.0532 4724 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 20:41:49.0688 4724 vds - ok 20:41:49.0734 4724 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:41:49.0844 4724 vga - ok 20:41:49.0875 4724 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 20:41:49.0968 4724 VgaSave - ok 20:41:50.0000 4724 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 20:41:50.0046 4724 viaide - ok 20:41:50.0093 4724 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:41:50.0124 4724 volmgr - ok 20:41:50.0171 4724 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:41:50.0202 4724 volmgrx - ok 20:41:50.0748 4724 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:41:50.0889 4724 volsnap - ok 20:41:50.0982 4724 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:41:51.0029 4724 vsmraid - ok 20:41:51.0201 4724 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 20:41:51.0326 4724 VSS - ok 20:41:51.0450 4724 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe 20:41:51.0528 4724 vToolbarUpdater14.2.0 - ok 20:41:51.0591 4724 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 20:41:51.0809 4724 W32Time - ok 20:41:51.0856 4724 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:41:51.0981 4724 WacomPen - ok 20:41:52.0043 4724 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 20:41:52.0121 4724 Wanarp - ok 20:41:52.0121 4724 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:41:52.0168 4724 Wanarpv6 - ok 20:41:52.0215 4724 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:41:52.0277 4724 wcncsvc - ok 20:41:52.0324 4724 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:41:52.0574 4724 WcsPlugInService - ok 20:41:52.0589 4724 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 20:41:52.0620 4724 Wd - ok 20:41:52.0667 4724 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:41:52.0714 4724 Wdf01000 - ok 20:41:52.0745 4724 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:41:52.0823 4724 WdiServiceHost - ok 20:41:52.0839 4724 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:41:52.0886 4724 WdiSystemHost - ok 20:41:52.0932 4724 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 20:41:52.0979 4724 WebClient - ok 20:41:53.0042 4724 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:41:53.0088 4724 Wecsvc - ok 20:41:53.0151 4724 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:41:53.0229 4724 wercplsupport - ok 20:41:53.0260 4724 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 20:41:53.0307 4724 WerSvc - ok 20:41:53.0369 4724 [ 40EFEE2FD560EB0438F3AEBD5BF751B4 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys 20:41:53.0447 4724 winachsf - ok 20:41:53.0494 4724 WinDefend - ok 20:41:53.0510 4724 WinHttpAutoProxySvc - ok 20:41:53.0806 4724 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:41:53.0884 4724 Winmgmt - ok 20:41:53.0962 4724 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll 20:41:54.0102 4724 WinRM - ok 20:41:54.0227 4724 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 20:41:54.0321 4724 Wlansvc - ok 20:41:54.0430 4724 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:41:54.0461 4724 wlcrasvc - ok 20:41:55.0179 4724 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:41:55.0553 4724 wlidsvc - ok 20:41:55.0616 4724 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 20:41:55.0662 4724 WmiAcpi - ok 20:41:55.0725 4724 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:41:55.0850 4724 wmiApSrv - ok 20:41:55.0928 4724 WMPNetworkSvc - ok 20:41:56.0021 4724 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:41:56.0099 4724 WPCSvc - ok 20:41:56.0162 4724 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:41:56.0240 4724 WPDBusEnum - ok 20:41:56.0271 4724 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 20:41:56.0302 4724 WpdUsb - ok 20:41:56.0458 4724 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:41:56.0520 4724 WPFFontCache_v0400 - ok 20:41:56.0567 4724 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:41:56.0645 4724 ws2ifsl - ok 20:41:56.0708 4724 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll 20:41:56.0739 4724 wscsvc - ok 20:41:56.0739 4724 WSearch - ok 20:41:56.0988 4724 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:41:57.0191 4724 wuauserv - ok 20:41:57.0332 4724 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:41:57.0410 4724 WudfPf - ok 20:41:57.0456 4724 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:41:57.0503 4724 WUDFRd - ok 20:41:57.0534 4724 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:41:57.0581 4724 wudfsvc - ok 20:41:57.0612 4724 [ C22B223CC6D58E921D78E173172F66F5 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys 20:41:57.0628 4724 XAudio - ok 20:41:57.0675 4724 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe 20:41:57.0722 4724 XAudioService - ok 20:41:57.0800 4724 [ DA1C23F65EF1894AB5B6FF79D81F544A ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys 20:41:57.0971 4724 xnacc - ok 20:41:58.0034 4724 [ 47AEA795C67B7440E60D1F7542CB3D38 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 20:41:58.0112 4724 xusb21 - ok 20:41:58.0174 4724 [ 29184BA4B42847A76BFAB387A2E52FE3 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys 20:41:58.0330 4724 yukonx64 - ok 20:41:58.0346 4724 ================ Scan global =============================== 20:41:58.0439 4724 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 20:41:58.0470 4724 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 20:41:58.0502 4724 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 20:41:58.0595 4724 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 20:41:58.0626 4724 [Global] - ok 20:41:58.0626 4724 ================ Scan MBR ================================== 20:41:58.0642 4724 [ 2D38F4A50470B53943A7DBD02E402E47 ] \Device\Harddisk0\DR0 20:41:58.0642 4724 Suspicious mbr (Forged): \Device\Harddisk0\DR0 20:41:58.0689 4724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 20:41:58.0689 4724 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 20:41:59.0219 4724 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 20:41:59.0219 4724 \Device\Harddisk0\DR0 - detected TDSS File System (1) 20:41:59.0219 4724 ================ Scan VBR ================================== 20:41:59.0235 4724 [ CE0C12AA0ADB7C9ACC3D2523691CAE4A ] \Device\Harddisk0\DR0\Partition1 20:41:59.0282 4724 \Device\Harddisk0\DR0\Partition1 - ok 20:41:59.0328 4724 [ 3516928183ABAFD1A65E8D7AADE7B056 ] \Device\Harddisk0\DR0\Partition2 20:41:59.0360 4724 \Device\Harddisk0\DR0\Partition2 - ok 20:41:59.0360 4724 ================ Scan active images ======================== 20:41:59.0360 4724 ============================================================ 20:41:59.0360 4724 Scan finished 20:41:59.0360 4724 ============================================================ 20:41:59.0375 4716 Detected object count: 9 20:41:59.0375 4716 Actual detected object count: 9 20:44:06.0991 4716 Cisco Media Server ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:06.0991 4716 Cisco Media Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:07.0007 4716 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:07.0007 4716 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:07.0007 4716 ETService ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:07.0007 4716 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:07.0007 4716 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:07.0007 4716 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:07.0022 4716 LinksysUpdater ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:07.0022 4716 LinksysUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:07.0022 4716 o2flash ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:07.0022 4716 o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:07.0022 4716 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user 20:44:07.0022 4716 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:44:09.0877 4716 \Device\Harddisk0\DR0\# - copied to quarantine 20:44:09.0908 4716 \Device\Harddisk0\DR0 - copied to quarantine 20:44:12.0295 4716 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 20:44:12.0311 4716 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 20:44:12.0545 4716 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 20:44:12.0841 4716 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 20:44:12.0857 4716 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 20:44:12.0888 4716 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 20:44:12.0966 4716 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 20:44:13.0060 4716 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 20:44:13.0153 4716 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 20:44:13.0169 4716 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 20:44:13.0184 4716 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 20:44:13.0184 4716 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 20:44:13.0356 4716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 20:44:13.0496 4716 \Device\Harddisk0\DR0 - ok 20:44:15.0478 4716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 20:44:15.0478 4716 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 20:44:15.0478 4716 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 20:44:39.0346 3772 Deinitialize success The MB AntiRootkit found svchost.exe and deleted it. a 2nd run after reboot came back clean. However, many web pages including to my Juno account and this website (MB) are extremely slow to come up (20-30 seconds). I ran the MB Antirootkit a 3rd time and it came back clean. I ran the MB AV program too with no viruses found. Dave
  10. Gringo, I intitiated the TDSSKiller prgram from Safe Mode, selecting Loaded Modules and allowing a reboot to normal mode. However, upon reboot a security window appeared requesting permission to run a program from Kaspersky. I assumed it was the TDSSKiller program so I selected "Yes". Once the desktop appeared a windows message box popped up stating that an error occurred for the TDSS Rootkit removal tool and has been stopped with an option to select "Close Program". I did not select that option but immediately following that pop-up was 2 other Error windows for Quicktime Task and EEventManager. I chose to reboot and run in Safe Mode again. I once again ran thr TDSSKiller program and selected the Loaded Modules option. Upon reboot I opted to run in Safe mode again, thinking the program would load automatically there but it did not. How should I proceed? BTW, it's almost midnight. I will pick this up tomorrow. Thank you for all your assistance so far. Dave
  11. Gringo, here's my ComboFix report. After it ran I rebooted and attempted to run in normal mode. However, during boot up I nticed that my wireless connetion was not working then got the BSOD. ComboFix 13-03-05.01 - Gill family 03/06/2013 22:42:23.1.2 - x64 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3960.3167 [GMT -5:00] Running from: c:\users\Gill family\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\SW21RH.ico c:\programdata\SWASP.ico c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 ))))))))))))))))))))))))))))))) . . 2013-03-07 03:58 . 2013-03-07 03:58 -------- d-----w- c:\users\Gill family\AppData\Local\temp 2013-03-07 03:58 . 2013-03-07 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-07 02:20 . 2013-03-07 02:20 -------- d-----w- c:\users\Gill family\AppData\Local\AVG Secure Search 2013-03-02 16:36 . 2013-02-19 08:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C920AFB-B54A-4C6E-9182-1E07D073B751}\mpengine.dll 2013-02-14 08:12 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-14 08:12 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-13 22:18 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll 2013-02-13 22:18 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll 2013-02-13 22:18 . 2013-01-04 11:31 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 22:18 . 2013-01-04 01:59 2773504 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 22:18 . 2013-01-05 05:37 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-12 08:00 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll 2013-02-12 08:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-02-12 08:00 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll 2013-02-12 08:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-02-12 03:31 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-02-12 03:31 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll 2013-02-12 03:30 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll 2013-02-12 03:30 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll 2013-02-12 03:30 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll 2013-02-12 03:30 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-02-12 03:30 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-19 03:32 . 2012-08-24 17:31 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-02-14 08:08 . 2006-11-02 12:35 70004024 ----a-w- c:\windows\system32\mrt.exe 2013-01-17 06:28 . 2010-03-05 02:04 273840 ------w- c:\windows\system32\MpSigStub.exe 2012-12-14 21:49 . 2010-01-15 00:35 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-09 22:56 . 2012-04-01 15:29 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-09 22:56 . 2011-06-07 02:38 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIEA.EXE" [2011-11-01 278112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-19 1151152] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ECACHE . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-10 1560360] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 151064] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 209432] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 182808] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.juno.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0908&m=mc7801u mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0908&m=mc7801u mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: verizon.com\www22 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Wow6432Node-HKLM-Run-eRecoveryService - (no file) SafeBoot-WudfPf SafeBoot-WudfRd WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3779299010-2798533009-2750939736-1000\Software\SecuROM\License information*] "datasecu"=hex:c6,15,76,90,f2,84,db,c8,99,26,37,85,fa,98,7c,6a,0a,3c,1a,fb,38, 9f,6d,fa,db,12,fe,c1,7c,d7,94,b2,c1,67,63,c1,76,5b,83,a5,87,91,b3,56,8a,9c,\ "rkeysecu"=hex:9a,a4,35,e7,53,7a,f0,3c,fd,bd,a2,f7,9a,ba,71,73 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-03-06 23:03:22 ComboFix-quarantined-files.txt 2013-03-07 04:03 . Pre-Run: 54,012,624,896 bytes free Post-Run: 56,700,518,400 bytes free . - - End Of File - - 07B2F623C7E91CF591EE6D95BB193315
  12. Gringo, I think I've put myself in a bad spot here. I began running CombFix in Safe Mode. However, it detected that AVG was still active. I do not know how to disable it and my initial attempt to 'x' out of Combofix resulted in another window stating that it will conitnue to run with AVG active and I do so at my own risk. What do I do to either stop Combofix or AVG in Safe mode??
  13. Thank you, Gringo. Here are the files requested: CHECKUP Results of screen317's Security Check version 0.99.60 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! AVG Anti-Virus Free Edition 2011 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 3 Java 6 Update 5 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` ADWCleaner # AdwCleaner v2.114 - Logfile created 03/06/2013 at 21:15:36 # Updated 05/03/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Gill family - HOMEPC # Boot Mode : Safe mode with networking # Running from : C:\Users\Gill family\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\AVG Secure Search Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search Deleted on reboot : C:\ProgramData\AVG Secure Search Deleted on reboot : C:\ProgramData\AVG Security Toolbar Deleted on reboot : C:\Users\Gill family\AppData\Local\AVG Secure Search Deleted on reboot : C:\Users\Gill family\AppData\LocalLow\AVG Secure Search Deleted on reboot : C:\Users\Gill family\AppData\LocalLow\AVG Security Toolbar Deleted on reboot : C:\Users\GILLFA~1\AppData\Local\Temp\avg@toolbar ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\AVG Security Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [5339 octets] - [06/03/2013 21:15:36] ########## EOF - C:\AdwCleaner[s1].txt - [5399 octets] ########## ROGUEKILLER RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Gill family [Admin rights] Mode : Scan -- Date : 03/06/2013 21:27:12 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\\svchost.exe [x] -> KILLED [TermProc] [sUSP PATH] ISBEW64.exe -- C:\Windows\Temp\{CEB80D48-CD8E-4423-A7A4-2792FF7137AD}\ISBEW64.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543232L9A300 +++++ --- User --- [MBR] 43f892ac22cbf9898f195dc408d15d6f [bSP] 16d287e0cc2b33f6c73a3470b3514a2b : Acer MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323055616 | Size: 147502 Mo User != LL1 ... KO! --- LL1 --- [MBR] b110f2eed71304c6a3d9ef7ae57deeb9 [bSP] 16d287e0cc2b33f6c73a3470b3514a2b : Acer MBR Code Partition table: 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323055616 | Size: 147502 Mo User != LL2 ... KO! --- LL2 --- [MBR] b110f2eed71304c6a3d9ef7ae57deeb9 [bSP] 16d287e0cc2b33f6c73a3470b3514a2b : Acer MBR Code Partition table: 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323055616 | Size: 147502 Mo Finished : << RKreport[1]_S_03062013_02d2127.txt >> RKreport[1]_S_03062013_02d2127.txt RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Gill family [Admin rights] Mode : Remove -- Date : 03/06/2013 21:29:40 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\\svchost.exe [x] -> KILLED [TermProc] [sUSP PATH] ISBEW64.exe -- C:\Windows\Temp\{CEB80D48-CD8E-4423-A7A4-2792FF7137AD}\ISBEW64.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543232L9A300 +++++ --- User --- [MBR] 43f892ac22cbf9898f195dc408d15d6f [bSP] 16d287e0cc2b33f6c73a3470b3514a2b : Acer MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323055616 | Size: 147502 Mo User != LL1 ... KO! --- LL1 --- [MBR] b110f2eed71304c6a3d9ef7ae57deeb9 [bSP] 16d287e0cc2b33f6c73a3470b3514a2b : Acer MBR Code Partition table: 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323055616 | Size: 147502 Mo User != LL2 ... KO! --- LL2 --- [MBR] b110f2eed71304c6a3d9ef7ae57deeb9 [bSP] 16d287e0cc2b33f6c73a3470b3514a2b : Acer MBR Code Partition table: 1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 147501 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323055616 | Size: 147502 Mo Finished : << RKreport[2]_D_03062013_02d2129.txt >> RKreport[1]_S_03062013_02d2127.txt ; RKreport[2]_D_03062013_02d2129.txt
  14. Any help here would be appreciated. Thank you. Dave attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.