Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SHeur4.BWZP, Inject2.AKOG, and Generic13.CGHF


  • This topic is locked This topic is locked
36 replies to this topic

#1 jgreene6

jgreene6

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 20 June 2014 - 04:32 PM

I have AVG as my main antivirus software.  Recently it has been popping up frequently with infections of SHer4.BWZP and Inject2.AKOG.  The SHeur4.BWZP infections are in UpdateFlashPlayer_XXXXXX.exe files.  I ran a full scan and if found several incidents of the same infections and removed them.  I also ran malwarebytes, it found several infections as well.  However, problems continued: AVG continued to find the same infections, the computer acted very very slow to the point of being unusable.  I then started the computer in safe mode and ran malwarebytes, the log of the infections if found are posted below.  I attempted to run avg, but an error in the command line version which runs under safe mode of "SecApi arbiter initializing failed (0xe00400e)" occurred and the scanning could no occur.  I then tried to generate a DDS log for this site, however the dds.txt file was never generated.  So I ran OTL with the output set to minimal, scan all users, LOP check, and purity check selected.  The contents of the ots and extras text files are posted below.  I have also noticed a lot of activity on my home network even though nothing should be running.  Please help.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/19/2014
Scan Time: 8:00:04 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.19.10
Rootkit Database: v2014.06.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rachel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389888
Time Elapsed: 37 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 21
PUP.Optional.GreatArcadeHits.A, C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (               "homepage_url": "http://www.greatarcadehits.com",), No Action By User,[074f99e1691294a2e538cde05fa58c74]
PUP.Optional.GreatArcadeHits.A, C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (               "homepage_url": "http://www.greatarcadehits.com",), No Action By User,[c0960f6b116ae1552fee901d857fc040]
Spyware.Zbot.MSXGen, C:\Users\Jason\AppData\Local\Temp\UpdateFlashPlayer_92f8992a.exe, Quarantined, [d58169112952c86e6a57bfcaac550ef2],
Spyware.Zbot.MSXGen, C:\Users\Jason\AppData\Local\Temp\UpdateFlashPlayer_30407f48.exe, Quarantined, [00560476dc9fab8b6f528009aa5701ff],
Spyware.Zbot.MSXGen, C:\Users\Jason\AppData\Local\Temp\UpdateFlashPlayer_3fbba839.exe, Quarantined, [ca8c3446b1caf93da31ee0a900013ac6],
Spyware.Zbot.MSXGen, C:\Users\Jason\AppData\Local\Temp\UpdateFlashPlayer_7c6883fc.exe, Quarantined, [2a2ccfab502b1c1aefd23752f908926e],
Spyware.Zbot.MSXGen, C:\Users\Jason\AppData\Local\Temp\UpdateFlashPlayer_ad2371e9.exe, Quarantined, [73e358225f1c3df9bb06b3d61de46e92],
Trojan.Ransom, C:\Users\Jason\AppData\Local\bubieqec.exe, Quarantined, [ed694634512aea4c178c95f6b15040c0],
Trojan.Ransom, C:\Users\Jason\AppData\Local\etpdokkd.exe, Quarantined, [f561c3b7c7b4ec4a9013dcaf26dbfd03],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 1067337083.job, Quarantined, [ff5788f26813e4528ea15f6a4db623dd],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 141682829.job, Quarantined, [7bdbe09a1e5d73c32c03a722d62dea16],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 1641640729.job, Quarantined, [391d9edc19622f07b47bba0f34cf758b],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 1814961369.job, Quarantined, [a0b6bbbff88375c157d88b3e7f849070],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2518247506.job, Quarantined, [a4b2fb7fb2c98bab9f900dbca55e7888],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 2828732490.job, Quarantined, [0155db9f007b23138da2ffca10f339c7],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3038313418.job, Quarantined, [b2a4ee8c106b96a00d22b0199b68847c],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3130034453.job, Quarantined, [76e0cbafde9d73c334fbf7d23ac9ab55],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 3752391830.job, Quarantined, [9cbae9912d4eb680f93617b235ce748c],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 4109730226.job, Quarantined, [f3635921a9d2a096c768f2d78c77e719],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 855649720.job, Quarantined, [e175a6d4bbc0dc5ab37c21a8aa593ac6],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 931959112.job, Quarantined, [3c1aa4d6215a90a6d55a46830102cf31],

Physical Sectors: 0
(No malicious items detected)

(end)

 

OTL logfile created on: 6/20/2014 12:11:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jason\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 72.60% Memory free
15.50 Gb Paging File | 13.44 Gb Available in Paging File | 86.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.62 Gb Total Space | 461.45 Gb Free Space | 50.23% Space Free | Partition Type: NTFS
Drive D: | 10.90 Gb Total Space | 1.07 Gb Free Space | 9.84% Space Free | Partition Type: NTFS
 
Computer Name: JASON-PC | User Name: Rachel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jason\My Documents\OTL.exe File not found
PRC - C:\Program Files (x86)\Qustodio\qproxy\qengine.exe (Qustodio)
PRC - C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe (Qustodio)
PRC - C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe (Qustodio)
PRC - C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\svctcom.exe (Birch Grove Software, Inc.)
PRC - C:\Windows\SysWOW64\scthost.exe (Birch Grove Software, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Users\Jason\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpokde9t.dll ()
MOD - C:\Program Files (x86)\Qustodio\qapp\QtGui4.dll ()
MOD - C:\Program Files (x86)\Qustodio\qapp\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Qustodio\qapp\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Qustodio\qapp\QtCore4.dll ()
MOD - C:\Program Files (x86)\Qustodio\qapp\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Qustodio\qapp\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Qustodio\qapp\phonon4.dll ()
MOD - C:\Users\Jason\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Jason\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\WlanDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WG111v3\KJLog.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft Corporation)
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (qengine) -- C:\Program Files (x86)\Qustodio\qproxy\qengine.exe (Qustodio)
SRV - (qupdate) -- C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe (Qustodio)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (svctcom) -- C:\Windows\SysWOW64\svctcom.exe (Birch Grove Software, Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe (McAfee, Inc.)
SRV - (CouponPrinterService) -- C:\Program Files (x86)\Coupons\CouponPrinterService.exe (Coupons.com Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (DMService) -- C:\Windows\Downloaded Program Files\DM.0\DMService.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (CCALib8) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (qwdr64) -- C:\Windows\SysNative\drivers\qwdr64.sys (Qustodio)
DRV:64bit: - (qwdf64) -- C:\Windows\SysNative\drivers\qwdf64.sys (Qustodio)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Leapfrog-USBLAN) -- C:\Windows\SysNative\drivers\btblan.sys (Belcarra Technologies)
DRV:64bit: - (vzandnetndis) -- C:\Windows\SysNative\drivers\lgvzandnetndis64.sys (LG Electronics Inc.)
DRV:64bit: - (vzandnetmodem) -- C:\Windows\SysNative\drivers\lgvzandnetmdm64.sys (LG Electronics Inc.)
DRV:64bit: - (vzandnetdiag2) -- C:\Windows\SysNative\drivers\lgvzandnetdiag264.sys (LG Electronics Inc.)
DRV:64bit: - (vzandnetdiag) -- C:\Windows\SysNative\drivers\lgvzandnetdiag64.sys (LG Electronics Inc.)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys (http://libusb-win32.sourceforge.net)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\motoandroid.sys (Motorola)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33B29E44-937A-4C4D-9CF2-6D22C89A5E7E}
IE:64bit: - HKLM\..\SearchScopes\{33B29E44-937A-4C4D-9CF2-6D22C89A5E7E}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{44D54988-DF36-4BA7-9B3F-4A4A0354D0CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33B29E44-937A-4C4D-9CF2-6D22C89A5E7E}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{44D54988-DF36-4BA7-9B3F-4A4A0354D0CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\SearchScopes,DefaultScope = {75001C3B-3CD4-45C0-862F-0C0A2AD478A6}
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\SearchScopes\{33B29E44-937A-4C4D-9CF2-6D22C89A5E7E}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR&pc=HPDTDF
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\SearchScopes\{75001C3B-3CD4-45C0-862F-0C0A2AD478A6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\..\SearchScopes\{33B29E44-937A-4C4D-9CF2-6D22C89A5E7E}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR&pc=HPDTDF
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013/12/22 11:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/22 11:02:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: xscBrwse = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpkhcnnfdolacakijijboejhnaniofp\3.5.4_0\
CHR - Extension: Google Wallet = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [QAppTray] C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe (Qustodio)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Jason\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=de98da301e8947d08eee41affc913ec0-fccf57b02102fa433d59e589a87507eb5dfe1600 /CMPID=1113a File not found
O4 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000..\Run: [kupkggbc] C:\Users\Jason\AppData\Local\hpddjgme.exe ()
O4 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000..\Run: [objosb] "C:\Windows\System32\rundll32.exe" "C:\Users\Jason\AppData\Roaming\objosb.dll",Int_FromString File not found
O4 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000..\Run: [qmwbboni] C:\Users\Jason\AppData\Local\cdfdabwi.exe ()
O4 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\qproxy64.dll (Qustodio)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\qproxy64.dll (Qustodio)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\qproxy64.dll (Qustodio)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\qproxy64.dll (Qustodio)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\qproxy64.dll (Qustodio)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\qproxy.dll (Qustodio)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\qproxy.dll (Qustodio)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\qproxy.dll (Qustodio)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\qproxy.dll (Qustodio)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\qproxy.dll (Qustodio)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab (EZTwainX by Dosadi)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://owa.eastman.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9D13C62-8A43-4812-986E-F85F2BB71684}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{356fa755-4435-11e2-b006-e8f6775d7000}\Shell - "" = AutoRun
O33 - MountPoints2\{356fa755-4435-11e2-b006-e8f6775d7000}\Shell\AutoRun\command - "" = F:\VerizonSWUpgradeAssistantLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/19 19:57:25 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/19 19:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/19 19:56:50 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/19 19:56:50 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/19 19:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/16 16:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2014/06/16 16:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2014/06/16 16:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2014/06/11 04:42:37 | 000,045,272 | ---- | C] (Qustodio) -- C:\Windows\SysNative\drivers\qwdr64.sys
[2014/06/11 04:42:36 | 000,029,912 | ---- | C] (Qustodio) -- C:\Windows\SysNative\drivers\qwdf64.sys
[2014/06/10 23:03:54 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/10 23:03:52 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/10 23:03:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/10 23:03:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/10 23:03:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/10 23:03:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/10 23:03:44 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/10 23:03:44 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/10 23:03:44 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/10 23:03:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/10 23:03:44 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/10 23:03:44 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/10 23:03:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/10 23:03:42 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/10 23:03:42 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/10 23:03:42 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/10 23:03:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/10 23:03:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/10 23:03:41 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/10 23:03:41 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/10 23:03:41 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/10 23:03:40 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/10 23:03:40 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/10 23:03:39 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/10 23:03:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/10 23:03:39 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/10 23:03:39 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/10 23:03:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/10 23:03:38 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/10 23:03:38 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/10 23:03:37 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/10 23:03:37 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/10 23:03:37 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/10 23:03:37 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/10 23:03:37 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/10 23:03:37 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/10 23:03:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/10 23:03:36 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/10 23:03:35 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/10 23:02:42 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/10 23:02:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/09 14:55:24 | 000,018,512 | ---- | C] (Birch Grove Software, Inc.) -- C:\Windows\SysWow64\Aamff30000.dll
[2014/05/29 20:55:12 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/20 11:53:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/20 11:53:35 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/20 11:51:33 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/20 11:51:33 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/20 11:51:33 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/20 11:44:40 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/06/20 11:44:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/20 11:43:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/20 11:43:32 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/20 09:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/20 09:37:41 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/20 08:40:07 | 000,019,272 | ---- | M] () -- C:\Windows\SysWow64\qengine.ini
[2014/06/20 08:40:07 | 000,002,688 | ---- | M] () -- C:\Windows\SysWow64\qengineOff.ini
[2014/06/20 08:40:07 | 000,002,688 | ---- | M] () -- C:\Windows\SysNative\qengineOff.ini
[2014/06/19 19:58:22 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/19 19:56:56 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/18 09:41:09 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/16 16:21:31 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/06/16 16:21:31 | 000,002,172 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/06/16 16:21:26 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/06/16 16:21:26 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/06/13 09:56:17 | 000,000,632 | RHS- | M] () -- C:\Users\Rachel\ntuser.pol
[2014/06/11 19:34:42 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/09 14:55:24 | 000,018,512 | ---- | M] (Birch Grove Software, Inc.) -- C:\Windows\SysWow64\Aamff30000.dll
[2014/06/08 05:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/08 05:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/31 10:00:00 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/05/30 06:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/30 05:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/30 05:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/30 05:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/30 05:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/30 05:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/30 05:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/30 05:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/30 05:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/30 05:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/30 05:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/30 04:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/30 04:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/30 04:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/30 04:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/30 04:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/30 04:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/30 04:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/30 04:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/30 04:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/30 04:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/30 04:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/30 04:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/30 04:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/30 04:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/30 04:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/30 04:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/30 04:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/30 03:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/30 03:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/30 03:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/30 03:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/29 13:32:22 | 000,462,160 | ---- | M] (Qustodio) -- C:\Windows\SysNative\qproxy64.dll
[2014/05/29 13:32:18 | 000,356,688 | ---- | M] (Qustodio) -- C:\Windows\SysWow64\qproxy.dll
[2014/05/29 13:30:02 | 000,045,272 | ---- | M] (Qustodio) -- C:\Windows\SysNative\drivers\qwdr64.sys
[2014/05/29 13:30:02 | 000,029,912 | ---- | M] (Qustodio) -- C:\Windows\SysNative\drivers\qwdf64.sys
 
========== Files Created - No Company Name ==========
 
[2014/06/19 19:56:56 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/16 16:21:31 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2014/06/16 16:21:31 | 000,002,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2014/04/27 18:59:23 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\bgstart.bin
[2014/02/25 04:05:08 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/09 17:14:20 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2014/01/29 12:22:59 | 000,019,272 | ---- | C] () -- C:\Windows\SysWow64\qengine.ini
[2014/01/29 12:22:59 | 000,002,688 | ---- | C] () -- C:\Windows\SysWow64\qengineOff.ini
[2014/01/29 11:57:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/29 11:39:49 | 000,000,632 | RHS- | C] () -- C:\Users\Rachel\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/12 15:31:35 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\AVG2014
[2012/12/09 18:59:14 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\TuneUp Software
[2012/12/09 18:59:14 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/09 18:59:14 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/08/12 16:52:20 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Amazon
[2014/06/18 16:08:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Appecaca
[2013/09/22 19:40:25 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\AVG2014
[2012/03/18 16:00:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\avidemux
[2013/11/11 07:46:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Canon
[2014/06/20 12:13:16 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Dropbox
[2014/06/20 12:05:07 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\DropboxMaster
[2014/06/18 16:08:04 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ecnoym
[2010/03/21 14:45:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Facebook
[2010/02/04 11:35:22 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit
[2013/01/11 12:49:34 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit Software
[2014/04/09 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\HandBrake
[2014/06/18 16:08:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Imzoymow
[2014/06/18 16:08:03 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Indema
[2010/02/18 20:48:20 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ISI ResearchSoft
[2014/06/18 16:08:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Itwoeb
[2014/06/18 09:42:11 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Neobarx
[2011/03/25 08:17:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Netscape
[2013/11/01 16:49:11 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Oracle
[2014/06/18 16:08:03 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Oranynvu
[2014/06/18 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Pyazoda
[2014/06/18 15:49:49 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Qakyix
[2010/02/04 01:49:22 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Template
[2012/11/08 20:10:13 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TuneUp Software
[2014/06/18 09:42:17 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ubivluz
[2013/05/23 16:23:34 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Unity
[2014/06/18 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Usbuwe
[2014/04/14 09:07:43 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent
[2014/06/18 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ydyczu
[2014/06/18 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Yhhavu
[2014/01/29 11:41:06 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\AVG2014
[2012/12/09 18:59:14 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\TuneUp Software
[2014/04/07 15:27:37 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\uTorrent
[2014/04/12 15:32:36 | 000,000,000 | ---D | M] -- C:\Users\Samantha\AppData\Roaming\AVG2014
[2012/12/09 18:59:14 | 000,000,000 | ---D | M] -- C:\Users\Samantha\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

 

OTL Extras logfile created on: 6/20/2014 12:11:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jason\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 72.60% Memory free
15.50 Gb Paging File | 13.44 Gb Available in Paging File | 86.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.62 Gb Total Space | 461.45 Gb Free Space | 50.23% Space Free | Partition Type: NTFS
Drive D: | 10.90 Gb Total Space | 1.07 Gb Free Space | 9.84% Space Free | Partition Type: NTFS
 
Computer Name: JASON-PC | User Name: Rachel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBDE4D7-6859-4BED-A52B-18FC75B050B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{1930AF13-592B-4A36-960D-83A8237C2E56}" = lport=138 | protocol=17 | dir=in | app=system |
"{19742E1B-58AB-42A9-BD7B-505500A68380}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1AE986D9-C6E1-44E8-AE63-1C1E9D6023C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{28B05FE4-D0D9-4AAF-8F23-9877069AB658}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33477A3D-0F1C-4157-994C-34A8DA9E8960}" = lport=139 | protocol=6 | dir=in | app=system |
"{4151064A-BB92-433A-BDEC-B2CA804537C7}" = rport=139 | protocol=6 | dir=out | app=system |
"{4B37704C-42CF-4824-87F8-A8183386D77F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4CED9408-2BCD-437F-9D0B-0EA42F8D779E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50D6613D-D188-45DD-96CF-BDB24E25B652}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52253F54-BB24-4F99-AF7A-67B5E1FDF66A}" = rport=138 | protocol=17 | dir=out | app=system |
"{5D5793EC-5AFD-4216-BE7F-1AB8C1DB99D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63179D08-4C66-4E63-A9E3-C27B7929C3EB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6A3F5DCF-309A-42D1-AC5E-5090413607E8}" = rport=445 | protocol=6 | dir=out | app=system |
"{778403B8-2C17-4D93-9C43-DBFD71E3E601}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{77BE0B20-4CC6-4690-89E3-C3BF543C9B06}" = rport=137 | protocol=17 | dir=out | app=system |
"{7A17B8B4-59EF-489E-B98C-33D85A80618A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CD342DF-1596-47AC-A5C8-D7B6400637FA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{824D0CA5-B755-48A2-B01F-88D14ED47E6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CF40374-D303-49F0-B71A-CC640BBFFC9D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C618C387-2D98-45D3-A145-BDD0A084AE94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F1DB760B-ACA5-4E63-B049-A9B191DD79DD}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{FF73CD7C-5596-43F5-9ACA-04C4953068F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFC86118-4232-4556-B83F-EE953FCC827F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FE3F47-B85E-41A2-84B6-D881F0FDDEBF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{067D1465-E598-4937-8874-2F528033C0E7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{0DDD4479-0915-49DE-B90A-32C7A43FF87E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{149C3F13-3415-49DB-8E37-72FF47416482}" = protocol=17 | dir=in | app=c:\users\jason\appdata\roaming\utorrent\utorrent.exe |
"{1529EFA7-8E7A-446F-9C0E-0B73F65E3F58}" = dir=in | app=c:\users\jason\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{18B0DF1B-FDD6-4BDF-B8BB-A2F466D1A475}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A9CE561-0D07-4119-947F-B9EA7E113E5F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{20489777-5230-47C3-95AE-45BCEE0B5407}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{28CA8917-D41E-4C0D-97F3-4DDD2FA8C832}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{29FDBA20-FD55-439B-9498-E524CDB99255}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{2B38B73F-EE85-4FED-8999-7965344AAFB1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{3781F0DF-FCA9-4C61-8D55-1CD1111E05EA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3DDB54CC-7E0C-4B4E-892D-735A1D491587}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{3E10D1C1-854F-439E-B2A4-8E43356EDDF8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{3FBCDDB6-69F6-49CA-BEBF-D9C523038EDD}" = protocol=6 | dir=in | app=c:\users\jason\appdata\local\temp\utt694.tmp.exe |
"{45D061DF-BB51-4AFA-8D30-CF8B78C26D6B}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{49580345-1F9C-4F08-9B12-C9C8A64E5D57}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{49E5999D-65ED-4DAE-BB18-08817A23D19C}" = protocol=17 | dir=in | app=c:\users\jason\appdata\local\temp\utt694.tmp.exe |
"{4CCE9112-24EC-4485-A5AF-2E72DF8CB4B3}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{4D9294B2-9064-4DB8-9D7B-0DF4F4BA59DD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{4E951FC7-B765-4A0B-BE2F-714A0D08BE52}" = protocol=17 | dir=in | app=c:\users\jason\appdata\roaming\utorrent\utorrent.exe |
"{519EF37E-44FE-46D3-B00F-E504383CE40A}" = protocol=17 | dir=in | app=c:\windows\syswow64\svctcom.exe |
"{588FCC7F-AE45-4F6A-9208-8AB3134CCAD2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{6029C865-060D-43F1-91A2-4815D4B905A2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{662CFF7A-991B-4974-9E48-1C2588EBC621}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{68E787C1-1FCF-482F-A8D8-F563D29F47AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\svctcom.exe |
"{6985A571-94E8-4651-AFBC-F7042500F2DB}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{6DB9F9EE-F413-4B8F-AD42-53F216C703A8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{70FA923A-B415-47C1-B04F-BF05FA460823}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{7299408F-CAF4-45D4-A000-D7A1E9569CC5}" = protocol=6 | dir=in | app=c:\users\jason\appdata\roaming\utorrent\utorrent.exe |
"{7D0D7BF5-C74C-4274-94A1-E9A547E7EE61}" = protocol=6 | dir=in | app=c:\users\jason\appdata\roaming\dropbox\bin\dropbox.exe |
"{7DF67ADC-210C-4577-BDF5-476D448E015E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{A4496DA1-C576-41EA-ADDC-18A23B8CF9CF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B53E5377-6BDF-4CA5-A4C1-AFA8BF44523B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{B7144EE5-661B-41BB-BC1B-7163B92419F4}" = protocol=17 | dir=in | app=c:\users\jason\appdata\roaming\dropbox\bin\dropbox.exe |
"{B8FCF60D-CECC-41EB-BB22-A2F8FFBC73D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B94512DD-C29D-4CFC-B188-3E4E64F9E298}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{C894D908-F384-4314-A39A-DC49DB1041F7}" = protocol=6 | dir=in | app=c:\users\jason\appdata\roaming\utorrent\utorrent.exe |
"{D0787467-6958-4DEE-B07B-8237F0160EE6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{D45945CA-845A-4B4B-AA7C-2A38242751D1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{D693461D-86E2-4A54-AF9A-8644C4B1B979}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{DF0C1CF0-976A-47C0-BA81-44B59F3B7731}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EFF853C9-108E-480D-BB21-8FA1E37A4497}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |
"{FE106A91-EACB-418E-8479-B1B67D1EC789}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"TCP Query User{C807BB90-10AC-4B83-B3DE-059DE37AD5D4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E91CDD9E-9830-40FA-AB2A-9668B6A33C8D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{6F4106E5-A6A8-4396-80C5-EDE0F4D6CC6B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{8FCC1026-C025-4EB0-8B80-37BA0763ED7B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03628D03-BED8-4282-9411-6F9F03B2C83E}" = Kensington Display Adapter
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series" = Canon MX350 series MP Drivers
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{29E6A126-BB06-41CF-B12D-E6A56261328D}" = DisplayLink Core Software
"{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}" = Motorola Driver Installation 4.6.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CB0C0FC-4F27-43F5-84CC-ABC231F045C4}" = AVG 2014
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB21CD89-A4D3-4240-9AAA-55DCE7F3D076}" = AVG 2014
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"AVG" = AVG 2014
"Kensington Universal Multi-Display Adapter" = Kensington Universal Multi-Display Adapter
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{398458EA-910D-4539-996C-777F346C3362}" = ActivTrak Agent v3.5.4
"{3BE72491-5A26-4935-9500-4EADA48A4068}" = Qustodio
"{3F470FED-77A1-4545-BF6E-AF687FF0B42D}" = RSDLite
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}" = Reference Manager 11.0.1
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C6A4A9B1-D8AC-46E4-B143-72FE9B8173A3}" = LG Verizon United Drivers
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D19C4BCB-FAAE-48C1-A423-3DA40C3B7F42}" = LeapFrog Leapster Explorer Plugin
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BIMPLite" = BIMP Lite 1.62
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon MX350 series User Registration" = Canon MX350 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Coupon Printer for Windows5.0.0.7" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.1
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Homepage Protection" = Homepage Protection
"HP PSC Cartridge Compatibility Utility" = HP PSC 1100/1200/1300 series Cartridge Compatibility Utility
"HP Remote Solution" = HP Remote Solution
"ImageJ_is1" = ImageJ 1.42q
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Standard)
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Photodex Presenter" = Photodex Presenter
"Qustodio" = Qustodio
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Speed Dial Utility" = Canon Speed Dial Utility
"TurboTax 2012" = TurboTax 2012
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 2.0.5
"WildTangent hp Master Uninstall" = HP Games
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Torch" = Torch
"UnityWebPlayer" = Unity Web Player
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/19/2014 6:38:55 PM | Computer Name = JASON-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
 
Error - 6/19/2014 7:35:57 PM | Computer Name = Jason-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 11.0.9600.17126,
 time stamp: 0x53882d40  Faulting module name: mshtml.dll, version: 11.0.9600.17126,
 time stamp: 0x53885a99  Exception code: 0xc00000fd  Fault offset: 0x00000000000069a7
Faulting
 process id: 0xf5c  Faulting application start time: 0x01cf8c1706273800  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\System32\mshtml.dll
Report
 Id: 75cee46a-f80a-11e3-9dd0-d20171649705
 
Error - 6/19/2014 7:48:43 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 35.0.1916.153 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1650    Start
 Time: 01cf8c0f6ac4c440    Termination Time: 39    Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report
 Id:  
 
Error - 6/19/2014 7:53:07 PM | Computer Name = Jason-PC | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 2f5c    Start Time:
 01cf8c18fa8d5448    Termination Time: 17    Application Path: C:\Program Files (x86)\Malwarebytes'
 Anti-Malware\mbam.exe    Report Id:  
 
Error - 6/19/2014 9:09:45 PM | Computer Name = Jason-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
 
Error - 6/19/2014 9:33:44 PM | Computer Name = Jason-PC | Source = uagqecsvc | ID = 16
Description = The Microsoft Forefront UAG Quarantine Enforcement Client component
 cannot retrieve the status of the Network Access Protection (NAP) Agent service.
System
 error 1115: A system shutdown is in progress. (0x45b).  When the Microsoft Forefront
 UAG Quarantine Enforcement Client component starts, it attempts to query settings
 for the NAP agent service.
 
Error - 6/19/2014 9:37:27 PM | Computer Name = Jason-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
 
Error - 6/19/2014 9:42:19 PM | Computer Name = Jason-PC | Source = uagqecsvc | ID = 16
Description = The Microsoft Forefront UAG Quarantine Enforcement Client component
 cannot retrieve the status of the Network Access Protection (NAP) Agent service.
System
 error 1115: A system shutdown is in progress. (0x45b).  When the Microsoft Forefront
 UAG Quarantine Enforcement Client component starts, it attempts to query settings
 for the NAP agent service.
 
Error - 6/20/2014 8:16:22 AM | Computer Name = Jason-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
 
Error - 6/20/2014 11:44:26 AM | Computer Name = Jason-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x88980406)
 
[ System Events ]
Error - 6/20/2014 12:28:51 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the qengine
 service to connect.
 
Error - 6/20/2014 12:28:51 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7000
Description = The qengine service failed to start due to the following error:   %%1053
 
Error - 6/20/2014 12:28:52 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the qengine
 service to connect.
 
Error - 6/20/2014 12:28:52 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7000
Description = The qengine service failed to start due to the following error:   %%1053
 
Error - 6/20/2014 12:28:53 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the qengine
 service to connect.
 
Error - 6/20/2014 12:28:53 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7000
Description = The qengine service failed to start due to the following error:   %%1053
 
Error - 6/20/2014 12:28:54 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the qengine
 service to connect.
 
Error - 6/20/2014 12:28:54 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7000
Description = The qengine service failed to start due to the following error:   %%1053
 
Error - 6/20/2014 12:28:55 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the qengine
 service to connect.
 
Error - 6/20/2014 12:28:55 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7000
Description = The qengine service failed to start due to the following error:   %%1053
 
 
< End of report >



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 AM

Posted 23 June 2014 - 04:14 PM

Hi jgreene6 and Welcome to BleepingComputer.

I am currently looking though your logs and will advice you on what to do in my next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 AM

Posted 24 June 2014 - 02:59 AM

Hello jgreene6

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
Step 1

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

I suggest you remove it via add/remove.

Step 2

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

McAfee Security Scan

Step 3

Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33B29E44-937A-4C4D-9CF2-6D22C89A5E7E}
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\SearchScopes,DefaultScope = {75001C3B-3CD4-45C0-862F-0C0A2AD478A6}
IE - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
O3 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000..\Run: [kupkggbc] C:\Users\Jason\AppData\Local\hpddjgme.exe ()
O4 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000..\Run: [objosb] "C:\Windows\System32\rundll32.exe" "C:\Users\Jason\AppData\Roaming\objosb.dll",Int_FromString File not found
O4 - HKU\S-1-5-21-2904356355-2433456798-2227466943-1000..\Run: [qmwbboni] C:\Users\Jason\AppData\Local\cdfdabwi.exe ()
[2014/06/18 16:08:02 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Appecaca
[2014/06/18 16:08:04 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ecnoym
[2014/06/18 09:42:11 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Neobarx
[2014/06/18 16:08:03 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Oranynvu
[2014/06/18 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Pyazoda
[2014/06/18 15:49:49 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Qakyix
[2014/06/18 09:42:17 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ubivluz
[[2014/06/18 12:12:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Usbuwe
[2014/06/18 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ydyczu
[2014/06/18 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Yhhavu
:Reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBDE4D7-6859-4BED-A52B-18FC75B050B5}" =-
"{1930AF13-592B-4A36-960D-83A8237C2E56}" =-
"{1AE986D9-C6E1-44E8-AE63-1C1E9D6023C4}" =-
"{33477A3D-0F1C-4157-994C-34A8DA9E8960}" =-
"{4151064A-BB92-433A-BDEC-B2CA804537C7}" =-
"{52253F54-BB24-4F99-AF7A-67B5E1FDF66A}" =-
"{6A3F5DCF-309A-42D1-AC5E-5090413607E8}" =-
"{77BE0B20-4CC6-4690-89E3-C3BF543C9B06}" =-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{149C3F13-3415-49DB-8E37-72FF47416482}" =-
"{3FBCDDB6-69F6-49CA-BEBF-D9C523038EDD}" =-
"{49E5999D-65ED-4DAE-BB18-08817A23D19C}" =-
"{4E951FC7-B765-4A0B-BE2F-714A0D08BE52}" =-
"{C894D908-F384-4314-A39A-DC49DB1041F7}" =-

:Files
c:\users\jason\appdata\local\temp\utt694.tmp.exe
ipconfig /flushdns /c

:commands
[emptytemp]
[RESETHOSTS]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

Step 4

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 5

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 jgreene6

jgreene6
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 24 June 2014 - 01:32 PM

Seedy21, Thank you very much for taking your time to help me fix my infected computer.

 

I used to have a peer-to-peer file sharing program installed, but haven't in a few months

 

McAfee Security Scan has been uninstalled

 

OTL was run with the code you supplied.  The program hung and was displaying "processing registry data "{4E951FC7-B765-4A0B-BE2F-BE2F-714A0D08BE523}"" At the same time AVG displayed a pop up with two infected file.  It displayed

";"Trojan horse Crypt3.ZWZ, c:\_OTL\MovedFiles\06242014_070808\C_Users\Jason\AppData\Local\hpddjgme.exe";"Infected"
"";"Trojan horse Crypt3.ZTJ, c:\_OTL\MovedFiles\06242014_070808\C_Users\Jason\AppData\Local\cdfdabwi.exe";"Infected"

I then turned off AVG and ran OTL again with the same code.  This time it hung at the same place.  I ran it a third time and it worked fine and completed the scan.  The OTL log is displayed below.

 

I then ran AdwCleaner and Farbar recovery scan per your request.  The AdwCleaner[S2].txt file, FRST.txt, and Addition.txt files are displayed below.

 

ll processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1000\Software\Microsoft\Windows\CurrentVersion\Run\\kupkggbc not found.
File C:\Users\Jason\AppData\Local\hpddjgme.exe not found.
Registry value HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1000\Software\Microsoft\Windows\CurrentVersion\Run\\objosb not found.
Registry value HKEY_USERS\S-1-5-21-2904356355-2433456798-2227466943-1000\Software\Microsoft\Windows\CurrentVersion\Run\\qmwbboni not found.
File C:\Users\Jason\AppData\Local\cdfdabwi.exe not found.
Folder C:\Users\Jason\AppData\Roaming\Appecaca\ not found.
Folder C:\Users\Jason\AppData\Roaming\Ecnoym\ not found.
Folder C:\Users\Jason\AppData\Roaming\Neobarx\ not found.
Folder C:\Users\Jason\AppData\Roaming\Oranynvu\ not found.
Folder C:\Users\Jason\AppData\Roaming\Pyazoda\ not found.
Folder C:\Users\Jason\AppData\Roaming\Qakyix\ not found.
Folder C:\Users\Jason\AppData\Roaming\Ubivluz\ not found.
C:\Users\Jason\AppData\Roaming\Usbuwe folder moved successfully.
Folder C:\Users\Jason\AppData\Roaming\Ydyczu\ not found.
Folder C:\Users\Jason\AppData\Roaming\Yhhavu\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CBDE4D7-6859-4BED-A52B-18FC75B050B5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CBDE4D7-6859-4BED-A52B-18FC75B050B5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1930AF13-592B-4A36-960D-83A8237C2E56} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1930AF13-592B-4A36-960D-83A8237C2E56}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1AE986D9-C6E1-44E8-AE63-1C1E9D6023C4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AE986D9-C6E1-44E8-AE63-1C1E9D6023C4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33477A3D-0F1C-4157-994C-34A8DA9E8960} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33477A3D-0F1C-4157-994C-34A8DA9E8960}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4151064A-BB92-433A-BDEC-B2CA804537C7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4151064A-BB92-433A-BDEC-B2CA804537C7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52253F54-BB24-4F99-AF7A-67B5E1FDF66A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52253F54-BB24-4F99-AF7A-67B5E1FDF66A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A3F5DCF-309A-42D1-AC5E-5090413607E8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A3F5DCF-309A-42D1-AC5E-5090413607E8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77BE0B20-4CC6-4690-89E3-C3BF543C9B06} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77BE0B20-4CC6-4690-89E3-C3BF543C9B06}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{149C3F13-3415-49DB-8E37-72FF47416482} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{149C3F13-3415-49DB-8E37-72FF47416482}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3FBCDDB6-69F6-49CA-BEBF-D9C523038EDD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FBCDDB6-69F6-49CA-BEBF-D9C523038EDD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49E5999D-65ED-4DAE-BB18-08817A23D19C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49E5999D-65ED-4DAE-BB18-08817A23D19C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E951FC7-B765-4A0B-BE2F-714A0D08BE52} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E951FC7-B765-4A0B-BE2F-714A0D08BE52}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C894D908-F384-4314-A39A-DC49DB1041F7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C894D908-F384-4314-A39A-DC49DB1041F7}\ not found.
========== FILES ==========
c:\users\jason\appdata\local\temp\utt694.tmp.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason\Documents\cmd.bat deleted successfully.
C:\Users\Jason\Documents\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Christina
->Temp folder emptied: 219102 bytes
->Temporary Internet Files folder emptied: 7707 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jason
->Temp folder emptied: 1828798876 bytes
->Temporary Internet Files folder emptied: 3291739669 bytes
->Java cache emptied: 215423 bytes
->FireFox cache emptied: 106247047 bytes
->Google Chrome cache emptied: 480715899 bytes
->Flash cache emptied: 327732 bytes
 
User: Public
 
User: Rachel
->Temp folder emptied: 162595569 bytes
->Temporary Internet Files folder emptied: 3694046 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 25198364 bytes
->Flash cache emptied: 492 bytes
 
User: Samantha
->Temp folder emptied: 234061 bytes
->Temporary Internet Files folder emptied: 153828727 bytes
->Flash cache emptied: 752 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1002625499 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42370519 bytes
RecycleBin emptied: 855 bytes
 
Total Files Cleaned = 6,770.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 06242014_105030

 

# AdwCleaner v3.213 - Report created 24/06/2014 at 11:30:18
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rachel - JASON-PC
# Running from : C:\Users\Jason\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MAFB10FE6-168A-4888-BB70-F9BF37864BDE&SearchSource=58&CUI=&UM=5&UP=SP4D8923E5-0FCD-43AC-BF40-583CAE80B6EF&q={searchTerms}&SSPV=
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

[ File : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6933 octets] - [10/05/2014 14:05:38]
AdwCleaner[R1].txt - [3768 octets] - [19/06/2014 21:26:03]
AdwCleaner[R2].txt - [2821 octets] - [24/06/2014 11:17:42]
AdwCleaner[S0].txt - [6319 octets] - [10/05/2014 14:07:47]
AdwCleaner[S1].txt - [3889 octets] - [19/06/2014 21:31:16]
AdwCleaner[S2].txt - [2782 octets] - [24/06/2014 11:30:18]

########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [2842 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Jason (ATTENTION: The logged in user is not administrator) on JASON-PC on 24-06-2014 14:11:37
Running from C:\Users\Jason\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Dropbox, Inc.) C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qustodio) C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe
(Birch Grove Software, Inc.) C:\Windows\SysWOW64\trmhost.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16334368 2009-07-18] (NVIDIA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [BYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QAppTray] => C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe [3944248 2014-05-29] (Qustodio)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [OTL] - "C:\Users\Jason\Documents\OTL.exe" [602112 2014-06-20] (OldTimer Tools)
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Jason\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=de98da301e8947d08eee41affc913ec0-fccf57b02102fa433d59e589a87507eb5dfe1600 /CMPID=1113a
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {356fa755-4435-11e2-b006-e8f6775d7000} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {58ff605c-ef34-11e2-b9a1-fc7fb293621d} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {619e6b5e-f721-11e3-a41d-98081d279c05} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {dd093b9a-87b1-11e1-bb31-90e6ba75d733} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {dd093bd2-87b1-11e1-bb31-90e6ba75d733} - F:\TL_Bootstrap.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2904356355-2433456798-2227466943-1000\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {75001C3B-3CD4-45C0-862F-0C0A2AD478A6} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL =
SearchScopes: HKCU - {75001C3B-3CD4-45C0-862F-0C0A2AD478A6} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://owa.eastman.com/InternalSite/WhlCompMgr.cab
DPF: HKLM-x32 {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\rx3sum1o.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Jason\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Extension: Mozilla Safe Browsing - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\rx3sum1o.default\Extensions\{a42e1718-286d-11e2-8271-b8ac6f996f26}.xpi [2012-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-17]
CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-17]
CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-17]
CHR Extension: (xscBrwse) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpkhcnnfdolacakijijboejhnaniofp [2014-05-09]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-17]

==================== Services (Whitelisted) =================

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9663848 2011-04-10] (DisplayLink Corp.)
S3 DMService; C:\Windows\Downloaded Program Files\DM.0\DMService.exe [487312 2011-09-22] (Microsoft Corporation)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 qengine; C:\Program Files (x86)\Qustodio\qproxy\qengine.exe [3884880 2014-05-29] (Qustodio)
S2 qupdate; C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe [1853240 2014-05-29] (Qustodio)
R2 svctcom; C:\Windows\SysWOW64\svctcom.exe [263808 2014-05-04] (Birch Grove Software, Inc.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2011-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 androidusb; C:\Windows\System32\Drivers\motoandroid.sys [31744 2009-07-10] (Motorola)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [17408 2011-04-10] (http://libusb-win32.sourceforge.net)
R1 qwdf64; C:\Windows\system32\Drivers\qwdf64.sys [29912 2014-05-29] (Qustodio)
R1 qwdr64; C:\Windows\system32\Drivers\qwdr64.sys [45272 2014-05-29] (Qustodio)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetdiag2; C:\Windows\System32\DRIVERS\lgvzandnetdiag264.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36352 2011-10-10] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2011-10-21] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-24 14:11 - 2014-06-24 14:13 - 00019251 _____ () C:\Users\Jason\Downloads\FRST.txt
2014-06-24 14:11 - 2014-06-24 14:11 - 00000000 ____D () C:\FRST
2014-06-24 11:16 - 2014-06-24 11:16 - 02082816 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2014-06-24 11:16 - 2014-06-24 11:16 - 01342659 _____ () C:\Users\Jason\Downloads\AdwCleaner.exe
2014-06-24 11:13 - 2014-06-24 11:13 - 00000236 _____ () C:\Users\Jason\Documents\avg infected file 20140624.txt
2014-06-24 07:08 - 2014-06-24 07:08 - 00000000 ____D () C:\_OTL
2014-06-24 06:58 - 2014-06-24 06:59 - 110501607 _____ () C:\Users\Jason\Downloads\Katy Perry - Hot N Cold.mp4
2014-06-20 17:33 - 2014-06-20 17:33 - 00002366 _____ () C:\Users\Rachel\Documents\bleeping computer forum post 2014 06 20.txt
2014-06-20 12:28 - 2014-06-20 12:28 - 00062526 _____ () C:\Users\Jason\Documents\Extras.Txt
2014-06-20 12:25 - 2014-06-20 12:25 - 00100216 _____ () C:\Users\Jason\Documents\OTL.Txt
2014-06-20 12:07 - 2014-06-20 12:07 - 00602112 _____ (OldTimer Tools) C:\Users\Jason\Documents\OTL.exe
2014-06-20 12:00 - 2014-06-20 12:00 - 00001116 _____ () C:\Users\Rachel\Documents\Attach.txt
2014-06-20 11:59 - 2014-06-20 12:03 - 00001118 _____ () C:\Users\Rachel\Desktop\attach.txt
2014-06-20 11:56 - 2014-06-20 11:56 - 00688992 ____R (Swearware) C:\Users\Jason\Documents\dds.com
2014-06-19 21:24 - 2014-06-19 21:24 - 01333465 _____ () C:\Users\Jason\Documents\AdwCleaner.exe
2014-06-19 21:18 - 2014-06-19 21:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Documents\tdsskiller.exe
2014-06-19 19:57 - 2014-06-19 19:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 19:56 - 2014-06-19 19:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-19 19:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-19 19:54 - 2014-06-19 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jason\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Itwoeb
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Indema
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Imzoymow
2014-06-16 13:59 - 2014-06-16 13:59 - 00068609 _____ () C:\Users\Jason\AppData\Local\fiupuwrs
2014-06-13 09:50 - 2014-06-13 09:50 - 00318600 _____ (Dropbox, Inc.) C:\Users\Jason\Desktop\DropboxInstaller.exe
2014-06-12 16:31 - 2014-06-12 16:35 - 00000000 ____D () C:\Users\Jason\Documents\chicago rental movies 2014
2014-06-11 04:42 - 2014-05-29 13:30 - 00045272 _____ (Qustodio) C:\Windows\system32\Drivers\qwdr64.sys
2014-06-11 04:42 - 2014-05-29 13:30 - 00029912 _____ (Qustodio) C:\Windows\system32\Drivers\qwdf64.sys
2014-06-10 23:03 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 23:03 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 23:03 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 23:03 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 23:03 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 23:03 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 23:03 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 23:03 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 23:03 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 23:03 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 23:03 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 23:03 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 23:03 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 23:03 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 23:03 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 23:03 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 23:03 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 23:03 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 23:03 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 23:03 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 23:03 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 23:03 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 23:03 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 23:03 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 23:03 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 23:03 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 23:03 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 23:03 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 23:03 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 23:03 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 23:03 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 23:03 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 23:03 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 23:03 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 23:03 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 23:03 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 23:03 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 23:03 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 23:03 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 23:03 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 23:03 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 23:03 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 23:03 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 23:03 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 23:03 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 23:03 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 23:03 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 23:03 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 23:03 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 23:03 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 23:03 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 23:03 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 23:03 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 23:03 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 23:03 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 23:03 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 23:03 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 23:03 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 23:03 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 23:03 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 23:03 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 23:03 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 23:03 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 23:03 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 23:02 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 23:02 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-09 14:55 - 2014-06-09 14:55 - 00018512 _____ (Birch Grove Software, Inc.) C:\Windows\SysWOW64\Aamff30000.dll
2014-06-01 22:07 - 2014-06-20 20:42 - 00000000 ____D () C:\Users\Jason\Desktop\Summer 14
2014-05-29 20:55 - 2014-06-09 17:27 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

==================== One Month Modified Files and Folders =======

2014-06-24 14:13 - 2014-06-24 14:11 - 00019251 _____ () C:\Users\Jason\Downloads\FRST.txt
2014-06-24 14:11 - 2014-06-24 14:11 - 00000000 ____D () C:\FRST
2014-06-24 13:40 - 2013-07-28 16:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-24 13:38 - 2014-01-27 20:02 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 11:44 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 11:44 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 11:42 - 2010-01-29 19:45 - 02037410 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 11:40 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-24 11:38 - 2014-05-10 14:21 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-24 11:34 - 2014-05-03 17:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\DropboxMaster
2014-06-24 11:34 - 2014-01-29 11:57 - 00000000 ____D () C:\Windows\SysWOW64\aamdata
2014-06-24 11:34 - 2013-09-07 06:50 - 00000000 ___RD () C:\Users\Jason\Dropbox
2014-06-24 11:34 - 2013-09-07 06:47 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Dropbox
2014-06-24 11:33 - 2014-01-29 11:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-24 11:33 - 2014-01-27 20:02 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 11:32 - 2009-12-06 08:46 - 00387128 _____ () C:\Windows\PFRO.log
2014-06-24 11:32 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 11:32 - 2009-07-14 00:51 - 00069832 _____ () C:\Windows\setupact.log
2014-06-24 11:30 - 2014-05-10 14:05 - 00000000 ____D () C:\AdwCleaner
2014-06-24 11:16 - 2014-06-24 11:16 - 02082816 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2014-06-24 11:16 - 2014-06-24 11:16 - 01342659 _____ () C:\Users\Jason\Downloads\AdwCleaner.exe
2014-06-24 11:13 - 2014-06-24 11:13 - 00000236 _____ () C:\Users\Jason\Documents\avg infected file 20140624.txt
2014-06-24 11:13 - 2012-11-06 21:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-24 07:08 - 2014-06-24 07:08 - 00000000 ____D () C:\_OTL
2014-06-24 07:00 - 2010-02-03 22:12 - 00000000 ____D () C:\hmb
2014-06-24 06:59 - 2014-06-24 06:58 - 110501607 _____ () C:\Users\Jason\Downloads\Katy Perry - Hot N Cold.mp4
2014-06-22 20:30 - 2013-03-26 17:35 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\vlc
2014-06-20 20:42 - 2014-06-01 22:07 - 00000000 ____D () C:\Users\Jason\Desktop\Summer 14
2014-06-20 17:33 - 2014-06-20 17:33 - 00002366 _____ () C:\Users\Rachel\Documents\bleeping computer forum post 2014 06 20.txt
2014-06-20 12:28 - 2014-06-20 12:28 - 00062526 _____ () C:\Users\Jason\Documents\Extras.Txt
2014-06-20 12:25 - 2014-06-20 12:25 - 00100216 _____ () C:\Users\Jason\Documents\OTL.Txt
2014-06-20 12:07 - 2014-06-20 12:07 - 00602112 _____ (OldTimer Tools) C:\Users\Jason\Documents\OTL.exe
2014-06-20 12:03 - 2014-06-20 11:59 - 00001118 _____ () C:\Users\Rachel\Desktop\attach.txt
2014-06-20 12:00 - 2014-06-20 12:00 - 00001116 _____ () C:\Users\Rachel\Documents\Attach.txt
2014-06-20 11:56 - 2014-06-20 11:56 - 00688992 ____R (Swearware) C:\Users\Jason\Documents\dds.com
2014-06-20 11:48 - 2014-01-29 11:39 - 00000000 ____D () C:\Users\Rachel
2014-06-20 08:40 - 2014-01-29 12:22 - 00019272 _____ () C:\Windows\SysWOW64\qengine.ini
2014-06-20 08:40 - 2014-01-29 12:22 - 00002688 _____ () C:\Windows\SysWOW64\qengineOff.ini
2014-06-20 08:40 - 2014-01-29 12:22 - 00002688 _____ () C:\Windows\system32\qengineOff.ini
2014-06-19 21:24 - 2014-06-19 21:24 - 01333465 _____ () C:\Users\Jason\Documents\AdwCleaner.exe
2014-06-19 21:18 - 2014-06-19 21:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Documents\tdsskiller.exe
2014-06-19 19:58 - 2014-06-19 19:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 19:56 - 2014-06-19 19:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-01-29 11:51 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\Malwarebytes
2014-06-19 19:56 - 2010-10-28 20:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 19:55 - 2014-06-19 19:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jason\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-18 16:08 - 2014-06-18 09:39 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Itwoeb
2014-06-18 16:08 - 2014-06-18 09:39 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Indema
2014-06-18 16:08 - 2014-06-18 09:39 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Imzoymow
2014-06-18 15:49 - 2013-09-22 19:35 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-18 09:41 - 2014-04-09 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-18 09:41 - 2013-09-22 19:37 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-16 16:21 - 2012-11-06 19:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-16 16:21 - 2011-07-06 21:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-16 13:59 - 2014-06-16 13:59 - 00068609 _____ () C:\Users\Jason\AppData\Local\fiupuwrs
2014-06-15 18:05 - 2010-06-01 21:22 - 00000000 ____D () C:\Users\Jason\Desktop\photos from rachel vx8500 phone
2014-06-13 09:56 - 2014-01-29 11:39 - 00000632 __RSH () C:\Users\Rachel\ntuser.pol
2014-06-13 09:50 - 2014-06-13 09:50 - 00318600 _____ (Dropbox, Inc.) C:\Users\Jason\Desktop\DropboxInstaller.exe
2014-06-12 16:35 - 2014-06-12 16:31 - 00000000 ____D () C:\Users\Jason\Documents\chicago rental movies 2014
2014-06-11 19:34 - 2014-01-27 20:02 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 03:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:01 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 20:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-09 17:27 - 2014-05-29 20:55 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-09 17:26 - 2014-01-29 12:22 - 00000000 ____D () C:\Program Files (x86)\Qustodio
2014-06-09 14:55 - 2014-06-09 14:55 - 00018512 _____ (Birch Grove Software, Inc.) C:\Windows\SysWOW64\Aamff30000.dll
2014-06-08 05:13 - 2014-06-10 23:02 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-10 23:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-31 10:00 - 2010-01-29 20:35 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-05-30 08:28 - 2014-03-03 12:19 - 00000000 ____D () C:\Users\Jason\Documents\CVs
2014-05-30 06:21 - 2014-06-10 23:03 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-10 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-10 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-10 23:03 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-10 23:03 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-10 23:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-10 23:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-10 23:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-10 23:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-10 23:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-10 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:21 - 2014-06-10 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:20 - 2014-06-10 23:03 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-10 23:03 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-10 23:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-10 23:03 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-10 23:03 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-10 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-10 23:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-10 23:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-10 23:03 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-10 23:03 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-10 23:03 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-10 23:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-10 23:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-10 23:03 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-10 23:03 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-10 23:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-10 23:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-10 23:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-10 23:03 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-10 23:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-10 23:03 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-10 23:03 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-10 23:03 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-10 23:03 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-10 23:03 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-10 23:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-10 23:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-10 23:03 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-10 23:03 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-10 23:03 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-10 23:03 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-10 23:03 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-10 23:03 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-10 23:03 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-10 23:03 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-10 23:03 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-10 23:03 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-10 23:03 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-10 23:03 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-10 23:03 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 20:53 - 2013-09-07 06:50 - 00000981 _____ () C:\Users\Jason\Desktop\Dropbox.lnk
2014-05-29 20:53 - 2013-09-07 06:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-29 13:32 - 2014-01-29 12:23 - 00462160 _____ (Qustodio) C:\Windows\system32\qproxy64.dll
2014-05-29 13:32 - 2014-01-29 12:23 - 00356688 _____ (Qustodio) C:\Windows\SysWOW64\qproxy.dll
2014-05-29 13:30 - 2014-06-11 04:42 - 00045272 _____ (Qustodio) C:\Windows\system32\Drivers\qwdr64.sys
2014-05-29 13:30 - 2014-06-11 04:42 - 00029912 _____ (Qustodio) C:\Windows\system32\Drivers\qwdf64.sys

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2904356355-2433456798-2227466943-1000\$6da677bdffd216b1e2281035260519bc

Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpobr3zk.dll
C:\Users\Rachel\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by Jason at 2014-06-24 14:13:46
Running from C:\Users\Jason\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActivTrak Agent v3.5.4 (x32 Version: 3.5.4.0 - Birch Grove Software, Inc.) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3972 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Avidemux 2.5 (32-bit) (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.6.7716 - )
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
BIMP Lite 1.62 (HKLM-x32\...\BIMPLite) (Version:  - )
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM-x32\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Canon MX350 series User Registration (HKLM-x32\...\Canon MX350 series User Registration) (Version:  - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.3.0.11 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Digital Photo Professional 2.1 (HKLM-x32\...\DPP) (Version: 2.1.1.4 - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.6.0.27 - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{29E6A126-BB06-41CF-B12D-E6A56261328D}) (Version: 5.6.31854.0 - DisplayLink Corp.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 3.1.4.1125 - Foxit Software Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP PSC 1100/1200/1300 series Cartridge Compatibility Utility (HKLM-x32\...\HP PSC Cartridge Compatibility Utility) (Version:  - )
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Remote Solution (x32 Version: 1.1.9.0 - TopSeed) Hidden
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
ImageJ 1.42q (HKLM-x32\...\ImageJ_is1) (Version:  - NIH)
ISI ResearchSoft - Export Helper (HKLM-x32\...\ISI ResearchSoft - Export Helper) (Version:  - )
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kensington Display Adapter (HKLM\...\{03628D03-BED8-4282-9411-6F9F03B2C83E}) (Version: 5.2.22663.0 - Kensington Computer Products Group)
Kensington Universal Multi-Display Adapter (HKLM\...\Kensington Universal Multi-Display Adapter) (Version: 5.2 - )
K-Lite Codec Pack 5.8.3 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.8.3 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 3.2.19.13664 - LeapFrog)
LeapFrog Connect (x32 Version: 3.2.19.13664 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 3.2.22.13714 - LeapFrog) Hidden
LG Verizon United Drivers (HKLM-x32\...\{C6A4A9B1-D8AC-46E4-B143-72FE9B8173A3}) (Version: 2.5.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version:  - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Motorola Driver Installation 4.6.0 (HKLM\...\{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}) (Version: 4.6.0 - Motorola Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM-x32\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
Qustodio (HKLM-x32\...\Qustodio) (Version: 150.4.1598.0 - Qustodio)
Qustodio (x32 Version: 150.4.1598.0 - Qustodio) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Reference Manager 11.0.1 (HKLM-x32\...\{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}) (Version: 11.0.1709 - Thomson ResearchSoft)
RSDLite (HKLM-x32\...\{3F470FED-77A1-4545-BF6E-AF687FF0B42D}) (Version: 4.6 - Motorola)
Torch (HKCU\...\Torch) (Version: 2.0.0.1614 - Torch Media Inc.) <==== ATTENTION
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1434 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0347 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0152 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0126 - Intuit Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-06-24 11:03 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => ?

==================== Loaded Modules (whitelisted) =============

2009-11-06 18:36 - 2009-11-06 18:36 - 02469888 _____ () C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
2009-05-26 04:36 - 2009-05-26 04:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Jason\Documents\DSC02388.JPG:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Jason\Documents\DSC02388.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\qengine => ""="service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2014 11:32:52 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (06/24/2014 11:08:03 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (06/24/2014 10:42:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19d8

Start Time: 01cf8f9d039c15c0

Termination Time: 125

Application Path: C:\Users\Jason\Documents\OTL.exe

Report Id:

Error: (06/24/2014 07:10:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 100c

Start Time: 01cf8f9c74fb6f78

Termination Time: 0

Application Path: C:\Users\Jason\Documents\OTL.exe

Report Id:

Error: (06/22/2014 08:49:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x11b0
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (06/21/2014 08:51:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x1fd8
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (06/20/2014 09:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x2870
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (06/20/2014 11:44:26 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (06/20/2014 08:16:22 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (06/19/2014 09:42:19 PM) (Source: uagqecsvc) (EventID: 16) (User: )
Description: The Microsoft Forefront UAG Quarantine Enforcement Client component cannot retrieve the status of the Network Access Protection (NAP) Agent service.
System error 1115: A system shutdown is in progress. (0x45b).
When the Microsoft Forefront UAG Quarantine Enforcement Client component starts, it attempts to query settings for the NAP agent service.

System errors:
=============
Error: (06/24/2014 11:40:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The qupdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/24/2014 11:39:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The qengine service failed to start due to the following error:
%%1053

Error: (06/24/2014 11:39:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the qengine service to connect.

Error: (06/24/2014 11:38:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The qengine service failed to start due to the following error:
%%1053

Error: (06/24/2014 11:38:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the qengine service to connect.

Error: (06/24/2014 11:38:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The qengine service failed to start due to the following error:
%%1053

Error: (06/24/2014 11:38:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the qengine service to connect.

Error: (06/24/2014 11:37:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The qengine service failed to start due to the following error:
%%1053

Error: (06/24/2014 11:37:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the qengine service to connect.

Error: (06/24/2014 11:37:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The qengine service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (06/24/2014 11:32:52 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x88980406

Error: (06/24/2014 11:08:03 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x88980406

Error: (06/24/2014 10:42:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.019d801cf8f9d039c15c0125C:\Users\Jason\Documents\OTL.exe

Error: (06/24/2014 07:10:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0100c01cf8f9c74fb6f780C:\Users\Jason\Documents\OTL.exe

Error: (06/22/2014 08:49:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e011b001cf8e72dcdf9590C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll3fa78070-fa70-11e3-b5a6-bccd9e391d96

Error: (06/21/2014 08:51:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e01fd801cf8da9b27642f0C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll6164de70-f9a7-11e3-b5a6-bccd9e391d96

Error: (06/20/2014 09:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e0287001cf8ce088248f30C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll863dc80c-f8e6-11e3-b5a6-bccd9e391d96

Error: (06/20/2014 11:44:26 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x88980406

Error: (06/20/2014 08:16:22 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x88980406

Error: (06/19/2014 09:42:19 PM) (Source: uagqecsvc) (EventID: 16) (User: )
Description: 1115A system shutdown is in progress. (0x45b)

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 7935.24 MB
Available physical RAM: 3543.84 MB
Total Pagefile: 15870.48 MB
Available Pagefile: 8607.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.62 GB) (Free:465.34 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:1.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 AM

Posted 24 June 2014 - 03:49 PM

Hi jgreene6


Warning Rootkit Detected


One or more of the identified infections is a rootkit.

This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the rootkit has been identified and can be killed, because ofhow it exploits your system, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this rootkit, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I suggest a reformat of the system, but the decision is entirely up to you. If you would like me to attempted to clean the machine please follow the steps below.

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2904356355-2433456798-2227466943-1000\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL =
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Itwoeb
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Indema
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Imzoymow
2014-06-16 13:59 - 2014-06-16 13:59 - 00068609 _____ () C:\Users\Jason\AppData\Local\fiupuwrs
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2904356355-2433456798-2227466943-1000\$6da677bdffd216b1e2281035260519bc
C:\Users\Rachel\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\Users\Jason\Documents\DSC02388.JPG:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Jason\Documents\DSC02388.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 2

  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

Step 3

System restore doesn't look to be running. I would like you to complete this

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Under Protection Settings, click the disk, and then click Configure.

Do the following:

To be able to restore system settings and previous versions of files, click Restore system settings and previous versions of files.

Click OK, and then click OK again


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 jgreene6

jgreene6
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 25 June 2014 - 06:26 AM

Here is the fixlog.txt.  malwarebytes only took a couple of minutes to run surprisingly, and found no threats.  I am strongly considering a OS reinstall.  I setup system restore according to you instructions.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Jason at 2014-06-25 07:10:10 Run:1
Running from C:\Users\Jason\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2904356355-2433456798-2227466943-1000\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL =
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Itwoeb
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Indema
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Imzoymow
2014-06-16 13:59 - 2014-06-16 13:59 - 00068609 _____ () C:\Users\Jason\AppData\Local\fiupuwrs
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2904356355-2433456798-2227466943-1000\$6da677bdffd216b1e2281035260519bc
C:\Users\Rachel\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\Users\Jason\Documents\DSC02388.JPG:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Jason\Documents\DSC02388.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
*****************

"C:\Windows\system32\GroupPolicy\Machine" directory move:

Could not move "C:\Windows\system32\GroupPolicy\Machine\Registry.pol" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\GroupPolicy\Machine" directory. => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.

"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2904356355-2433456798-2227466943-1000\User" directory move:

Could not move "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2904356355-2433456798-2227466943-1000\User\Registry.pol" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2904356355-2433456798-2227466943-1000\User" directory. => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"

Listing permissions failed. Access Denied.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Error deleting key. The key could be protected.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes"

Listing permissions failed. Access Denied.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44D54988-DF36-4BA7-9B3F-4A4A0354D0CD}'=> Key not found.
'HKCR\CLSID\{44D54988-DF36-4BA7-9B3F-4A4A0354D0CD}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} => value deleted successfully.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/25/2014
Scan Time: 7:12:17 AM
Logfile:
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.06.25.05
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jason

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 234895
Time Elapsed: 6 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 AM

Posted 25 June 2014 - 03:23 PM

Hi  jgreene6

We need to re-run FRST

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Also did you run this Program?

 

C:\Users\Jason\Documents\tdsskiller.exe

 

If so I would like you to copy and paste the contents of  the log it creates.

 

This should be in C:\TDSSKiller_Quarantine\

 

Finally do you have a USB flash drive we can use?


Edited by seedy21, 25 June 2014 - 04:01 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 jgreene6

jgreene6
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 25 June 2014 - 07:13 PM

posted is the FRST.txt and the TDSSKiller log ran today, I had ran it a few days ago.  Below the FRST contents are the TDSSKiller log from today.  It found one rootkit Cidox.b.  Do you want me to post the TDSSKiller log from a week ago?  Yes, I have a usb flashdrive.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Jason (ATTENTION: The logged in user is not administrator) on JASON-PC on 25-06-2014 19:31:13
Running from C:\Users\Jason\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Birch Grove Software, Inc.) C:\Windows\SysWOW64\trmhost.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
(Dropbox, Inc.) C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qustodio) C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16334368 2009-07-18] (NVIDIA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [BYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QAppTray] => C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe [3944248 2014-05-29] (Qustodio)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [OTL] - "C:\Users\Jason\Documents\OTL.exe" [602112 2014-06-20] (OldTimer Tools)
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Jason\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=de98da301e8947d08eee41affc913ec0-fccf57b02102fa433d59e589a87507eb5dfe1600 /CMPID=1113a
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {356fa755-4435-11e2-b006-e8f6775d7000} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {58ff605c-ef34-11e2-b9a1-fc7fb293621d} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {619e6b5e-f721-11e3-a41d-98081d279c05} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {dd093b9a-87b1-11e1-bb31-90e6ba75d733} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {dd093bd2-87b1-11e1-bb31-90e6ba75d733} - F:\TL_Bootstrap.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2904356355-2433456798-2227466943-1000\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://owa.eastman.com/InternalSite/WhlCompMgr.cab
DPF: HKLM-x32 {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\qproxy.dll [356688] (Qustodio)
Winsock: Catalog9 02 C:\Windows\SysWOW64\qproxy.dll [356688] (Qustodio)
Winsock: Catalog9 03 C:\Windows\SysWOW64\qproxy.dll [356688] (Qustodio)
Winsock: Catalog9 04 C:\Windows\SysWOW64\qproxy.dll [356688] (Qustodio)
Winsock: Catalog9 15 C:\Windows\SysWOW64\qproxy.dll [356688] (Qustodio)
Winsock: Catalog9-x64 01 C:\Windows\system32\qproxy64.dll [462160] (Qustodio)
Winsock: Catalog9-x64 02 C:\Windows\system32\qproxy64.dll [462160] (Qustodio)
Winsock: Catalog9-x64 03 C:\Windows\system32\qproxy64.dll [462160] (Qustodio)
Winsock: Catalog9-x64 04 C:\Windows\system32\qproxy64.dll [462160] (Qustodio)
Winsock: Catalog9-x64 15 C:\Windows\system32\qproxy64.dll [462160] (Qustodio)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\rx3sum1o.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Jason\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Extension: Mozilla Safe Browsing - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\rx3sum1o.default\Extensions\{a42e1718-286d-11e2-8271-b8ac6f996f26}.xpi [2012-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-17]
CHR Extension: (Google Drive) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-17]
CHR Extension: (Google Search) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-17]
CHR Extension: (xscBrwse) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpkhcnnfdolacakijijboejhnaniofp [2014-05-09]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
CHR Extension: (Gmail) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-17]

==================== Services (Whitelisted) =================

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9663848 2011-04-10] (DisplayLink Corp.)
S3 DMService; C:\Windows\Downloaded Program Files\DM.0\DMService.exe [487312 2011-09-22] (Microsoft Corporation)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 qengine; C:\Program Files (x86)\Qustodio\qproxy\qengine.exe [3884880 2014-05-29] (Qustodio)
R2 qupdate; C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe [1853240 2014-05-29] (Qustodio)
R2 svctcom; C:\Windows\SysWOW64\svctcom.exe [263808 2014-05-04] (Birch Grove Software, Inc.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2011-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 androidusb; C:\Windows\System32\Drivers\motoandroid.sys [31744 2009-07-10] (Motorola)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [17408 2011-04-10] (http://libusb-win32.sourceforge.net)
R1 qwdf64; C:\Windows\system32\Drivers\qwdf64.sys [29912 2014-05-29] (Qustodio)
R1 qwdr64; C:\Windows\system32\Drivers\qwdr64.sys [45272 2014-05-29] (Qustodio)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetdiag2; C:\Windows\System32\DRIVERS\lgvzandnetdiag264.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36352 2011-10-10] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2011-10-21] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-25 07:07 - 2014-06-25 07:07 - 00001391 _____ () C:\Users\Jason\Downloads\fixlist.txt
2014-06-24 14:13 - 2014-06-24 14:13 - 00024136 _____ () C:\Users\Jason\Downloads\Addition.txt
2014-06-24 14:11 - 2014-06-25 19:31 - 00019103 _____ () C:\Users\Jason\Downloads\FRST.txt
2014-06-24 14:11 - 2014-06-25 19:31 - 00000000 ____D () C:\FRST
2014-06-24 11:16 - 2014-06-24 11:16 - 02082816 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2014-06-24 11:16 - 2014-06-24 11:16 - 01342659 _____ () C:\Users\Jason\Downloads\AdwCleaner.exe
2014-06-24 11:13 - 2014-06-24 11:13 - 00000236 _____ () C:\Users\Jason\Documents\avg infected file 20140624.txt
2014-06-24 07:08 - 2014-06-24 07:08 - 00000000 ____D () C:\_OTL
2014-06-24 06:58 - 2014-06-24 06:59 - 110501607 _____ () C:\Users\Jason\Downloads\Katy Perry - Hot N Cold.mp4
2014-06-20 17:33 - 2014-06-20 17:33 - 00002366 _____ () C:\Users\Rachel\Documents\bleeping computer forum post 2014 06 20.txt
2014-06-20 12:28 - 2014-06-20 12:28 - 00062526 _____ () C:\Users\Jason\Documents\Extras.Txt
2014-06-20 12:25 - 2014-06-20 12:25 - 00100216 _____ () C:\Users\Jason\Documents\OTL.Txt
2014-06-20 12:07 - 2014-06-20 12:07 - 00602112 _____ (OldTimer Tools) C:\Users\Jason\Documents\OTL.exe
2014-06-20 12:00 - 2014-06-20 12:00 - 00001116 _____ () C:\Users\Rachel\Documents\Attach.txt
2014-06-20 11:59 - 2014-06-20 12:03 - 00001118 _____ () C:\Users\Rachel\Desktop\attach.txt
2014-06-20 11:56 - 2014-06-20 11:56 - 00688992 ____R (Swearware) C:\Users\Jason\Documents\dds.com
2014-06-19 21:24 - 2014-06-19 21:24 - 01333465 _____ () C:\Users\Jason\Documents\AdwCleaner.exe
2014-06-19 21:18 - 2014-06-19 21:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Documents\tdsskiller.exe
2014-06-19 19:57 - 2014-06-19 19:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 19:56 - 2014-06-19 19:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-19 19:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-19 19:54 - 2014-06-19 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jason\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Itwoeb
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Indema
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Imzoymow
2014-06-16 13:59 - 2014-06-16 13:59 - 00068609 _____ () C:\Users\Jason\AppData\Local\fiupuwrs
2014-06-13 09:50 - 2014-06-13 09:50 - 00318600 _____ (Dropbox, Inc.) C:\Users\Jason\Desktop\DropboxInstaller.exe
2014-06-12 16:31 - 2014-06-12 16:35 - 00000000 ____D () C:\Users\Jason\Documents\chicago rental movies 2014
2014-06-11 04:42 - 2014-05-29 13:30 - 00045272 _____ (Qustodio) C:\Windows\system32\Drivers\qwdr64.sys
2014-06-11 04:42 - 2014-05-29 13:30 - 00029912 _____ (Qustodio) C:\Windows\system32\Drivers\qwdf64.sys
2014-06-10 23:03 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 23:03 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 23:03 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 23:03 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 23:03 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 23:03 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 23:03 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 23:03 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 23:03 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 23:03 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 23:03 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 23:03 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 23:03 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 23:03 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 23:03 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 23:03 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 23:03 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 23:03 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 23:03 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 23:03 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 23:03 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 23:03 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 23:03 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 23:03 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 23:03 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 23:03 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 23:03 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 23:03 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 23:03 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 23:03 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 23:03 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 23:03 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 23:03 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 23:03 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 23:03 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 23:03 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 23:03 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 23:03 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 23:03 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 23:03 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 23:03 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 23:03 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 23:03 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 23:03 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 23:03 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 23:03 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 23:03 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 23:03 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 23:03 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 23:03 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 23:03 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 23:03 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 23:03 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 23:03 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 23:03 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 23:03 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 23:03 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 23:03 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 23:03 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 23:03 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 23:03 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 23:03 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 23:03 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 23:03 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 23:02 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 23:02 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-09 14:55 - 2014-06-09 14:55 - 00018512 _____ (Birch Grove Software, Inc.) C:\Windows\SysWOW64\Aamff30000.dll
2014-06-01 22:07 - 2014-06-25 07:04 - 00000000 ____D () C:\Users\Jason\Desktop\Summer 14
2014-05-29 20:55 - 2014-06-09 17:27 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

==================== One Month Modified Files and Folders =======

2014-06-25 19:32 - 2014-06-24 14:11 - 00019103 _____ () C:\Users\Jason\Downloads\FRST.txt
2014-06-25 19:31 - 2014-06-24 14:11 - 00000000 ____D () C:\FRST
2014-06-25 19:30 - 2014-01-27 20:02 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 18:40 - 2013-07-28 16:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 18:37 - 2014-01-27 20:02 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 17:50 - 2012-11-06 21:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-25 09:40 - 2014-01-29 12:22 - 00019272 _____ () C:\Windows\SysWOW64\qengine.ini
2014-06-25 09:40 - 2014-01-29 12:22 - 00002688 _____ () C:\Windows\SysWOW64\qengineOff.ini
2014-06-25 09:40 - 2014-01-29 12:22 - 00002688 _____ () C:\Windows\system32\qengineOff.ini
2014-06-25 07:37 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 07:37 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 07:35 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-25 07:34 - 2010-01-29 19:45 - 02085717 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 07:30 - 2014-01-29 11:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-25 07:29 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 07:29 - 2009-07-14 00:51 - 00070000 _____ () C:\Windows\setupact.log
2014-06-25 07:26 - 2013-09-07 06:50 - 00000000 ___RD () C:\Users\Jason\Dropbox
2014-06-25 07:08 - 2014-05-03 17:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\DropboxMaster
2014-06-25 07:08 - 2013-09-07 06:47 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Dropbox
2014-06-25 07:07 - 2014-06-25 07:07 - 00001391 _____ () C:\Users\Jason\Downloads\fixlist.txt
2014-06-25 07:05 - 2014-05-10 14:21 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-25 07:04 - 2014-06-01 22:07 - 00000000 ____D () C:\Users\Jason\Desktop\Summer 14
2014-06-24 14:13 - 2014-06-24 14:13 - 00024136 _____ () C:\Users\Jason\Downloads\Addition.txt
2014-06-24 11:34 - 2014-01-29 11:57 - 00000000 ____D () C:\Windows\SysWOW64\aamdata
2014-06-24 11:32 - 2009-12-06 08:46 - 00387128 _____ () C:\Windows\PFRO.log
2014-06-24 11:30 - 2014-05-10 14:05 - 00000000 ____D () C:\AdwCleaner
2014-06-24 11:16 - 2014-06-24 11:16 - 02082816 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2014-06-24 11:16 - 2014-06-24 11:16 - 01342659 _____ () C:\Users\Jason\Downloads\AdwCleaner.exe
2014-06-24 11:13 - 2014-06-24 11:13 - 00000236 _____ () C:\Users\Jason\Documents\avg infected file 20140624.txt
2014-06-24 07:08 - 2014-06-24 07:08 - 00000000 ____D () C:\_OTL
2014-06-24 07:00 - 2010-02-03 22:12 - 00000000 ____D () C:\hmb
2014-06-24 06:59 - 2014-06-24 06:58 - 110501607 _____ () C:\Users\Jason\Downloads\Katy Perry - Hot N Cold.mp4
2014-06-22 20:30 - 2013-03-26 17:35 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\vlc
2014-06-20 17:33 - 2014-06-20 17:33 - 00002366 _____ () C:\Users\Rachel\Documents\bleeping computer forum post 2014 06 20.txt
2014-06-20 12:28 - 2014-06-20 12:28 - 00062526 _____ () C:\Users\Jason\Documents\Extras.Txt
2014-06-20 12:25 - 2014-06-20 12:25 - 00100216 _____ () C:\Users\Jason\Documents\OTL.Txt
2014-06-20 12:07 - 2014-06-20 12:07 - 00602112 _____ (OldTimer Tools) C:\Users\Jason\Documents\OTL.exe
2014-06-20 12:03 - 2014-06-20 11:59 - 00001118 _____ () C:\Users\Rachel\Desktop\attach.txt
2014-06-20 12:00 - 2014-06-20 12:00 - 00001116 _____ () C:\Users\Rachel\Documents\Attach.txt
2014-06-20 11:56 - 2014-06-20 11:56 - 00688992 ____R (Swearware) C:\Users\Jason\Documents\dds.com
2014-06-20 11:48 - 2014-01-29 11:39 - 00000000 ____D () C:\Users\Rachel
2014-06-19 21:24 - 2014-06-19 21:24 - 01333465 _____ () C:\Users\Jason\Documents\AdwCleaner.exe
2014-06-19 21:18 - 2014-06-19 21:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Documents\tdsskiller.exe
2014-06-19 19:58 - 2014-06-19 19:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 19:56 - 2014-06-19 19:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-01-29 11:51 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\Malwarebytes
2014-06-19 19:56 - 2010-10-28 20:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 19:55 - 2014-06-19 19:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jason\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-18 16:08 - 2014-06-18 09:39 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Itwoeb
2014-06-18 16:08 - 2014-06-18 09:39 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Indema
2014-06-18 16:08 - 2014-06-18 09:39 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Imzoymow
2014-06-18 15:49 - 2013-09-22 19:35 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-18 09:41 - 2014-04-09 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-18 09:41 - 2013-09-22 19:37 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-16 16:21 - 2012-11-06 19:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-16 16:21 - 2011-07-06 21:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-16 13:59 - 2014-06-16 13:59 - 00068609 _____ () C:\Users\Jason\AppData\Local\fiupuwrs
2014-06-15 18:05 - 2010-06-01 21:22 - 00000000 ____D () C:\Users\Jason\Desktop\photos from rachel vx8500 phone
2014-06-13 09:56 - 2014-01-29 11:39 - 00000632 __RSH () C:\Users\Rachel\ntuser.pol
2014-06-13 09:50 - 2014-06-13 09:50 - 00318600 _____ (Dropbox, Inc.) C:\Users\Jason\Desktop\DropboxInstaller.exe
2014-06-12 16:35 - 2014-06-12 16:31 - 00000000 ____D () C:\Users\Jason\Documents\chicago rental movies 2014
2014-06-11 19:34 - 2014-01-27 20:02 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 03:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:01 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 20:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-09 17:27 - 2014-05-29 20:55 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-09 17:26 - 2014-01-29 12:22 - 00000000 ____D () C:\Program Files (x86)\Qustodio
2014-06-09 14:55 - 2014-06-09 14:55 - 00018512 _____ (Birch Grove Software, Inc.) C:\Windows\SysWOW64\Aamff30000.dll
2014-06-08 05:13 - 2014-06-10 23:02 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-10 23:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-31 10:00 - 2010-01-29 20:35 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-05-30 08:28 - 2014-03-03 12:19 - 00000000 ____D () C:\Users\Jason\Documents\CVs
2014-05-30 06:21 - 2014-06-10 23:03 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-10 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-10 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-10 23:03 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-10 23:03 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-10 23:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-10 23:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-10 23:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-10 23:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-10 23:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-10 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:21 - 2014-06-10 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:20 - 2014-06-10 23:03 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-10 23:03 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-10 23:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-10 23:03 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-10 23:03 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-10 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-10 23:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-10 23:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-10 23:03 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-10 23:03 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-10 23:03 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-10 23:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-10 23:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-10 23:03 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-10 23:03 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-10 23:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-10 23:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-10 23:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-10 23:03 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-10 23:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-10 23:03 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-10 23:03 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-10 23:03 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-10 23:03 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-10 23:03 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-10 23:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-10 23:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-10 23:03 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-10 23:03 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-10 23:03 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-10 23:03 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-10 23:03 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-10 23:03 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-10 23:03 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-10 23:03 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-10 23:03 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-10 23:03 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-10 23:03 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-10 23:03 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-10 23:03 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 20:53 - 2013-09-07 06:50 - 00000981 _____ () C:\Users\Jason\Desktop\Dropbox.lnk
2014-05-29 20:53 - 2013-09-07 06:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-29 13:32 - 2014-01-29 12:23 - 00462160 _____ (Qustodio) C:\Windows\system32\qproxy64.dll
2014-05-29 13:32 - 2014-01-29 12:23 - 00356688 _____ (Qustodio) C:\Windows\SysWOW64\qproxy.dll
2014-05-29 13:30 - 2014-06-11 04:42 - 00045272 _____ (Qustodio) C:\Windows\system32\Drivers\qwdr64.sys
2014-05-29 13:30 - 2014-06-11 04:42 - 00029912 _____ (Qustodio) C:\Windows\system32\Drivers\qwdf64.sys

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2904356355-2433456798-2227466943-1000\$6da677bdffd216b1e2281035260519bc

Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyfdgg1.dll
C:\Users\Rachel\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

19:53:09.0571 0x1408  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
19:53:14.0750 0x1408  ============================================================
19:53:14.0750 0x1408  Current date / time: 2014/06/25 19:53:14.0750
19:53:14.0750 0x1408  SystemInfo:
19:53:14.0750 0x1408 
19:53:14.0750 0x1408  OS Version: 6.1.7601 ServicePack: 1.0
19:53:14.0750 0x1408  Product type: Workstation
19:53:14.0750 0x1408  ComputerName: JASON-PC
19:53:14.0750 0x1408  UserName: Rachel
19:53:14.0750 0x1408  Windows directory: C:\Windows
19:53:14.0750 0x1408  System windows directory: C:\Windows
19:53:14.0750 0x1408  Running under WOW64
19:53:14.0750 0x1408  Processor architecture: Intel x64
19:53:14.0750 0x1408  Number of processors: 4
19:53:14.0750 0x1408  Page size: 0x1000
19:53:14.0750 0x1408  Boot type: Normal boot
19:53:14.0750 0x1408  ============================================================
19:53:16.0825 0x1408  KLMD registered as C:\Windows\system32\drivers\10166774.sys
19:53:17.0199 0x1408  System UUID: {185ADB77-42C7-40E7-5C8C-482BDC7C27AC}
19:53:17.0667 0x1408  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:53:17.0698 0x1408  ============================================================
19:53:17.0698 0x1408  \Device\Harddisk0\DR0:
19:53:17.0698 0x1408  MBR partitions:
19:53:17.0698 0x1408  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FA000
19:53:17.0698 0x1408  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3FBC04, BlocksNum 0x72D3CAEE
19:53:17.0698 0x1408  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x73138800, BlocksNum 0x15CD800
19:53:17.0698 0x1408  ============================================================
19:53:17.0730 0x1408  C: <-> \Device\Harddisk0\DR0\Partition2
19:53:17.0761 0x1408  D: <-> \Device\Harddisk0\DR0\Partition3
19:53:17.0761 0x1408  ============================================================
19:53:17.0761 0x1408  Initialize success
19:53:17.0761 0x1408  ============================================================
19:53:58.0492 0x15b4  ============================================================
19:53:58.0492 0x15b4  Scan started
19:53:58.0492 0x15b4  Mode: Manual;
19:53:58.0492 0x15b4  ============================================================
19:53:58.0492 0x15b4  KSN ping started
19:53:58.0882 0x15b4  KSN ping finished: false
19:54:00.0427 0x15b4  ================ Scan system memory ========================
19:54:00.0427 0x15b4  System memory - ok
19:54:00.0427 0x15b4  ================ Scan services =============================
19:54:00.0583 0x15b4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:54:00.0598 0x15b4  1394ohci - ok
19:54:00.0661 0x15b4  [ E0A8525A951ADDB4655BC2068566407D, 7C08B9DB7C281422FD64219DF81B7064CE16EA53CF00EB1FC33CB0741CE6605F ] 61883           C:\Windows\system32\DRIVERS\61883.sys
19:54:00.0661 0x15b4  61883 - ok
19:54:00.0692 0x15b4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:54:00.0708 0x15b4  ACPI - ok
19:54:00.0739 0x15b4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:54:00.0739 0x15b4  AcpiPmi - ok
19:54:00.0817 0x15b4  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:00.0817 0x15b4  AdobeARMservice - ok
19:54:00.0926 0x15b4  [ B5D8DE922237CEDDC7992297654A4BE4, 88EF0B5EBFB383C9069A29AEA8D76EDBE1E70DD6F7C18970EE01ECAE9F408B38 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:00.0942 0x15b4  AdobeFlashPlayerUpdateSvc - ok
19:54:01.0004 0x15b4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:01.0020 0x15b4  adp94xx - ok
19:54:01.0051 0x15b4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:54:01.0066 0x15b4  adpahci - ok
19:54:01.0082 0x15b4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:54:01.0082 0x15b4  adpu320 - ok
19:54:01.0113 0x15b4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:54:01.0113 0x15b4  AeLookupSvc - ok
19:54:01.0176 0x15b4  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
19:54:01.0207 0x15b4  AFD - ok
19:54:01.0332 0x15b4  [ 4F2688F7399DC9A8C3078887E359095E, 773F851D26855689AB43F6D4ACC5F832321C45BDA3A1B321F390DDF41B99590C ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
19:54:01.0363 0x15b4  AffinegyService - ok
19:54:01.0394 0x15b4  [ B65F8DBA54F251906BBE8611B5A0E7AB, 9ADE347CB4E7C33D668DAC79A316C97C78D94D296B158F481F3E32F9DA4D647E ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
19:54:01.0394 0x15b4  AgereModemAudio - ok
19:54:01.0441 0x15b4  [ 184E1AD35DBF9328ADD7D560A792E6E9, 4745062BD6430861FD62CB9C08F3D535A1AED79C3EDDDB48FE1555BC9353ADCA ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
19:54:01.0472 0x15b4  AgereSoftModem - ok
19:54:01.0503 0x15b4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:54:01.0503 0x15b4  agp440 - ok
19:54:01.0519 0x15b4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:54:01.0519 0x15b4  ALG - ok
19:54:01.0550 0x15b4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:54:01.0550 0x15b4  aliide - ok
19:54:01.0581 0x15b4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:54:01.0581 0x15b4  amdide - ok
19:54:01.0597 0x15b4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:54:01.0597 0x15b4  AmdK8 - ok
19:54:01.0612 0x15b4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:54:01.0612 0x15b4  AmdPPM - ok
19:54:01.0644 0x15b4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:54:01.0644 0x15b4  amdsata - ok
19:54:01.0659 0x15b4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:01.0659 0x15b4  amdsbs - ok
19:54:01.0675 0x15b4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:54:01.0675 0x15b4  amdxata - ok
19:54:01.0706 0x15b4  [ D69F1E9A944A5F46A494AF901ED41118, 162F7EFA30BF687585A2F4CB612CFAA24F5B7B8BEAF1A9FB9FE3E4988682228D ] androidusb      C:\Windows\system32\Drivers\motoandroid.sys
19:54:01.0706 0x15b4  androidusb - ok
19:54:01.0753 0x15b4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
19:54:01.0753 0x15b4  AppID - ok
19:54:01.0768 0x15b4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:54:01.0768 0x15b4  AppIDSvc - ok
19:54:01.0831 0x15b4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:54:01.0831 0x15b4  Appinfo - ok
19:54:01.0846 0x15b4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:54:01.0862 0x15b4  arc - ok
19:54:01.0878 0x15b4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:54:01.0878 0x15b4  arcsas - ok
19:54:01.0987 0x15b4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:54:01.0987 0x15b4  aspnet_state - ok
19:54:02.0018 0x15b4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:02.0018 0x15b4  AsyncMac - ok
19:54:02.0034 0x15b4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:54:02.0034 0x15b4  atapi - ok
19:54:02.0127 0x15b4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:54:02.0158 0x15b4  AudioEndpointBuilder - ok
19:54:02.0174 0x15b4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:54:02.0190 0x15b4  AudioSrv - ok
19:54:02.0221 0x15b4  [ 16FABE84916623D0607E4A975544032C, 9D960CAE27B1769ED5B024C0A3375912432521C73C1F59E21111596A7981BDC3 ] Avc             C:\Windows\system32\DRIVERS\avc.sys
19:54:02.0236 0x15b4  Avc - ok
19:54:02.0283 0x15b4  [ D89F8E4E025DAA0C39FF61AC0199E101, 0A80A572D93DBDE14CD5494EF3F866B44E9BC259D43EE23185E4FC227D08DE69 ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
19:54:02.0299 0x15b4  Avgdiska - ok
19:54:02.0548 0x15b4  [ 561CE09C52F6E945ED4CE7E173D1F542, 25FB1B55E22D4DF3B03B6D395B6C4749C03B950139767FA095C24234BD962782 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
19:54:02.0611 0x15b4  AVGIDSAgent - ok
19:54:02.0673 0x15b4  [ F9984B8432204D000E15DE0A40D6F9AD, EBF0AAAFC9793F1EDCF3502CAE265CC012A60FA2B5DAD35A66DAD19ACFE206FC ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:54:02.0673 0x15b4  AVGIDSDriver - ok
19:54:02.0704 0x15b4  [ 73B684F26AD82BABC2A1B3E539ED027A, B164C0C395FF285ED31615E7DB5F43B31A2F1CB6156A68BB5F3802AFCA7B8887 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
19:54:02.0704 0x15b4  AVGIDSHA - ok
19:54:02.0720 0x15b4  [ 18A542A22A31DFFEA51666E75393E7A5, 7EFA508ECE7266446B2A5E12DB7461D328F2B47E2A70A8AA2C9D0E42898C71AC ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
19:54:02.0736 0x15b4  Avgldx64 - ok
19:54:02.0751 0x15b4  [ EC0E347F6C95541504CCF1B85D74F91F, F0819BF489C8776696D9DD89AC9673717BAF957DFAA071DA3911560172C6D952 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
19:54:02.0751 0x15b4  Avgloga - ok
19:54:02.0782 0x15b4  [ ADC65C6074A994D91CA9C6339C3DC978, A736BF94E41B9B06E826E3F2BBA7B305990DF68CF17DA8F661AE952FB240DDE1 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
19:54:02.0798 0x15b4  Avgmfx64 - ok
19:54:02.0814 0x15b4  [ 7D206FA06603E95984EFF9822C9FC958, 11863D7A5A14C852594F90FD3A54E55CBE8C27075E640C9B222102AD9DA91F35 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
19:54:02.0814 0x15b4  Avgrkx64 - ok
19:54:02.0860 0x15b4  [ 6FB25E61AC5885F5BD8BC5202D129BDF, 2644612402A8F7EDF8EB98537D10BCF0284B89797EC17A426DE94CE6922C1F4A ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
19:54:02.0860 0x15b4  Avgtdia - ok
19:54:02.0907 0x15b4  [ E5C581D358B62CF65776B8E4E17B9E5C, 955E4ECFD036330B139476CCCC7564B082C197D5E7577853E0C3D7B707EDB090 ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
19:54:02.0907 0x15b4  avgwd - ok
19:54:02.0938 0x15b4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:54:02.0938 0x15b4  AxInstSV - ok
19:54:02.0985 0x15b4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:54:02.0985 0x15b4  b06bdrv - ok
19:54:03.0032 0x15b4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:03.0048 0x15b4  b57nd60a - ok
19:54:03.0079 0x15b4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:54:03.0079 0x15b4  BDESVC - ok
19:54:03.0094 0x15b4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:54:03.0094 0x15b4  Beep - ok
19:54:03.0172 0x15b4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:54:03.0204 0x15b4  BFE - ok
19:54:03.0266 0x15b4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:54:03.0282 0x15b4  BITS - ok
19:54:03.0297 0x15b4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:03.0297 0x15b4  blbdrive - ok
19:54:03.0344 0x15b4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:54:03.0344 0x15b4  bowser - ok
19:54:03.0360 0x15b4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:03.0360 0x15b4  BrFiltLo - ok
19:54:03.0375 0x15b4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:03.0375 0x15b4  BrFiltUp - ok
19:54:03.0422 0x15b4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:54:03.0422 0x15b4  Browser - ok
19:54:03.0453 0x15b4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:54:03.0469 0x15b4  Brserid - ok
19:54:03.0500 0x15b4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:03.0500 0x15b4  BrSerWdm - ok
19:54:03.0516 0x15b4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:03.0516 0x15b4  BrUsbMdm - ok
19:54:03.0547 0x15b4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:03.0562 0x15b4  BrUsbSer - ok
19:54:03.0594 0x15b4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:54:03.0594 0x15b4  BTHMODEM - ok
19:54:03.0640 0x15b4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:54:03.0640 0x15b4  bthserv - ok
19:54:03.0703 0x15b4  [ 5753532C476B83119D85AA43B1B10AB3, 1CF4CA789312B9AB20E00BBFCC20084E6DAA797CE64FAA78B5DEE482D621A289 ] CCALib8         C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
19:54:03.0703 0x15b4  CCALib8 - ok
19:54:03.0734 0x15b4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:54:03.0750 0x15b4  cdfs - ok
19:54:03.0812 0x15b4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:54:03.0828 0x15b4  cdrom - ok
19:54:03.0859 0x15b4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:54:03.0874 0x15b4  CertPropSvc - ok
19:54:03.0890 0x15b4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:54:03.0890 0x15b4  circlass - ok
19:54:03.0952 0x15b4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:54:03.0968 0x15b4  CLFS - ok
19:54:04.0015 0x15b4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:04.0015 0x15b4  clr_optimization_v2.0.50727_32 - ok
19:54:04.0046 0x15b4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:04.0046 0x15b4  clr_optimization_v2.0.50727_64 - ok
19:54:04.0124 0x15b4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:04.0124 0x15b4  clr_optimization_v4.0.30319_32 - ok
19:54:04.0140 0x15b4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:04.0155 0x15b4  clr_optimization_v4.0.30319_64 - ok
19:54:04.0171 0x15b4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:04.0171 0x15b4  CmBatt - ok
19:54:04.0202 0x15b4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:54:04.0202 0x15b4  cmdide - ok
19:54:04.0249 0x15b4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
19:54:04.0264 0x15b4  CNG - ok
19:54:04.0264 0x15b4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:54:04.0264 0x15b4  Compbatt - ok
19:54:04.0280 0x15b4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:54:04.0280 0x15b4  CompositeBus - ok
19:54:04.0296 0x15b4  COMSysApp - ok
19:54:04.0358 0x15b4  [ 7150E3708FB489E7941F7A6A7A0DB282, 2D521FCF3CC75C86FF74B885490000A94468FC68113785B700FF62C912511843 ] CouponPrinterService C:\Program Files (x86)\Coupons\CouponPrinterService.exe
19:54:04.0358 0x15b4  CouponPrinterService - ok
19:54:04.0389 0x15b4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:54:04.0389 0x15b4  crcdisk - ok
19:54:04.0405 0x15b4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:54:04.0420 0x15b4  CryptSvc - ok
19:54:04.0452 0x15b4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:54:04.0467 0x15b4  DcomLaunch - ok
19:54:04.0498 0x15b4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:54:04.0514 0x15b4  defragsvc - ok
19:54:04.0592 0x15b4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:54:04.0592 0x15b4  DfsC - ok
19:54:04.0623 0x15b4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:54:04.0639 0x15b4  Dhcp - ok
19:54:04.0654 0x15b4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:54:04.0670 0x15b4  discache - ok
19:54:04.0686 0x15b4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:54:04.0701 0x15b4  Disk - ok
19:54:05.0076 0x15b4  [ 214CF29D013B96B8AAA0C31682349D92, 9507B79FDC37D2361A844F12308B68F00EDA5E4B795E868DF2E01B514F8BA762 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
19:54:05.0278 0x15b4  DisplayLinkService - ok
19:54:05.0325 0x15b4  [ 1FAE14F2CB2F1C1CBDBC17EFB63D5845, 46DB65BB77179F0598A5F818985BA811A3B3CE9355158BA99C1C4C3A41E4904B ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
19:54:05.0325 0x15b4  DisplayLinkUsbPort - ok
19:54:05.0372 0x15b4  [ 5D5B9E1E45B1EB727EFEAB0F44C7E4EF, E288494B8FD6AE63B07764277DBA50324CB0DE3D8159FF64FD75A75B261AC834 ] dlkmd           C:\Windows\system32\drivers\dlkmd.sys
19:54:05.0372 0x15b4  dlkmd - ok
19:54:05.0372 0x15b4  [ B701A03D4C256A288D89D615E139CB7C, 6F9BC6938EF18828075CE516DB82E8731BF5B71F490C070FFC873AEE32491006 ] dlkmdldr        C:\Windows\system32\drivers\dlkmdldr.sys
19:54:05.0388 0x15b4  dlkmdldr - ok
19:54:05.0466 0x15b4  [ AE3D76825152764EF016370FDAC219F9, 9CE85CB8CD9E247F9AD446E438DB6B602E82174798A0AA4A4AC4100FA88319AF ] DMService       C:\Windows\Downloaded Program Files\DM.0\DMService.exe
19:54:05.0481 0x15b4  DMService - ok
19:54:05.0528 0x15b4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:54:05.0528 0x15b4  Dnscache - ok
19:54:05.0559 0x15b4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:54:05.0575 0x15b4  dot3svc - ok
19:54:05.0606 0x15b4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:54:05.0606 0x15b4  DPS - ok
19:54:05.0668 0x15b4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:54:05.0668 0x15b4  drmkaud - ok
19:54:05.0731 0x15b4  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:54:05.0746 0x15b4  DXGKrnl - ok
19:54:05.0778 0x15b4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:54:05.0778 0x15b4  EapHost - ok
19:54:05.0887 0x15b4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:54:05.0949 0x15b4  ebdrv - ok
19:54:05.0980 0x15b4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
19:54:05.0980 0x15b4  EFS - ok
19:54:06.0058 0x15b4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:54:06.0074 0x15b4  ehRecvr - ok
19:54:06.0105 0x15b4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:54:06.0105 0x15b4  ehSched - ok
19:54:06.0152 0x15b4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:54:06.0168 0x15b4  elxstor - ok
19:54:06.0199 0x15b4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:54:06.0199 0x15b4  ErrDev - ok
19:54:06.0230 0x15b4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:54:06.0230 0x15b4  EventSystem - ok
19:54:06.0261 0x15b4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:54:06.0261 0x15b4  exfat - ok
19:54:06.0292 0x15b4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:54:06.0292 0x15b4  fastfat - ok
19:54:06.0339 0x15b4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:54:06.0355 0x15b4  Fax - ok
19:54:06.0386 0x15b4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:54:06.0386 0x15b4  fdc - ok
19:54:06.0402 0x15b4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:54:06.0402 0x15b4  fdPHost - ok
19:54:06.0433 0x15b4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:54:06.0433 0x15b4  FDResPub - ok
19:54:06.0448 0x15b4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:54:06.0448 0x15b4  FileInfo - ok
19:54:06.0464 0x15b4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:54:06.0464 0x15b4  Filetrace - ok
19:54:06.0480 0x15b4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:54:06.0480 0x15b4  flpydisk - ok
19:54:06.0511 0x15b4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:54:06.0511 0x15b4  FltMgr - ok
19:54:06.0604 0x15b4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:54:06.0636 0x15b4  FontCache - ok
19:54:06.0698 0x15b4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:54:06.0698 0x15b4  FontCache3.0.0.0 - ok
19:54:06.0729 0x15b4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:54:06.0729 0x15b4  FsDepends - ok
19:54:06.0776 0x15b4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:54:06.0776 0x15b4  Fs_Rec - ok
19:54:06.0838 0x15b4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:54:06.0854 0x15b4  fvevol - ok
19:54:06.0901 0x15b4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:54:06.0901 0x15b4  gagp30kx - ok
19:54:06.0948 0x15b4  [ C44D560E441F091EA3B72F778EC60DE2, 1F90BA0E98C436B98BF6B0BC93146B52C081DF374424E2DCA270316D508A59B2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
19:54:06.0963 0x15b4  GameConsoleService - ok
19:54:07.0041 0x15b4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:54:07.0057 0x15b4  gpsvc - ok
19:54:07.0150 0x15b4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:07.0150 0x15b4  gupdate - ok
19:54:07.0182 0x15b4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:07.0197 0x15b4  gupdatem - ok
19:54:07.0213 0x15b4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:54:07.0213 0x15b4  hcw85cir - ok
19:54:07.0275 0x15b4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:54:07.0291 0x15b4  HDAudBus - ok
19:54:07.0306 0x15b4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:54:07.0306 0x15b4  HidBatt - ok
19:54:07.0322 0x15b4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:54:07.0322 0x15b4  HidBth - ok
19:54:07.0353 0x15b4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:54:07.0353 0x15b4  HidIr - ok
19:54:07.0369 0x15b4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:54:07.0369 0x15b4  hidserv - ok
19:54:07.0400 0x15b4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:54:07.0400 0x15b4  HidUsb - ok
19:54:07.0431 0x15b4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:54:07.0431 0x15b4  hkmsvc - ok
19:54:07.0478 0x15b4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:54:07.0478 0x15b4  HomeGroupListener - ok
19:54:07.0525 0x15b4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:54:07.0540 0x15b4  HomeGroupProvider - ok
19:54:07.0556 0x15b4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:54:07.0556 0x15b4  HpSAMD - ok
19:54:07.0650 0x15b4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:54:07.0681 0x15b4  HTTP - ok
19:54:07.0681 0x15b4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:54:07.0681 0x15b4  hwpolicy - ok
19:54:07.0728 0x15b4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:54:07.0728 0x15b4  i8042prt - ok
19:54:07.0759 0x15b4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:54:07.0774 0x15b4  iaStorV - ok
19:54:07.0821 0x15b4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:54:07.0837 0x15b4  idsvc - ok
19:54:07.0852 0x15b4  IEEtwCollectorService - ok
19:54:07.0884 0x15b4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:54:07.0884 0x15b4  iirsp - ok
19:54:07.0930 0x15b4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:54:07.0962 0x15b4  IKEEXT - ok
19:54:08.0040 0x15b4  [ 31C32BC56D85D109EBB0C526BE5CACA7, E09A338EAEFD615FDB755B57F02E6033A2E5B6849BA3D66803286424F7D91EBE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:54:08.0071 0x15b4  IntcAzAudAddService - ok
19:54:08.0102 0x15b4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:54:08.0102 0x15b4  intelide - ok
19:54:08.0133 0x15b4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:54:08.0133 0x15b4  intelppm - ok
19:54:08.0227 0x15b4  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:54:08.0227 0x15b4  IntuitUpdateServiceV4 - ok
19:54:08.0258 0x15b4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:54:08.0258 0x15b4  IPBusEnum - ok
19:54:08.0305 0x15b4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:08.0305 0x15b4  IpFilterDriver - ok
19:54:08.0352 0x15b4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:54:08.0367 0x15b4  iphlpsvc - ok
19:54:08.0398 0x15b4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:54:08.0398 0x15b4  IPMIDRV - ok
19:54:08.0430 0x15b4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:54:08.0430 0x15b4  IPNAT - ok
19:54:08.0461 0x15b4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:54:08.0461 0x15b4  IRENUM - ok
19:54:08.0476 0x15b4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:54:08.0476 0x15b4  isapnp - ok
19:54:08.0508 0x15b4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:54:08.0508 0x15b4  iScsiPrt - ok
19:54:08.0523 0x15b4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:54:08.0523 0x15b4  kbdclass - ok
19:54:08.0539 0x15b4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:54:08.0539 0x15b4  kbdhid - ok
19:54:08.0570 0x15b4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
19:54:08.0570 0x15b4  KeyIso - ok
19:54:08.0601 0x15b4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:54:08.0601 0x15b4  KSecDD - ok
19:54:08.0617 0x15b4  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:54:08.0632 0x15b4  KSecPkg - ok
19:54:08.0632 0x15b4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:54:08.0648 0x15b4  ksthunk - ok
19:54:08.0664 0x15b4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:54:08.0679 0x15b4  KtmRm - ok
19:54:08.0710 0x15b4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:54:08.0710 0x15b4  LanmanServer - ok
19:54:08.0757 0x15b4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:54:08.0773 0x15b4  LanmanWorkstation - ok
19:54:09.0054 0x15b4  [ 3C879D04BB6466E2853C3155B635CC45, 1CDBEA6EE711F159A93FD5460024ACA512BEC263611F726ACE0475ED066757F6 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
19:54:09.0178 0x15b4  LeapFrog Connect Device Service - ok
19:54:09.0225 0x15b4  [ 797289607A5EBF31353AA5EAD141F872, 4E3F8635F61DBFEEA3737EEB013F3B0A07B044A6F0D49901EB476B3904E98D2A ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
19:54:09.0225 0x15b4  Leapfrog-USBLAN - ok
19:54:09.0272 0x15b4  [ 108333981C841EB0FF198AA5DFCF3D3B, 726B4BEA813F18668A0682D1D427F6E3676A2EA2501EB7E64199B65D23F45FC8 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:54:09.0272 0x15b4  LightScribeService - ok
19:54:09.0319 0x15b4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:54:09.0319 0x15b4  lltdio - ok
19:54:09.0350 0x15b4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:54:09.0381 0x15b4  lltdsvc - ok
19:54:09.0397 0x15b4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:54:09.0397 0x15b4  lmhosts - ok
19:54:09.0428 0x15b4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:54:09.0428 0x15b4  LSI_FC - ok
19:54:09.0444 0x15b4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:54:09.0444 0x15b4  LSI_SAS - ok
19:54:09.0459 0x15b4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:54:09.0459 0x15b4  LSI_SAS2 - ok
19:54:09.0475 0x15b4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:54:09.0475 0x15b4  LSI_SCSI - ok
19:54:09.0506 0x15b4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:54:09.0522 0x15b4  luafv - ok
19:54:09.0553 0x15b4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:54:09.0553 0x15b4  Mcx2Svc - ok
19:54:09.0631 0x15b4  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:54:09.0631 0x15b4  MDM - ok
19:54:09.0646 0x15b4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:54:09.0662 0x15b4  megasas - ok
19:54:09.0678 0x15b4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:54:09.0678 0x15b4  MegaSR - ok
19:54:09.0709 0x15b4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:54:09.0709 0x15b4  MMCSS - ok
19:54:09.0724 0x15b4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:54:09.0724 0x15b4  Modem - ok
19:54:09.0756 0x15b4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:54:09.0756 0x15b4  monitor - ok
19:54:09.0771 0x15b4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:54:09.0771 0x15b4  mouclass - ok
19:54:09.0771 0x15b4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:54:09.0771 0x15b4  mouhid - ok
19:54:09.0818 0x15b4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:54:09.0818 0x15b4  mountmgr - ok
19:54:09.0834 0x15b4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:54:09.0834 0x15b4  mpio - ok
19:54:09.0849 0x15b4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:54:09.0865 0x15b4  mpsdrv - ok
19:54:09.0912 0x15b4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:54:09.0927 0x15b4  MpsSvc - ok
19:54:09.0958 0x15b4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:54:09.0974 0x15b4  MRxDAV - ok
19:54:09.0990 0x15b4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:54:10.0005 0x15b4  mrxsmb - ok
19:54:10.0052 0x15b4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:54:10.0083 0x15b4  mrxsmb10 - ok
19:54:10.0099 0x15b4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:54:10.0099 0x15b4  mrxsmb20 - ok
19:54:10.0130 0x15b4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:54:10.0146 0x15b4  msahci - ok
19:54:10.0177 0x15b4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:54:10.0192 0x15b4  msdsm - ok
19:54:10.0208 0x15b4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:54:10.0208 0x15b4  MSDTC - ok
19:54:10.0255 0x15b4  [ 72949A24D37A20A54B3D4D3DADBB55E9, 580B59EF2DFA4F6EE27BA37904F0705CBCD74F9B07D2D795093C045F94AE6DB5 ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
19:54:10.0255 0x15b4  MSDV - ok
19:54:10.0270 0x15b4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:54:10.0270 0x15b4  Msfs - ok
19:54:10.0286 0x15b4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:54:10.0286 0x15b4  mshidkmdf - ok
19:54:10.0317 0x15b4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:54:10.0317 0x15b4  msisadrv - ok
19:54:10.0348 0x15b4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:54:10.0348 0x15b4  MSiSCSI - ok
19:54:10.0348 0x15b4  msiserver - ok
19:54:10.0364 0x15b4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:54:10.0380 0x15b4  MSKSSRV - ok
19:54:10.0395 0x15b4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:54:10.0395 0x15b4  MSPCLOCK - ok
19:54:10.0395 0x15b4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:54:10.0395 0x15b4  MSPQM - ok
19:54:10.0442 0x15b4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:54:10.0442 0x15b4  MsRPC - ok
19:54:10.0458 0x15b4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:54:10.0458 0x15b4  mssmbios - ok
19:54:10.0473 0x15b4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:54:10.0473 0x15b4  MSTEE - ok
19:54:10.0473 0x15b4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:54:10.0489 0x15b4  MTConfig - ok
19:54:10.0489 0x15b4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:54:10.0489 0x15b4  Mup - ok
19:54:10.0536 0x15b4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:54:10.0536 0x15b4  napagent - ok
19:54:10.0582 0x15b4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:54:10.0582 0x15b4  NativeWifiP - ok
19:54:10.0645 0x15b4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:54:10.0660 0x15b4  NDIS - ok
19:54:10.0676 0x15b4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:54:10.0676 0x15b4  NdisCap - ok
19:54:10.0692 0x15b4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:54:10.0692 0x15b4  NdisTapi - ok
19:54:10.0738 0x15b4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:54:10.0738 0x15b4  Ndisuio - ok
19:54:10.0785 0x15b4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:54:10.0801 0x15b4  NdisWan - ok
19:54:10.0832 0x15b4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:54:10.0832 0x15b4  NDProxy - ok
19:54:10.0848 0x15b4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:54:10.0848 0x15b4  NetBIOS - ok
19:54:10.0894 0x15b4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:54:10.0910 0x15b4  NetBT - ok
19:54:10.0926 0x15b4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
19:54:10.0926 0x15b4  Netlogon - ok
19:54:10.0957 0x15b4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:54:10.0972 0x15b4  Netman - ok
19:54:11.0004 0x15b4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:54:11.0004 0x15b4  NetMsmqActivator - ok
19:54:11.0004 0x15b4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:54:11.0019 0x15b4  NetPipeActivator - ok
19:54:11.0050 0x15b4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:54:11.0050 0x15b4  netprofm - ok
19:54:11.0082 0x15b4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:54:11.0082 0x15b4  NetTcpActivator - ok
19:54:11.0097 0x15b4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:54:11.0097 0x15b4  NetTcpPortSharing - ok
19:54:11.0113 0x15b4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:54:11.0113 0x15b4  nfrd960 - ok
19:54:11.0144 0x15b4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:54:11.0160 0x15b4  NlaSvc - ok
19:54:11.0175 0x15b4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:54:11.0175 0x15b4  Npfs - ok
19:54:11.0191 0x15b4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:54:11.0191 0x15b4  nsi - ok
19:54:11.0191 0x15b4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:54:11.0191 0x15b4  nsiproxy - ok
19:54:11.0284 0x15b4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:54:11.0316 0x15b4  Ntfs - ok
19:54:11.0331 0x15b4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:54:11.0331 0x15b4  Null - ok
19:54:11.0690 0x15b4  [ 1CF597C9F0745735A6C5181ECB83706E, D07D7F7900CB5FF4DFC002BA2CB3C8E3D35158E6EAA96E68469DEA9F77876C76 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:54:11.0924 0x15b4  nvlddmkm - ok
19:54:11.0971 0x15b4  [ 9C3024E48DB4C98E50AF7D8B72D0EF89, 095DE80F56E87B951BDE4DBAD91D9303EE79812333CA80C6310A67A50A884743 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
19:54:11.0986 0x15b4  NVNET - ok
19:54:12.0018 0x15b4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:54:12.0018 0x15b4  nvraid - ok
19:54:12.0033 0x15b4  [ AFDE3015BB8D76E26BEC3B287C5443A0, 6D4804392149EA9B8BC555D4BEBB84A39DE14E62ACCD7EEBBE21D2D8E37E32B0 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
19:54:12.0033 0x15b4  nvsmu - ok
19:54:12.0064 0x15b4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:54:12.0080 0x15b4  nvstor - ok
19:54:12.0142 0x15b4  [ E71CFA7AE5E7518E29073D7C20A8FCA1, 99CA07BD14D2932E007039A43289020B3A7D7BBFB92DC8D28AD38EB393894AEE ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:54:12.0174 0x15b4  nvsvc - ok
19:54:12.0189 0x15b4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:54:12.0189 0x15b4  nv_agp - ok
19:54:12.0205 0x15b4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:54:12.0205 0x15b4  ohci1394 - ok
19:54:12.0236 0x15b4  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:54:12.0236 0x15b4  ose - ok
19:54:12.0267 0x15b4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:54:12.0267 0x15b4  p2pimsvc - ok
19:54:12.0298 0x15b4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:54:12.0314 0x15b4  p2psvc - ok
19:54:12.0330 0x15b4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:54:12.0330 0x15b4  Parport - ok
19:54:12.0361 0x15b4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:54:12.0361 0x15b4  partmgr - ok
19:54:12.0376 0x15b4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:54:12.0392 0x15b4  PcaSvc - ok
19:54:12.0408 0x15b4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:54:12.0408 0x15b4  pci - ok
19:54:12.0423 0x15b4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:54:12.0423 0x15b4  pciide - ok
19:54:12.0486 0x15b4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:54:12.0486 0x15b4  pcmcia - ok
19:54:12.0517 0x15b4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:54:12.0517 0x15b4  pcw - ok
19:54:12.0532 0x15b4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:54:12.0548 0x15b4  PEAUTH - ok
19:54:12.0595 0x15b4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:54:12.0595 0x15b4  PerfHost - ok
19:54:12.0720 0x15b4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:54:12.0751 0x15b4  pla - ok
19:54:12.0798 0x15b4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:54:12.0829 0x15b4  PlugPlay - ok
19:54:12.0844 0x15b4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:54:12.0844 0x15b4  PNRPAutoReg - ok
19:54:12.0860 0x15b4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:54:12.0876 0x15b4  PNRPsvc - ok
19:54:12.0907 0x15b4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:54:12.0922 0x15b4  PolicyAgent - ok
19:54:12.0938 0x15b4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:54:12.0938 0x15b4  Power - ok
19:54:13.0000 0x15b4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:54:13.0000 0x15b4  PptpMiniport - ok
19:54:13.0016 0x15b4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:54:13.0016 0x15b4  Processor - ok
19:54:13.0094 0x15b4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:54:13.0110 0x15b4  ProfSvc - ok
19:54:13.0110 0x15b4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:54:13.0125 0x15b4  ProtectedStorage - ok
19:54:13.0172 0x15b4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:54:13.0172 0x15b4  Psched - ok
19:54:13.0406 0x15b4  [ 014B6D8DCB02B30119C38731A3ACF5B9, FF9BC927ECE87763F5E708F7EC9188E0F3C126519B23FE1B8C8F5C233C2BBB2A ] qengine         C:\Program Files (x86)\Qustodio\qproxy\qengine.exe
19:54:13.0484 0x15b4  qengine - ok
19:54:13.0562 0x15b4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:54:13.0593 0x15b4  ql2300 - ok
19:54:13.0624 0x15b4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:54:13.0624 0x15b4  ql40xx - ok
19:54:13.0734 0x15b4  [ 27902DA700AD8216942FC2672960BDE1, 727512E8F81E40FDE384187A37FC4CF5CA3FF7A703966D4D4E774E94043474F0 ] qupdate         C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe
19:54:13.0780 0x15b4  qupdate - ok
19:54:13.0812 0x15b4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:54:13.0812 0x15b4  QWAVE - ok
19:54:13.0843 0x15b4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:54:13.0843 0x15b4  QWAVEdrv - ok
19:54:13.0874 0x15b4  [ 16C0D37948070BF8BA2C8E4FEFBCB75C, 711D8297CEF55BF17ED1C4FC5A8D155B0168E615EE2040B4CA8AD9569B3D214A ] qwdf64          C:\Windows\system32\Drivers\qwdf64.sys
19:54:13.0874 0x15b4  qwdf64 - ok
19:54:13.0936 0x15b4  [ F4E28A6A888B9BA88C5AB9867E501824, 941798C122466D944DA1C455A9A1C90F7247D4A46AE6B1362191F655C439AC52 ] qwdr64          C:\Windows\system32\Drivers\qwdr64.sys
19:54:13.0936 0x15b4  qwdr64 - ok
19:54:13.0968 0x15b4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:54:13.0968 0x15b4  RasAcd - ok
19:54:13.0999 0x15b4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:54:14.0014 0x15b4  RasAgileVpn - ok
19:54:14.0030 0x15b4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:54:14.0046 0x15b4  RasAuto - ok
19:54:14.0077 0x15b4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:14.0092 0x15b4  Rasl2tp - ok
19:54:14.0155 0x15b4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:54:14.0170 0x15b4  RasMan - ok
19:54:14.0186 0x15b4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:54:14.0186 0x15b4  RasPppoe - ok
19:54:14.0202 0x15b4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:54:14.0202 0x15b4  RasSstp - ok
19:54:14.0217 0x15b4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:54:14.0233 0x15b4  rdbss - ok
19:54:14.0248 0x15b4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:54:14.0248 0x15b4  rdpbus - ok
19:54:14.0264 0x15b4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:54:14.0264 0x15b4  RDPCDD - ok
19:54:14.0280 0x15b4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:54:14.0280 0x15b4  RDPENCDD - ok
19:54:14.0295 0x15b4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:54:14.0311 0x15b4  RDPREFMP - ok
19:54:14.0342 0x15b4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:54:14.0342 0x15b4  RDPWD - ok
19:54:14.0373 0x15b4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:54:14.0389 0x15b4  rdyboost - ok
19:54:14.0420 0x15b4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:54:14.0420 0x15b4  RemoteAccess - ok
19:54:14.0436 0x15b4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:54:14.0436 0x15b4  RemoteRegistry - ok
19:54:14.0467 0x15b4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:54:14.0467 0x15b4  RpcEptMapper - ok
19:54:14.0482 0x15b4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:54:14.0482 0x15b4  RpcLocator - ok
19:54:14.0529 0x15b4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:54:14.0545 0x15b4  RpcSs - ok
19:54:14.0560 0x15b4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:54:14.0560 0x15b4  rspndr - ok
19:54:14.0607 0x15b4  [ 4A06585C8673F4458E9FBBC9DDDB4D28, D27CA2DD3187DF00C2CE3CC504C12E8055E9CA7B52268A3DE20BBC7D67F88AC5 ] RTL8187B        C:\Windows\system32\DRIVERS\wg111v3.sys
19:54:14.0607 0x15b4  RTL8187B - ok
19:54:14.0623 0x15b4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
19:54:14.0623 0x15b4  SamSs - ok
19:54:14.0654 0x15b4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:54:14.0654 0x15b4  sbp2port - ok
19:54:14.0670 0x15b4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:54:14.0685 0x15b4  SCardSvr - ok
19:54:14.0716 0x15b4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:54:14.0716 0x15b4  scfilter - ok
19:54:14.0826 0x15b4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:54:14.0872 0x15b4  Schedule - ok
19:54:14.0904 0x15b4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:54:14.0904 0x15b4  SCPolicySvc - ok
19:54:14.0950 0x15b4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:54:14.0950 0x15b4  SDRSVC - ok
19:54:14.0966 0x15b4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:54:14.0966 0x15b4  secdrv - ok
19:54:14.0982 0x15b4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:54:14.0982 0x15b4  seclogon - ok
19:54:14.0982 0x15b4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
19:54:14.0997 0x15b4  SENS - ok
19:54:14.0997 0x15b4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:54:14.0997 0x15b4  SensrSvc - ok
19:54:15.0028 0x15b4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:54:15.0028 0x15b4  Serenum - ok
19:54:15.0044 0x15b4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:54:15.0044 0x15b4  Serial - ok
19:54:15.0075 0x15b4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:54:15.0091 0x15b4  sermouse - ok
19:54:15.0122 0x15b4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:54:15.0138 0x15b4  SessionEnv - ok
19:54:15.0138 0x15b4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:54:15.0138 0x15b4  sffdisk - ok
19:54:15.0153 0x15b4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:54:15.0153 0x15b4  sffp_mmc - ok
19:54:15.0184 0x15b4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:54:15.0184 0x15b4  sffp_sd - ok
19:54:15.0184 0x15b4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:54:15.0200 0x15b4  sfloppy - ok
19:54:15.0231 0x15b4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:54:15.0231 0x15b4  SharedAccess - ok
19:54:15.0262 0x15b4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:54:15.0278 0x15b4  ShellHWDetection - ok
19:54:15.0294 0x15b4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:54:15.0294 0x15b4  SiSRaid2 - ok
19:54:15.0309 0x15b4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:54:15.0325 0x15b4  SiSRaid4 - ok
19:54:15.0356 0x15b4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:54:15.0356 0x15b4  Smb - ok
19:54:15.0372 0x15b4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:54:15.0387 0x15b4  SNMPTRAP - ok
19:54:15.0387 0x15b4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:54:15.0387 0x15b4  spldr - ok
19:54:15.0434 0x15b4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:54:15.0450 0x15b4  Spooler - ok
19:54:15.0606 0x15b4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:54:15.0684 0x15b4  sppsvc - ok
19:54:15.0699 0x15b4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:54:15.0699 0x15b4  sppuinotify - ok
19:54:15.0746 0x15b4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:54:15.0746 0x15b4  srv - ok
19:54:15.0777 0x15b4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:54:15.0777 0x15b4  srv2 - ok
19:54:15.0793 0x15b4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:54:15.0808 0x15b4  srvnet - ok
19:54:15.0824 0x15b4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:54:15.0824 0x15b4  SSDPSRV - ok
19:54:15.0840 0x15b4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:54:15.0840 0x15b4  SstpSvc - ok
19:54:15.0871 0x15b4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:54:15.0871 0x15b4  stexstor - ok
19:54:15.0949 0x15b4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:54:15.0980 0x15b4  stisvc - ok
19:54:16.0027 0x15b4  [ 04478EECA83AFAEB9C1712AEA2851D34, B30FED6E58412DD9BA4410CBC9FEEF066B9B4EA12CB8FE633CD9781E389DA443 ] svctcom         C:\Windows\SysWOW64\svctcom.exe
19:54:16.0042 0x15b4  svctcom - ok
19:54:16.0074 0x15b4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:54:16.0074 0x15b4  swenum - ok
19:54:16.0105 0x15b4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:54:16.0120 0x15b4  swprv - ok
19:54:16.0230 0x15b4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:54:16.0261 0x15b4  SysMain - ok
19:54:16.0292 0x15b4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:54:16.0292 0x15b4  TabletInputService - ok
19:54:16.0308 0x15b4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:54:16.0323 0x15b4  TapiSrv - ok
19:54:16.0339 0x15b4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:54:16.0339 0x15b4  TBS - ok
19:54:16.0417 0x15b4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:54:16.0448 0x15b4  Tcpip - ok
19:54:16.0526 0x15b4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:54:16.0557 0x15b4  TCPIP6 - ok
19:54:16.0604 0x15b4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:54:16.0604 0x15b4  tcpipreg - ok
19:54:16.0620 0x15b4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:54:16.0620 0x15b4  TDPIPE - ok
19:54:16.0651 0x15b4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:54:16.0651 0x15b4  TDTCP - ok
19:54:16.0682 0x15b4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:54:16.0682 0x15b4  tdx - ok
19:54:16.0698 0x15b4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:54:16.0698 0x15b4  TermDD - ok
19:54:16.0760 0x15b4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
19:54:16.0776 0x15b4  TermService - ok
19:54:16.0776 0x15b4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:54:16.0776 0x15b4  Themes - ok
19:54:16.0807 0x15b4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:54:16.0807 0x15b4  THREADORDER - ok
19:54:16.0822 0x15b4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:54:16.0822 0x15b4  TrkWks - ok
19:54:16.0854 0x15b4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:54:16.0854 0x15b4  TrustedInstaller - ok
19:54:16.0900 0x15b4  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:54:16.0900 0x15b4  tssecsrv - ok
19:54:16.0932 0x15b4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:54:16.0932 0x15b4  TsUsbFlt - ok
19:54:16.0994 0x15b4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:54:16.0994 0x15b4  tunnel - ok
19:54:17.0041 0x15b4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:54:17.0041 0x15b4  uagp35 - ok
19:54:17.0134 0x15b4  [ 3BD865754624EEA5AF13C4A114A7CAB8, 13CE6EBA86009451C8AF17EB5B038B60EF54C0072191EBA11B84537D9EAAA383 ] uagqecsvc       C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
19:54:17.0134 0x15b4  uagqecsvc - ok
19:54:17.0166 0x15b4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:54:17.0181 0x15b4  udfs - ok
19:54:17.0197 0x15b4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:54:17.0197 0x15b4  UI0Detect - ok
19:54:17.0228 0x15b4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:54:17.0228 0x15b4  uliagpkx - ok
19:54:17.0259 0x15b4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
19:54:17.0259 0x15b4  umbus - ok
19:54:17.0275 0x15b4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:54:17.0275 0x15b4  UmPass - ok
19:54:17.0306 0x15b4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:54:17.0306 0x15b4  upnphost - ok
19:54:17.0353 0x15b4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
19:54:17.0353 0x15b4  usbccgp - ok
19:54:17.0384 0x15b4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:54:17.0384 0x15b4  usbcir - ok
19:54:17.0415 0x15b4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:54:17.0415 0x15b4  usbehci - ok
19:54:17.0446 0x15b4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:54:17.0446 0x15b4  usbhub - ok
19:54:17.0462 0x15b4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:54:17.0462 0x15b4  usbohci - ok
19:54:17.0493 0x15b4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:54:17.0493 0x15b4  usbprint - ok
19:54:17.0524 0x15b4  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:54:17.0524 0x15b4  usbscan - ok
19:54:17.0540 0x15b4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:54:17.0556 0x15b4  USBSTOR - ok
19:54:17.0587 0x15b4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:54:17.0587 0x15b4  usbuhci - ok
19:54:17.0602 0x15b4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:54:17.0602 0x15b4  UxSms - ok
19:54:17.0618 0x15b4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
19:54:17.0618 0x15b4  VaultSvc - ok
19:54:17.0634 0x15b4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:54:17.0634 0x15b4  vdrvroot - ok
19:54:17.0680 0x15b4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:54:17.0696 0x15b4  vds - ok
19:54:17.0727 0x15b4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:54:17.0727 0x15b4  vga - ok
19:54:17.0743 0x15b4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:54:17.0743 0x15b4  VgaSave - ok
19:54:17.0774 0x15b4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:54:17.0774 0x15b4  vhdmp - ok
19:54:17.0805 0x15b4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:54:17.0805 0x15b4  viaide - ok
19:54:17.0821 0x15b4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:54:17.0821 0x15b4  volmgr - ok
19:54:17.0883 0x15b4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:54:17.0899 0x15b4  volmgrx - ok
19:54:17.0930 0x15b4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:54:17.0946 0x15b4  volsnap - ok
19:54:17.0961 0x15b4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:54:17.0961 0x15b4  vsmraid - ok
19:54:18.0039 0x15b4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:54:18.0070 0x15b4  VSS - ok
19:54:18.0086 0x15b4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:54:18.0102 0x15b4  vwifibus - ok
19:54:18.0117 0x15b4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:54:18.0117 0x15b4  vwififlt - ok
19:54:18.0148 0x15b4  [ 81843561A47A00AA302BFB7C5B678126, FBB1988CAD594EFFDA71DF212CD110B73E1D88DAABD4FE5931AE8538D8BFE7EC ] vzandnetdiag    C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys
19:54:18.0148 0x15b4  vzandnetdiag - ok
19:54:18.0164 0x15b4  [ 777178A779D1B7FFCE9E22487066FB85, FCE11FA7A21E9C514116EB4D3F45A7301EEDC01FC128A9301E94789DC856334D ] vzandnetdiag2   C:\Windows\system32\DRIVERS\lgvzandnetdiag264.sys
19:54:18.0180 0x15b4  vzandnetdiag2 - ok
19:54:18.0180 0x15b4  [ 818CA779C2457F328335FA48D507EF07, 71AD8F83A08ABEECFE335B43A74EFEF69D00FF5DD57F1C08C8ABC54278F2AD4F ] vzandnetmodem   C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys
19:54:18.0180 0x15b4  vzandnetmodem - ok
19:54:18.0226 0x15b4  [ 2862F437E09E0DDB3A9772ABC57F160D, 5D581D4A7A042FBC7FC8134A0E21400D924527A452CA5FE66F0F1AB589EDEA5E ] vzandnetndis    C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys
19:54:18.0242 0x15b4  vzandnetndis - ok
19:54:18.0289 0x15b4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:54:18.0304 0x15b4  W32Time - ok
19:54:18.0336 0x15b4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:54:18.0336 0x15b4  WacomPen - ok
19:54:18.0367 0x15b4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:54:18.0367 0x15b4  WANARP - ok
19:54:18.0382 0x15b4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:54:18.0382 0x15b4  Wanarpv6 - ok
19:54:18.0445 0x15b4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:54:18.0460 0x15b4  WatAdminSvc - ok
19:54:18.0523 0x15b4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:54:18.0554 0x15b4  wbengine - ok
19:54:18.0585 0x15b4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:54:18.0585 0x15b4  WbioSrvc - ok
19:54:18.0648 0x15b4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:54:18.0663 0x15b4  wcncsvc - ok
19:54:18.0663 0x15b4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:54:18.0679 0x15b4  WcsPlugInService - ok
19:54:18.0694 0x15b4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:54:18.0694 0x15b4  Wd - ok
19:54:18.0757 0x15b4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:54:18.0772 0x15b4  Wdf01000 - ok
19:54:18.0804 0x15b4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:54:18.0804 0x15b4  WdiServiceHost - ok
19:54:18.0804 0x15b4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:54:18.0819 0x15b4  WdiSystemHost - ok
19:54:18.0850 0x15b4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
19:54:18.0850 0x15b4  WebClient - ok
19:54:18.0866 0x15b4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:54:18.0882 0x15b4  Wecsvc - ok
19:54:18.0897 0x15b4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:54:18.0897 0x15b4  wercplsupport - ok
19:54:18.0913 0x15b4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:54:18.0928 0x15b4  WerSvc - ok
19:54:18.0944 0x15b4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:54:18.0944 0x15b4  WfpLwf - ok
19:54:18.0960 0x15b4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:54:18.0960 0x15b4  WIMMount - ok
19:54:18.0975 0x15b4  WinDefend - ok
19:54:18.0991 0x15b4  WinHttpAutoProxySvc - ok
19:54:19.0038 0x15b4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:54:19.0038 0x15b4  Winmgmt - ok
19:54:19.0147 0x15b4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:54:19.0194 0x15b4  WinRM - ok
19:54:19.0240 0x15b4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:54:19.0240 0x15b4  WinUsb - ok
19:54:19.0272 0x15b4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:54:19.0287 0x15b4  Wlansvc - ok
19:54:19.0303 0x15b4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:54:19.0303 0x15b4  WmiAcpi - ok
19:54:19.0318 0x15b4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:54:19.0318 0x15b4  wmiApSrv - ok
19:54:19.0334 0x15b4  WMPNetworkSvc - ok
19:54:19.0350 0x15b4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:54:19.0350 0x15b4  WPCSvc - ok
19:54:19.0396 0x15b4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:54:19.0396 0x15b4  WPDBusEnum - ok
19:54:19.0412 0x15b4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:54:19.0412 0x15b4  ws2ifsl - ok
19:54:19.0443 0x15b4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
19:54:19.0443 0x15b4  wscsvc - ok
19:54:19.0443 0x15b4  WSearch - ok
19:54:19.0568 0x15b4  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:54:19.0615 0x15b4  wuauserv - ok
19:54:19.0646 0x15b4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:54:19.0646 0x15b4  WudfPf - ok
19:54:19.0677 0x15b4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:54:19.0677 0x15b4  WUDFRd - ok
19:54:19.0693 0x15b4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:54:19.0708 0x15b4  wudfsvc - ok
19:54:19.0740 0x15b4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:54:19.0740 0x15b4  WwanSvc - ok
19:54:19.0786 0x15b4  ================ Scan global ===============================
19:54:19.0802 0x15b4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:54:19.0833 0x15b4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:54:19.0849 0x15b4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:54:19.0880 0x15b4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:54:19.0896 0x15b4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:54:19.0911 0x15b4  [ Global ] - ok
19:54:19.0911 0x15b4  ================ Scan MBR ==================================
19:54:19.0911 0x15b4  [ 2968C961DB611E2C5DD24F51B6C2F440 ] \Device\Harddisk0\DR0
19:54:20.0161 0x15b4  \Device\Harddisk0\DR0 - ok
19:54:20.0161 0x15b4  ================ Scan VBR ==================================
19:54:20.0176 0x15b4  [ EA70B3A6EA324020763660B7F3A4495F ] \Device\Harddisk0\DR0\Partition1
19:54:20.0208 0x15b4  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
19:54:20.0208 0x15b4  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
19:54:20.0223 0x15b4  [ 2DC66E5E798D70E63C2FA6A137B1C1E8 ] \Device\Harddisk0\DR0\Partition2
19:54:20.0301 0x15b4  \Device\Harddisk0\DR0\Partition2 - ok
19:54:20.0301 0x15b4  [ 827D90683C159018F5F5E80BE9535AA0 ] \Device\Harddisk0\DR0\Partition3
19:54:20.0301 0x15b4  \Device\Harddisk0\DR0\Partition3 - ok
19:54:20.0301 0x15b4  ================ Scan generic autorun ======================
19:54:20.0317 0x15b4  NvCplDaemon - ok
19:54:20.0520 0x15b4  [ E9D228970356F01DB68E531A0F173FB8, B23032DFEA446CF4D5E75D6CC3F049314EC9EB2D4E9BEB1883D4AC4BC2631A6B ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
19:54:20.0598 0x15b4  CanonMyPrinter - ok
19:54:20.0707 0x15b4  [ 605BB2B2A2171D3F5748F4919E80E6C7, 4EBAAE4E2122048603D058C83E32C56F64F8FB9E7B9BB2F83E659BFFD7CB12EE ] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe
19:54:20.0738 0x15b4  CanonSolutionMenu - ok
19:54:20.0785 0x15b4  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
19:54:20.0785 0x15b4  hpsysdrv - ok
19:54:20.0847 0x15b4  [ 013F05784A4BD193C9CD1817ACC31B6B, 850E8CC4BB942D46CEDAFE6F43B3ECDD5E3DA8DECAD2802A929A9910E02D2842 ] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
19:54:20.0863 0x15b4  HP Remote Solution - ok
19:54:20.0910 0x15b4  [ E8F915D5140A75ABFF036BBF9D0941AD, CACAF7542A1616C43929435BC71797636A2829595967B255F856A146B63A1B2C ] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
19:54:20.0925 0x15b4  NortonOnlineBackupReminder - ok
19:54:20.0956 0x15b4  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
19:54:20.0956 0x15b4  UpdatePRCShortCut - ok
19:54:21.0003 0x15b4  [ BB73B4A6D4A9F1410563D1BA4D53E7CA, 38641DF5215C770B30FEC045D930835CF8DC72F2F6CA30A85AD08B5D6B26AD33 ] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
19:54:21.0003 0x15b4  IJNetworkScanUtility - ok
19:54:21.0034 0x15b4  [ 85DE9B0E4583AA1E34C1834ED56DD2A6, 8CC92D38B2BFCC44619CE6076AAF16F00DEB665A54F1987ED1596D44A0D8D617 ] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
19:54:21.0050 0x15b4  Monitor - ok
19:54:21.0128 0x15b4  [ 141049FEDB7E083AB10E5C4D3762EC1B, D85C4DAC22B7DE3E5F4A7EB756D0DB1C1C024BF136A602F481E0C2731FA77934 ] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
19:54:21.0144 0x15b4  BYRUA_AGENT - ok
19:54:21.0144 0x15b4  ROC_roc_ssl_v12 - ok
19:54:21.0393 0x15b4  [ C8F0DCA0E032881B6C4422B502194629, 32996D4C0578FA9A12F3BD205F69E5357A31FBD2C9AC47DA2AB8D77196E587B1 ] C:\Program Files (x86)\AVG\AVG2014\avgui.exe
19:54:21.0565 0x15b4  AVG_UI - ok
19:54:21.0705 0x15b4  [ 9808FB2DD54BDF03EC605881F71C8D64, 5A10B1FF7048C9746E4E9DDA7D0D9F3C649F5CC3C88F2BDA6E2467F661935DA4 ] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
19:54:21.0799 0x15b4  InstaLAN - ok
19:54:21.0939 0x15b4  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:54:21.0970 0x15b4  Adobe ARM - ok
19:54:22.0064 0x15b4  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:54:22.0080 0x15b4  SunJavaUpdateSched - ok
19:54:22.0251 0x15b4  [ 10FF8B1FFF90B750F74506D2AF77C039, A376297D9F5CD0B4F2F93F2FE46E2BD14A04BE36C28294DEE5A7E0B6B56AA0A8 ] C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe
19:54:22.0392 0x15b4  QAppTray - ok
19:54:22.0407 0x15b4  [ 4DA2F2DA54A92850F56C0DB712058188, 9FB9BD1D9874DD64A627FFBE7B54B753D5496425BB595A112D0E17601A5E86A0 ] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe
19:54:22.0423 0x15b4  Malwarebytes Anti-Malware (cleanup) - ok
19:54:22.0516 0x15b4  [ 4ADCFEE16EE9978F06157634669D36FB, 57A3854CB96A6081FAF68BF2335049C20E0BBEB506DBD1F82882DD1908D411FD ] C:\Users\Jason\Documents\OTL.exe
19:54:22.0532 0x15b4  OTL - ok
19:54:22.0594 0x15b4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:54:22.0626 0x15b4  Sidebar - ok
19:54:22.0672 0x15b4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:54:22.0672 0x15b4  mctadmin - ok
19:54:22.0719 0x15b4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:54:22.0750 0x15b4  Sidebar - ok
19:54:22.0750 0x15b4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:54:22.0750 0x15b4  mctadmin - ok
19:54:22.0766 0x15b4  AVG-Secure-Search-Update_1113a - ok
19:54:22.0766 0x15b4  HPADVISOR - ok
19:54:22.0813 0x15b4  [ 5D2D3856B417DEA1F0B8847DA0C7AAC3, 6712243D56813D96DFEB8F36CED89BA68FDDB6226BE0E904F3CE9D105A2D0881 ] C:\AdwCleaner\AdwCleaner[S2].txt
19:54:22.0813 0x15b4  Report - ok
19:54:22.0813 0x15b4  HPADVISOR - ok
19:54:22.0813 0x15b4  HPADVISOR - ok
19:54:22.0860 0x15b4  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4592 ), 0x41000 ( enabled : updated )
19:54:22.0875 0x15b4  Win FW state via NFP2: enabled
19:54:22.0875 0x15b4  ============================================================
19:54:22.0875 0x15b4  Scan finished
19:54:22.0875 0x15b4  ============================================================
19:54:22.0891 0x14c8  Detected object count: 1
19:54:22.0891 0x14c8  Actual detected object count: 1
19:54:35.0542 0x14c8  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
19:54:35.0667 0x14c8  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
19:54:35.0776 0x14c8  \Device\Harddisk0\DR0\Partition1 - ok
19:54:35.0776 0x14c8  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
19:54:36.0681 0x14c8  KLMD registered as C:\Windows\system32\drivers\77298242.sys
19:54:44.0434 0x1760  Deinitialize success



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 AM

Posted 26 June 2014 - 10:24 AM

Hi

 

Do you want me to post the TDSSKiller log from a week ago?

 

 

Yes can you post me this log.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 jgreene6

jgreene6
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 27 June 2014 - 08:59 AM

It didn't find anything.  But, here is the log.

 

21:20:03.0170 0x29b0  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
21:20:08.0928 0x29b0  ============================================================
21:20:08.0928 0x29b0  Current date / time: 2014/06/19 21:20:08.0928
21:20:08.0928 0x29b0  SystemInfo:
21:20:08.0928 0x29b0 
21:20:08.0928 0x29b0  OS Version: 6.1.7601 ServicePack: 1.0
21:20:08.0928 0x29b0  Product type: Workstation
21:20:08.0929 0x29b0  ComputerName: JASON-PC
21:20:08.0961 0x29b0  UserName: Rachel
21:20:08.0961 0x29b0  Windows directory: C:\Windows
21:20:08.0961 0x29b0  System windows directory: C:\Windows
21:20:08.0961 0x29b0  Running under WOW64
21:20:08.0961 0x29b0  Processor architecture: Intel x64
21:20:08.0961 0x29b0  Number of processors: 4
21:20:08.0961 0x29b0  Page size: 0x1000
21:20:08.0961 0x29b0  Boot type: Normal boot
21:20:08.0961 0x29b0  ============================================================
21:20:27.0138 0x29b0  KLMD registered as C:\Windows\system32\drivers\36203610.sys
21:20:28.0567 0x29b0  System UUID: {185ADB77-42C7-40E7-5C8C-482BDC7C27AC}
21:20:30.0670 0x29b0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:20:30.0708 0x29b0  ============================================================
21:20:30.0708 0x29b0  \Device\Harddisk0\DR0:
21:20:30.0715 0x29b0  MBR partitions:
21:20:30.0715 0x29b0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FA000
21:20:30.0715 0x29b0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3FBC04, BlocksNum 0x72D3CAEE
21:20:30.0715 0x29b0  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x73138800, BlocksNum 0x15CD800
21:20:30.0715 0x29b0  ============================================================
21:20:30.0788 0x29b0  C: <-> \Device\Harddisk0\DR0\Partition2
21:20:30.0965 0x29b0  D: <-> \Device\Harddisk0\DR0\Partition3
21:20:30.0965 0x29b0  ============================================================
21:20:30.0965 0x29b0  Initialize success
21:20:30.0965 0x29b0  ============================================================
21:20:44.0022 0x2d08  ============================================================
21:20:44.0022 0x2d08  Scan started
21:20:44.0022 0x2d08  Mode: Manual;
21:20:44.0022 0x2d08  ============================================================
21:20:44.0022 0x2d08  KSN ping started
21:20:58.0289 0x2d08  KSN ping finished: true
21:21:12.0487 0x2d08  ================ Scan system memory ========================
21:21:12.0487 0x2d08  Scan was interrupted by user!
21:21:12.0765 0x2d08  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4592 ), 0x41000 ( enabled : updated )
21:21:12.0866 0x2d08  Win FW state via NFP2: enabled
21:21:16.0061 0x2d08  ============================================================
21:21:16.0061 0x2d08  Scan finished
21:21:16.0061 0x2d08  ============================================================
21:21:16.0090 0x2d00  Detected object count: 0
21:21:16.0091 0x2d00  Actual detected object count: 0
21:23:28.0836 0x28e4  Deinitialize success



#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 AM

Posted 27 June 2014 - 02:17 PM

Hi  jgreene6
 
Step 1
 
Please re-run TDSSKiller. When the scan has completed, please post the log in your next reply
 
 
Step 2
 
Download aswMBR and save it to your desktop.

  • Double click the aswMBR.exe to run it.
  • The latest version gives you the option of adding the latest Avast definitions:

    03-07-201116-24-19.png
  • It is recommended at this time to click NO. ( as there is a possibility of crashing the system)
  • Click the Scan button to start scan.

asw1.gif

On completion of the scan click Save log and save it to your desktop.

asw2.gif

Please post this in your reply.

NOTE:
aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Step 3
 
Please Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 jgreene6

jgreene6
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 27 June 2014 - 07:16 PM

TDSSkiller didn't find anything, the log is shown below.  The log for aswMBR is shown below as well.  When I attempted to go to the system recovery options I was not allowed.  After selecting "repair your computer"  the screen displayed:

 

Windows Boot Manager

 

Windows failed to start.  A recent hardware or software change might be the cause.  To fix this problem:

1.  insert your windows installation disc and restart your computer

2.  Choose your language settings, and then click "next."

3.  Click "repair your computer."

 

If you do not have this disc, contact your system administrator or computer manufacturer for assistance 

 

Status: 0xc000000f

Info: The boot selection failed because a required device is inaccessible.

 

After this screen appears, the only option is to start windows normally.  Here are the logs:

 

19:36:26.0916 0x1b60  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
19:36:31.0965 0x1b60  ============================================================
19:36:31.0965 0x1b60  Current date / time: 2014/06/27 19:36:31.0965
19:36:31.0965 0x1b60  SystemInfo:
19:36:31.0965 0x1b60 
19:36:31.0965 0x1b60  OS Version: 6.1.7601 ServicePack: 1.0
19:36:31.0965 0x1b60  Product type: Workstation
19:36:31.0965 0x1b60  ComputerName: JASON-PC
19:36:31.0965 0x1b60  UserName: Rachel
19:36:31.0965 0x1b60  Windows directory: C:\Windows
19:36:31.0965 0x1b60  System windows directory: C:\Windows
19:36:31.0965 0x1b60  Running under WOW64
19:36:31.0965 0x1b60  Processor architecture: Intel x64
19:36:31.0965 0x1b60  Number of processors: 4
19:36:31.0965 0x1b60  Page size: 0x1000
19:36:31.0965 0x1b60  Boot type: Normal boot
19:36:31.0965 0x1b60  ============================================================
19:36:38.0095 0x1b60  KLMD registered as C:\Windows\system32\drivers\78968814.sys
19:36:38.0443 0x1b60  System UUID: {185ADB77-42C7-40E7-5C8C-482BDC7C27AC}
19:36:38.0974 0x1b60  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:36:39.0005 0x1b60  ============================================================
19:36:39.0005 0x1b60  \Device\Harddisk0\DR0:
19:36:39.0005 0x1b60  MBR partitions:
19:36:39.0005 0x1b60  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FA000
19:36:39.0005 0x1b60  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3FBC04, BlocksNum 0x72D3CAEE
19:36:39.0005 0x1b60  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x73138800, BlocksNum 0x15CD800
19:36:39.0005 0x1b60  ============================================================
19:36:39.0067 0x1b60  C: <-> \Device\Harddisk0\DR0\Partition2
19:36:39.0098 0x1b60  D: <-> \Device\Harddisk0\DR0\Partition3
19:36:39.0098 0x1b60  ============================================================
19:36:39.0098 0x1b60  Initialize success
19:36:39.0098 0x1b60  ============================================================
19:36:51.0811 0x070c  ============================================================
19:36:51.0811 0x070c  Scan started
19:36:51.0811 0x070c  Mode: Manual;
19:36:51.0811 0x070c  ============================================================
19:36:51.0811 0x070c  KSN ping started
19:37:06.0661 0x070c  KSN ping finished: true
19:37:08.0444 0x070c  ================ Scan system memory ========================
19:37:08.0444 0x070c  System memory - ok
19:37:08.0444 0x070c  ================ Scan services =============================
19:37:08.0600 0x070c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:37:08.0616 0x070c  1394ohci - ok
19:37:08.0694 0x070c  [ E0A8525A951ADDB4655BC2068566407D, 7C08B9DB7C281422FD64219DF81B7064CE16EA53CF00EB1FC33CB0741CE6605F ] 61883           C:\Windows\system32\DRIVERS\61883.sys
19:37:08.0694 0x070c  61883 - ok
19:37:08.0756 0x070c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:37:08.0772 0x070c  ACPI - ok
19:37:08.0803 0x070c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:37:08.0818 0x070c  AcpiPmi - ok
19:37:08.0881 0x070c  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:37:08.0881 0x070c  AdobeARMservice - ok
19:37:08.0990 0x070c  [ B5D8DE922237CEDDC7992297654A4BE4, 88EF0B5EBFB383C9069A29AEA8D76EDBE1E70DD6F7C18970EE01ECAE9F408B38 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:37:09.0021 0x070c  AdobeFlashPlayerUpdateSvc - ok
19:37:09.0052 0x070c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:37:09.0068 0x070c  adp94xx - ok
19:37:09.0099 0x070c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:37:09.0099 0x070c  adpahci - ok
19:37:09.0115 0x070c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:37:09.0115 0x070c  adpu320 - ok
19:37:09.0146 0x070c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:37:09.0162 0x070c  AeLookupSvc - ok
19:37:09.0224 0x070c  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
19:37:09.0224 0x070c  AFD - ok
19:37:09.0380 0x070c  [ 4F2688F7399DC9A8C3078887E359095E, 773F851D26855689AB43F6D4ACC5F832321C45BDA3A1B321F390DDF41B99590C ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
19:37:09.0396 0x070c  AffinegyService - ok
19:37:09.0442 0x070c  [ B65F8DBA54F251906BBE8611B5A0E7AB, 9ADE347CB4E7C33D668DAC79A316C97C78D94D296B158F481F3E32F9DA4D647E ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
19:37:09.0442 0x070c  AgereModemAudio - ok
19:37:09.0489 0x070c  [ 184E1AD35DBF9328ADD7D560A792E6E9, 4745062BD6430861FD62CB9C08F3D535A1AED79C3EDDDB48FE1555BC9353ADCA ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
19:37:09.0552 0x070c  AgereSoftModem - ok
19:37:09.0598 0x070c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:37:09.0614 0x070c  agp440 - ok
19:37:09.0630 0x070c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:37:09.0630 0x070c  ALG - ok
19:37:09.0661 0x070c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:37:09.0661 0x070c  aliide - ok
19:37:09.0692 0x070c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:37:09.0692 0x070c  amdide - ok
19:37:09.0723 0x070c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:37:09.0723 0x070c  AmdK8 - ok
19:37:09.0754 0x070c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:37:09.0770 0x070c  AmdPPM - ok
19:37:09.0786 0x070c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:37:09.0786 0x070c  amdsata - ok
19:37:09.0817 0x070c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:37:09.0817 0x070c  amdsbs - ok
19:37:09.0832 0x070c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:37:09.0832 0x070c  amdxata - ok
19:37:09.0864 0x070c  [ D69F1E9A944A5F46A494AF901ED41118, 162F7EFA30BF687585A2F4CB612CFAA24F5B7B8BEAF1A9FB9FE3E4988682228D ] androidusb      C:\Windows\system32\Drivers\motoandroid.sys
19:37:09.0926 0x070c  androidusb - ok
19:37:09.0957 0x070c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
19:37:09.0978 0x070c  AppID - ok
19:37:09.0993 0x070c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:37:09.0993 0x070c  AppIDSvc - ok
19:37:10.0025 0x070c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:37:10.0025 0x070c  Appinfo - ok
19:37:10.0056 0x070c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:37:10.0056 0x070c  arc - ok
19:37:10.0071 0x070c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:37:10.0087 0x070c  arcsas - ok
19:37:10.0181 0x070c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:37:10.0181 0x070c  aspnet_state - ok
19:37:10.0212 0x070c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:10.0227 0x070c  AsyncMac - ok
19:37:10.0259 0x070c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:37:10.0259 0x070c  atapi - ok
19:37:10.0337 0x070c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:37:10.0352 0x070c  AudioEndpointBuilder - ok
19:37:10.0368 0x070c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:37:10.0383 0x070c  AudioSrv - ok
19:37:10.0461 0x070c  [ 16FABE84916623D0607E4A975544032C, 9D960CAE27B1769ED5B024C0A3375912432521C73C1F59E21111596A7981BDC3 ] Avc             C:\Windows\system32\DRIVERS\avc.sys
19:37:10.0477 0x070c  Avc - ok
19:37:10.0539 0x070c  [ D89F8E4E025DAA0C39FF61AC0199E101, 0A80A572D93DBDE14CD5494EF3F866B44E9BC259D43EE23185E4FC227D08DE69 ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
19:37:10.0555 0x070c  Avgdiska - ok
19:37:10.0805 0x070c  [ 561CE09C52F6E945ED4CE7E173D1F542, 25FB1B55E22D4DF3B03B6D395B6C4749C03B950139767FA095C24234BD962782 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
19:37:10.0883 0x070c  AVGIDSAgent - ok
19:37:10.0929 0x070c  [ F9984B8432204D000E15DE0A40D6F9AD, EBF0AAAFC9793F1EDCF3502CAE265CC012A60FA2B5DAD35A66DAD19ACFE206FC ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:37:10.0929 0x070c  AVGIDSDriver - ok
19:37:10.0961 0x070c  [ 73B684F26AD82BABC2A1B3E539ED027A, B164C0C395FF285ED31615E7DB5F43B31A2F1CB6156A68BB5F3802AFCA7B8887 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
19:37:10.0961 0x070c  AVGIDSHA - ok
19:37:10.0976 0x070c  [ 18A542A22A31DFFEA51666E75393E7A5, 7EFA508ECE7266446B2A5E12DB7461D328F2B47E2A70A8AA2C9D0E42898C71AC ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
19:37:10.0992 0x070c  Avgldx64 - ok
19:37:11.0007 0x070c  [ EC0E347F6C95541504CCF1B85D74F91F, F0819BF489C8776696D9DD89AC9673717BAF957DFAA071DA3911560172C6D952 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
19:37:11.0023 0x070c  Avgloga - ok
19:37:11.0054 0x070c  [ ADC65C6074A994D91CA9C6339C3DC978, A736BF94E41B9B06E826E3F2BBA7B305990DF68CF17DA8F661AE952FB240DDE1 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
19:37:11.0070 0x070c  Avgmfx64 - ok
19:37:11.0085 0x070c  [ 7D206FA06603E95984EFF9822C9FC958, 11863D7A5A14C852594F90FD3A54E55CBE8C27075E640C9B222102AD9DA91F35 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
19:37:11.0085 0x070c  Avgrkx64 - ok
19:37:11.0117 0x070c  [ 6FB25E61AC5885F5BD8BC5202D129BDF, 2644612402A8F7EDF8EB98537D10BCF0284B89797EC17A426DE94CE6922C1F4A ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
19:37:11.0132 0x070c  Avgtdia - ok
19:37:11.0179 0x070c  [ E5C581D358B62CF65776B8E4E17B9E5C, 955E4ECFD036330B139476CCCC7564B082C197D5E7577853E0C3D7B707EDB090 ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
19:37:11.0195 0x070c  avgwd - ok
19:37:11.0257 0x070c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:37:11.0257 0x070c  AxInstSV - ok
19:37:11.0319 0x070c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:37:11.0351 0x070c  b06bdrv - ok
19:37:11.0413 0x070c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:37:11.0429 0x070c  b57nd60a - ok
19:37:11.0444 0x070c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:37:11.0460 0x070c  BDESVC - ok
19:37:11.0460 0x070c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:37:11.0460 0x070c  Beep - ok
19:37:11.0522 0x070c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:37:11.0538 0x070c  BFE - ok
19:37:11.0600 0x070c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:37:11.0631 0x070c  BITS - ok
19:37:11.0647 0x070c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:37:11.0663 0x070c  blbdrive - ok
19:37:11.0694 0x070c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:37:11.0694 0x070c  bowser - ok
19:37:11.0725 0x070c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:37:11.0725 0x070c  BrFiltLo - ok
19:37:11.0772 0x070c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:37:11.0772 0x070c  BrFiltUp - ok
19:37:11.0819 0x070c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:37:11.0819 0x070c  Browser - ok
19:37:11.0881 0x070c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:37:11.0897 0x070c  Brserid - ok
19:37:11.0943 0x070c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:37:11.0962 0x070c  BrSerWdm - ok
19:37:11.0980 0x070c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:37:11.0980 0x070c  BrUsbMdm - ok
19:37:11.0995 0x070c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:37:11.0995 0x070c  BrUsbSer - ok
19:37:12.0026 0x070c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:37:12.0026 0x070c  BTHMODEM - ok
19:37:12.0104 0x070c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:37:12.0104 0x070c  bthserv - ok
19:37:12.0151 0x070c  [ 5753532C476B83119D85AA43B1B10AB3, 1CF4CA789312B9AB20E00BBFCC20084E6DAA797CE64FAA78B5DEE482D621A289 ] CCALib8         C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
19:37:12.0167 0x070c  CCALib8 - ok
19:37:12.0214 0x070c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:37:12.0229 0x070c  cdfs - ok
19:37:12.0307 0x070c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:37:12.0323 0x070c  cdrom - ok
19:37:12.0385 0x070c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:37:12.0385 0x070c  CertPropSvc - ok
19:37:12.0416 0x070c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:37:12.0416 0x070c  circlass - ok
19:37:12.0448 0x070c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:37:12.0463 0x070c  CLFS - ok
19:37:12.0479 0x070c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:37:12.0494 0x070c  clr_optimization_v2.0.50727_32 - ok
19:37:12.0510 0x070c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:37:12.0510 0x070c  clr_optimization_v2.0.50727_64 - ok
19:37:12.0588 0x070c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:37:12.0635 0x070c  clr_optimization_v4.0.30319_32 - ok
19:37:12.0666 0x070c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:37:12.0682 0x070c  clr_optimization_v4.0.30319_64 - ok
19:37:12.0697 0x070c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:37:12.0713 0x070c  CmBatt - ok
19:37:12.0744 0x070c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:37:12.0744 0x070c  cmdide - ok
19:37:12.0806 0x070c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
19:37:12.0822 0x070c  CNG - ok
19:37:12.0838 0x070c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:37:12.0838 0x070c  Compbatt - ok
19:37:12.0884 0x070c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:37:12.0900 0x070c  CompositeBus - ok
19:37:12.0931 0x070c  COMSysApp - ok
19:37:13.0040 0x070c  [ 7150E3708FB489E7941F7A6A7A0DB282, 2D521FCF3CC75C86FF74B885490000A94468FC68113785B700FF62C912511843 ] CouponPrinterService C:\Program Files (x86)\Coupons\CouponPrinterService.exe
19:37:13.0040 0x070c  CouponPrinterService - ok
19:37:13.0087 0x070c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:37:13.0087 0x070c  crcdisk - ok
19:37:13.0150 0x070c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:37:13.0165 0x070c  CryptSvc - ok
19:37:13.0212 0x070c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:37:13.0212 0x070c  DcomLaunch - ok
19:37:13.0243 0x070c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:37:13.0259 0x070c  defragsvc - ok
19:37:13.0306 0x070c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:37:13.0321 0x070c  DfsC - ok
19:37:13.0352 0x070c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:37:13.0368 0x070c  Dhcp - ok
19:37:13.0399 0x070c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:37:13.0399 0x070c  discache - ok
19:37:13.0430 0x070c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:37:13.0446 0x070c  Disk - ok
19:37:13.0898 0x070c  [ 214CF29D013B96B8AAA0C31682349D92, 9507B79FDC37D2361A844F12308B68F00EDA5E4B795E868DF2E01B514F8BA762 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
19:37:14.0091 0x070c  DisplayLinkService - ok
19:37:14.0153 0x070c  [ 1FAE14F2CB2F1C1CBDBC17EFB63D5845, 46DB65BB77179F0598A5F818985BA811A3B3CE9355158BA99C1C4C3A41E4904B ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
19:37:14.0153 0x070c  DisplayLinkUsbPort - ok
19:37:14.0184 0x070c  [ 5D5B9E1E45B1EB727EFEAB0F44C7E4EF, E288494B8FD6AE63B07764277DBA50324CB0DE3D8159FF64FD75A75B261AC834 ] dlkmd           C:\Windows\system32\drivers\dlkmd.sys
19:37:14.0200 0x070c  dlkmd - ok
19:37:14.0231 0x070c  [ B701A03D4C256A288D89D615E139CB7C, 6F9BC6938EF18828075CE516DB82E8731BF5B71F490C070FFC873AEE32491006 ] dlkmdldr        C:\Windows\system32\drivers\dlkmdldr.sys
19:37:14.0231 0x070c  dlkmdldr - ok
19:37:14.0356 0x070c  [ AE3D76825152764EF016370FDAC219F9, 9CE85CB8CD9E247F9AD446E438DB6B602E82174798A0AA4A4AC4100FA88319AF ] DMService       C:\Windows\Downloaded Program Files\DM.0\DMService.exe
19:37:14.0387 0x070c  DMService - ok
19:37:14.0434 0x070c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:37:14.0449 0x070c  Dnscache - ok
19:37:14.0496 0x070c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:37:14.0496 0x070c  dot3svc - ok
19:37:14.0543 0x070c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:37:14.0559 0x070c  DPS - ok
19:37:14.0590 0x070c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:37:14.0590 0x070c  drmkaud - ok
19:37:14.0683 0x070c  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:37:14.0699 0x070c  DXGKrnl - ok
19:37:14.0761 0x070c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:37:14.0761 0x070c  EapHost - ok
19:37:15.0120 0x070c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:37:15.0276 0x070c  ebdrv - ok
19:37:15.0307 0x070c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
19:37:15.0307 0x070c  EFS - ok
19:37:15.0432 0x070c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:37:15.0448 0x070c  ehRecvr - ok
19:37:15.0510 0x070c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:37:15.0510 0x070c  ehSched - ok
19:37:15.0557 0x070c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:37:15.0573 0x070c  elxstor - ok
19:37:15.0604 0x070c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:37:15.0604 0x070c  ErrDev - ok
19:37:15.0635 0x070c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:37:15.0651 0x070c  EventSystem - ok
19:37:15.0666 0x070c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:37:15.0682 0x070c  exfat - ok
19:37:15.0697 0x070c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:37:15.0697 0x070c  fastfat - ok
19:37:15.0775 0x070c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:37:15.0791 0x070c  Fax - ok
19:37:15.0838 0x070c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:37:15.0853 0x070c  fdc - ok
19:37:15.0869 0x070c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:37:15.0869 0x070c  fdPHost - ok
19:37:15.0916 0x070c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:37:15.0916 0x070c  FDResPub - ok
19:37:15.0952 0x070c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:37:15.0952 0x070c  FileInfo - ok
19:37:15.0968 0x070c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:37:15.0968 0x070c  Filetrace - ok
19:37:15.0983 0x070c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:37:15.0999 0x070c  flpydisk - ok
19:37:16.0014 0x070c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:37:16.0030 0x070c  FltMgr - ok
19:37:16.0108 0x070c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:37:16.0124 0x070c  FontCache - ok
19:37:16.0233 0x070c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:37:16.0248 0x070c  FontCache3.0.0.0 - ok
19:37:16.0248 0x070c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:37:16.0248 0x070c  FsDepends - ok
19:37:16.0295 0x070c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:37:16.0311 0x070c  Fs_Rec - ok
19:37:16.0358 0x070c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:37:16.0358 0x070c  fvevol - ok
19:37:16.0389 0x070c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:37:16.0404 0x070c  gagp30kx - ok
19:37:16.0467 0x070c  [ C44D560E441F091EA3B72F778EC60DE2, 1F90BA0E98C436B98BF6B0BC93146B52C081DF374424E2DCA270316D508A59B2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
19:37:16.0482 0x070c  GameConsoleService - ok
19:37:16.0592 0x070c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:37:16.0607 0x070c  gpsvc - ok
19:37:16.0716 0x070c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:37:16.0732 0x070c  gupdate - ok
19:37:16.0763 0x070c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:37:16.0779 0x070c  gupdatem - ok
19:37:16.0794 0x070c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:37:16.0810 0x070c  hcw85cir - ok
19:37:16.0857 0x070c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:37:16.0857 0x070c  HDAudBus - ok
19:37:16.0888 0x070c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:37:16.0888 0x070c  HidBatt - ok
19:37:16.0904 0x070c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:37:16.0904 0x070c  HidBth - ok
19:37:16.0919 0x070c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:37:16.0935 0x070c  HidIr - ok
19:37:16.0950 0x070c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:37:16.0950 0x070c  hidserv - ok
19:37:16.0982 0x070c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:37:16.0982 0x070c  HidUsb - ok
19:37:16.0997 0x070c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:37:17.0013 0x070c  hkmsvc - ok
19:37:17.0044 0x070c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:37:17.0060 0x070c  HomeGroupListener - ok
19:37:17.0091 0x070c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:37:17.0106 0x070c  HomeGroupProvider - ok
19:37:17.0138 0x070c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:37:17.0138 0x070c  HpSAMD - ok
19:37:17.0216 0x070c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:37:17.0231 0x070c  HTTP - ok
19:37:17.0262 0x070c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:37:17.0262 0x070c  hwpolicy - ok
19:37:17.0309 0x070c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:37:17.0309 0x070c  i8042prt - ok
19:37:17.0340 0x070c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:37:17.0356 0x070c  iaStorV - ok
19:37:17.0403 0x070c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:37:17.0418 0x070c  idsvc - ok
19:37:17.0450 0x070c  IEEtwCollectorService - ok
19:37:17.0465 0x070c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:37:17.0465 0x070c  iirsp - ok
19:37:17.0528 0x070c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:37:17.0543 0x070c  IKEEXT - ok
19:37:17.0652 0x070c  [ 31C32BC56D85D109EBB0C526BE5CACA7, E09A338EAEFD615FDB755B57F02E6033A2E5B6849BA3D66803286424F7D91EBE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:37:17.0699 0x070c  IntcAzAudAddService - ok
19:37:17.0730 0x070c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:37:17.0730 0x070c  intelide - ok
19:37:17.0762 0x070c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:37:17.0762 0x070c  intelppm - ok
19:37:17.0855 0x070c  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:37:17.0855 0x070c  IntuitUpdateServiceV4 - ok
19:37:17.0923 0x070c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:37:17.0923 0x070c  IPBusEnum - ok
19:37:17.0969 0x070c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:37:17.0985 0x070c  IpFilterDriver - ok
19:37:18.0016 0x070c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:37:18.0047 0x070c  iphlpsvc - ok
19:37:18.0079 0x070c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:37:18.0094 0x070c  IPMIDRV - ok
19:37:18.0125 0x070c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:37:18.0125 0x070c  IPNAT - ok
19:37:18.0157 0x070c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:37:18.0157 0x070c  IRENUM - ok
19:37:18.0172 0x070c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:37:18.0172 0x070c  isapnp - ok
19:37:18.0203 0x070c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:37:18.0219 0x070c  iScsiPrt - ok
19:37:18.0235 0x070c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:37:18.0235 0x070c  kbdclass - ok
19:37:18.0250 0x070c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:37:18.0250 0x070c  kbdhid - ok
19:37:18.0266 0x070c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
19:37:18.0266 0x070c  KeyIso - ok
19:37:18.0313 0x070c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:37:18.0313 0x070c  KSecDD - ok
19:37:18.0359 0x070c  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:37:18.0375 0x070c  KSecPkg - ok
19:37:18.0406 0x070c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:37:18.0406 0x070c  ksthunk - ok
19:37:18.0453 0x070c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:37:18.0469 0x070c  KtmRm - ok
19:37:18.0500 0x070c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:37:18.0515 0x070c  LanmanServer - ok
19:37:18.0547 0x070c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:37:18.0547 0x070c  LanmanWorkstation - ok
19:37:18.0781 0x070c  [ 3C879D04BB6466E2853C3155B635CC45, 1CDBEA6EE711F159A93FD5460024ACA512BEC263611F726ACE0475ED066757F6 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
19:37:18.0905 0x070c  LeapFrog Connect Device Service - ok
19:37:18.0952 0x070c  [ 797289607A5EBF31353AA5EAD141F872, 4E3F8635F61DBFEEA3737EEB013F3B0A07B044A6F0D49901EB476B3904E98D2A ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
19:37:18.0968 0x070c  Leapfrog-USBLAN - ok
19:37:19.0015 0x070c  [ 108333981C841EB0FF198AA5DFCF3D3B, 726B4BEA813F18668A0682D1D427F6E3676A2EA2501EB7E64199B65D23F45FC8 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:37:19.0030 0x070c  LightScribeService - ok
19:37:19.0061 0x070c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:37:19.0061 0x070c  lltdio - ok
19:37:19.0093 0x070c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:37:19.0093 0x070c  lltdsvc - ok
19:37:19.0108 0x070c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:37:19.0108 0x070c  lmhosts - ok
19:37:19.0139 0x070c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:37:19.0155 0x070c  LSI_FC - ok
19:37:19.0186 0x070c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:37:19.0202 0x070c  LSI_SAS - ok
19:37:19.0233 0x070c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:37:19.0233 0x070c  LSI_SAS2 - ok
19:37:19.0264 0x070c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:37:19.0264 0x070c  LSI_SCSI - ok
19:37:19.0280 0x070c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:37:19.0295 0x070c  luafv - ok
19:37:19.0327 0x070c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:37:19.0327 0x070c  Mcx2Svc - ok
19:37:19.0451 0x070c  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:37:19.0483 0x070c  MDM - ok
19:37:19.0514 0x070c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:37:19.0514 0x070c  megasas - ok
19:37:19.0545 0x070c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:37:19.0561 0x070c  MegaSR - ok
19:37:19.0576 0x070c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:37:19.0576 0x070c  MMCSS - ok
19:37:19.0592 0x070c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:37:19.0592 0x070c  Modem - ok
19:37:19.0639 0x070c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:37:19.0639 0x070c  monitor - ok
19:37:19.0654 0x070c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:37:19.0654 0x070c  mouclass - ok
19:37:19.0654 0x070c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:37:19.0654 0x070c  mouhid - ok
19:37:19.0685 0x070c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:37:19.0701 0x070c  mountmgr - ok
19:37:19.0732 0x070c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:37:19.0732 0x070c  mpio - ok
19:37:19.0763 0x070c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:37:19.0779 0x070c  mpsdrv - ok
19:37:19.0841 0x070c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:37:19.0857 0x070c  MpsSvc - ok
19:37:19.0909 0x070c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:37:19.0909 0x070c  MRxDAV - ok
19:37:19.0940 0x070c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:19.0940 0x070c  mrxsmb - ok
19:37:20.0049 0x070c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:20.0065 0x070c  mrxsmb10 - ok
19:37:20.0096 0x070c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:20.0096 0x070c  mrxsmb20 - ok
19:37:20.0112 0x070c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:37:20.0127 0x070c  msahci - ok
19:37:20.0174 0x070c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:37:20.0174 0x070c  msdsm - ok
19:37:20.0221 0x070c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:37:20.0236 0x070c  MSDTC - ok
19:37:20.0299 0x070c  [ 72949A24D37A20A54B3D4D3DADBB55E9, 580B59EF2DFA4F6EE27BA37904F0705CBCD74F9B07D2D795093C045F94AE6DB5 ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
19:37:20.0299 0x070c  MSDV - ok
19:37:20.0346 0x070c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:37:20.0346 0x070c  Msfs - ok
19:37:20.0377 0x070c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:37:20.0377 0x070c  mshidkmdf - ok
19:37:20.0392 0x070c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:37:20.0392 0x070c  msisadrv - ok
19:37:20.0424 0x070c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:37:20.0439 0x070c  MSiSCSI - ok
19:37:20.0439 0x070c  msiserver - ok
19:37:20.0470 0x070c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:37:20.0470 0x070c  MSKSSRV - ok
19:37:20.0502 0x070c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:20.0502 0x070c  MSPCLOCK - ok
19:37:20.0517 0x070c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:37:20.0517 0x070c  MSPQM - ok
19:37:20.0564 0x070c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:37:20.0580 0x070c  MsRPC - ok
19:37:20.0626 0x070c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:37:20.0626 0x070c  mssmbios - ok
19:37:20.0642 0x070c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:37:20.0642 0x070c  MSTEE - ok
19:37:20.0658 0x070c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:37:20.0658 0x070c  MTConfig - ok
19:37:20.0673 0x070c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:37:20.0689 0x070c  Mup - ok
19:37:20.0720 0x070c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:37:20.0751 0x070c  napagent - ok
19:37:20.0798 0x070c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:37:20.0798 0x070c  NativeWifiP - ok
19:37:20.0845 0x070c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:37:20.0876 0x070c  NDIS - ok
19:37:20.0892 0x070c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:37:20.0892 0x070c  NdisCap - ok
19:37:20.0907 0x070c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:20.0907 0x070c  NdisTapi - ok
19:37:20.0954 0x070c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:20.0954 0x070c  Ndisuio - ok
19:37:21.0016 0x070c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:21.0032 0x070c  NdisWan - ok
19:37:21.0063 0x070c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:37:21.0079 0x070c  NDProxy - ok
19:37:21.0079 0x070c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:37:21.0094 0x070c  NetBIOS - ok
19:37:21.0110 0x070c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:37:21.0110 0x070c  NetBT - ok
19:37:21.0126 0x070c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
19:37:21.0126 0x070c  Netlogon - ok
19:37:21.0157 0x070c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:37:21.0172 0x070c  Netman - ok
19:37:21.0219 0x070c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:37:21.0250 0x070c  NetMsmqActivator - ok
19:37:21.0266 0x070c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:37:21.0282 0x070c  NetPipeActivator - ok
19:37:21.0297 0x070c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:37:21.0313 0x070c  netprofm - ok
19:37:21.0328 0x070c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:37:21.0328 0x070c  NetTcpActivator - ok
19:37:21.0360 0x070c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:37:21.0360 0x070c  NetTcpPortSharing - ok
19:37:21.0391 0x070c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:37:21.0391 0x070c  nfrd960 - ok
19:37:21.0422 0x070c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:37:21.0438 0x070c  NlaSvc - ok
19:37:21.0453 0x070c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:37:21.0453 0x070c  Npfs - ok
19:37:21.0469 0x070c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:37:21.0484 0x070c  nsi - ok
19:37:21.0500 0x070c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:37:21.0500 0x070c  nsiproxy - ok
19:37:21.0578 0x070c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:37:21.0640 0x070c  Ntfs - ok
19:37:21.0672 0x070c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:37:21.0672 0x070c  Null - ok
19:37:22.0503 0x070c  [ 1CF597C9F0745735A6C5181ECB83706E, D07D7F7900CB5FF4DFC002BA2CB3C8E3D35158E6EAA96E68469DEA9F77876C76 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:37:22.0737 0x070c  nvlddmkm - ok
19:37:22.0800 0x070c  [ 9C3024E48DB4C98E50AF7D8B72D0EF89, 095DE80F56E87B951BDE4DBAD91D9303EE79812333CA80C6310A67A50A884743 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
19:37:22.0800 0x070c  NVNET - ok
19:37:22.0847 0x070c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:37:22.0847 0x070c  nvraid - ok
19:37:22.0878 0x070c  [ AFDE3015BB8D76E26BEC3B287C5443A0, 6D4804392149EA9B8BC555D4BEBB84A39DE14E62ACCD7EEBBE21D2D8E37E32B0 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
19:37:22.0878 0x070c  nvsmu - ok
19:37:22.0909 0x070c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:37:22.0909 0x070c  nvstor - ok
19:37:22.0940 0x070c  [ E71CFA7AE5E7518E29073D7C20A8FCA1, 99CA07BD14D2932E007039A43289020B3A7D7BBFB92DC8D28AD38EB393894AEE ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:37:22.0956 0x070c  nvsvc - ok
19:37:22.0971 0x070c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:37:22.0971 0x070c  nv_agp - ok
19:37:22.0987 0x070c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:37:23.0003 0x070c  ohci1394 - ok
19:37:23.0034 0x070c  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:37:23.0034 0x070c  ose - ok
19:37:23.0065 0x070c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:37:23.0081 0x070c  p2pimsvc - ok
19:37:23.0127 0x070c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:37:23.0143 0x070c  p2psvc - ok
19:37:23.0159 0x070c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:37:23.0174 0x070c  Parport - ok
19:37:23.0190 0x070c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:37:23.0190 0x070c  partmgr - ok
19:37:23.0205 0x070c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:37:23.0221 0x070c  PcaSvc - ok
19:37:23.0237 0x070c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:37:23.0237 0x070c  pci - ok
19:37:23.0252 0x070c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:37:23.0252 0x070c  pciide - ok
19:37:23.0299 0x070c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:37:23.0315 0x070c  pcmcia - ok
19:37:23.0361 0x070c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:37:23.0377 0x070c  pcw - ok
19:37:23.0455 0x070c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:37:23.0471 0x070c  PEAUTH - ok
19:37:23.0829 0x070c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:37:23.0829 0x070c  PerfHost - ok
19:37:24.0053 0x070c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:37:24.0115 0x070c  pla - ok
19:37:24.0193 0x070c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:37:24.0224 0x070c  PlugPlay - ok
19:37:24.0256 0x070c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:37:24.0256 0x070c  PNRPAutoReg - ok
19:37:24.0302 0x070c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:37:24.0318 0x070c  PNRPsvc - ok
19:37:24.0396 0x070c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:37:24.0458 0x070c  PolicyAgent - ok
19:37:24.0505 0x070c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:37:24.0521 0x070c  Power - ok
19:37:24.0568 0x070c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:37:24.0568 0x070c  PptpMiniport - ok
19:37:24.0583 0x070c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:37:24.0599 0x070c  Processor - ok
19:37:24.0630 0x070c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:37:24.0646 0x070c  ProfSvc - ok
19:37:24.0646 0x070c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:37:24.0661 0x070c  ProtectedStorage - ok
19:37:24.0692 0x070c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:37:24.0692 0x070c  Psched - ok
19:37:25.0067 0x070c  [ 014B6D8DCB02B30119C38731A3ACF5B9, FF9BC927ECE87763F5E708F7EC9188E0F3C126519B23FE1B8C8F5C233C2BBB2A ] qengine         C:\Program Files (x86)\Qustodio\qproxy\qengine.exe
19:37:25.0145 0x070c  qengine - ok
19:37:25.0238 0x070c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:37:25.0316 0x070c  ql2300 - ok
19:37:25.0348 0x070c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:37:25.0363 0x070c  ql40xx - ok
19:37:25.0582 0x070c  [ 27902DA700AD8216942FC2672960BDE1, 727512E8F81E40FDE384187A37FC4CF5CA3FF7A703966D4D4E774E94043474F0 ] qupdate         C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe
19:37:25.0644 0x070c  qupdate - ok
19:37:25.0675 0x070c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:37:25.0691 0x070c  QWAVE - ok
19:37:25.0706 0x070c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:37:25.0706 0x070c  QWAVEdrv - ok
19:37:25.0769 0x070c  [ 16C0D37948070BF8BA2C8E4FEFBCB75C, 711D8297CEF55BF17ED1C4FC5A8D155B0168E615EE2040B4CA8AD9569B3D214A ] qwdf64          C:\Windows\system32\Drivers\qwdf64.sys
19:37:25.0769 0x070c  qwdf64 - ok
19:37:25.0816 0x070c  [ F4E28A6A888B9BA88C5AB9867E501824, 941798C122466D944DA1C455A9A1C90F7247D4A46AE6B1362191F655C439AC52 ] qwdr64          C:\Windows\system32\Drivers\qwdr64.sys
19:37:25.0847 0x070c  qwdr64 - ok
19:37:25.0862 0x070c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:37:25.0862 0x070c  RasAcd - ok
19:37:25.0899 0x070c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:37:25.0899 0x070c  RasAgileVpn - ok
19:37:25.0914 0x070c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:37:25.0930 0x070c  RasAuto - ok
19:37:25.0961 0x070c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:37:25.0961 0x070c  Rasl2tp - ok
19:37:26.0008 0x070c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:37:26.0023 0x070c  RasMan - ok
19:37:26.0039 0x070c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:37:26.0039 0x070c  RasPppoe - ok
19:37:26.0070 0x070c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:37:26.0070 0x070c  RasSstp - ok
19:37:26.0101 0x070c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:37:26.0117 0x070c  rdbss - ok
19:37:26.0133 0x070c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:37:26.0133 0x070c  rdpbus - ok
19:37:26.0148 0x070c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:37:26.0148 0x070c  RDPCDD - ok
19:37:26.0179 0x070c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:37:26.0179 0x070c  RDPENCDD - ok
19:37:26.0211 0x070c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:37:26.0211 0x070c  RDPREFMP - ok
19:37:26.0242 0x070c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:37:26.0257 0x070c  RDPWD - ok
19:37:26.0289 0x070c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:37:26.0289 0x070c  rdyboost - ok
19:37:26.0320 0x070c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:37:26.0320 0x070c  RemoteAccess - ok
19:37:26.0335 0x070c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:37:26.0335 0x070c  RemoteRegistry - ok
19:37:26.0367 0x070c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:37:26.0367 0x070c  RpcEptMapper - ok
19:37:26.0398 0x070c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:37:26.0398 0x070c  RpcLocator - ok
19:37:26.0460 0x070c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:37:26.0476 0x070c  RpcSs - ok
19:37:26.0491 0x070c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:37:26.0491 0x070c  rspndr - ok
19:37:26.0538 0x070c  [ 4A06585C8673F4458E9FBBC9DDDB4D28, D27CA2DD3187DF00C2CE3CC504C12E8055E9CA7B52268A3DE20BBC7D67F88AC5 ] RTL8187B        C:\Windows\system32\DRIVERS\wg111v3.sys
19:37:26.0554 0x070c  RTL8187B - ok
19:37:26.0554 0x070c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
19:37:26.0554 0x070c  SamSs - ok
19:37:26.0585 0x070c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:37:26.0601 0x070c  sbp2port - ok
19:37:26.0601 0x070c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:37:26.0616 0x070c  SCardSvr - ok
19:37:26.0647 0x070c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:37:26.0647 0x070c  scfilter - ok
19:37:26.0741 0x070c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:37:26.0757 0x070c  Schedule - ok
19:37:26.0803 0x070c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:37:26.0819 0x070c  SCPolicySvc - ok
19:37:26.0881 0x070c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:37:26.0897 0x070c  SDRSVC - ok
19:37:26.0897 0x070c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:37:26.0913 0x070c  secdrv - ok
19:37:26.0928 0x070c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:37:26.0928 0x070c  seclogon - ok
19:37:26.0944 0x070c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
19:37:26.0944 0x070c  SENS - ok
19:37:26.0959 0x070c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:37:26.0959 0x070c  SensrSvc - ok
19:37:26.0991 0x070c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:37:27.0006 0x070c  Serenum - ok
19:37:27.0022 0x070c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:37:27.0022 0x070c  Serial - ok
19:37:27.0053 0x070c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:37:27.0053 0x070c  sermouse - ok
19:37:27.0115 0x070c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:37:27.0115 0x070c  SessionEnv - ok
19:37:27.0147 0x070c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:37:27.0162 0x070c  sffdisk - ok
19:37:27.0193 0x070c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:37:27.0193 0x070c  sffp_mmc - ok
19:37:27.0225 0x070c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:37:27.0225 0x070c  sffp_sd - ok
19:37:27.0240 0x070c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:37:27.0256 0x070c  sfloppy - ok
19:37:27.0303 0x070c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:37:27.0318 0x070c  SharedAccess - ok
19:37:27.0381 0x070c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:37:27.0381 0x070c  ShellHWDetection - ok
19:37:27.0412 0x070c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:37:27.0427 0x070c  SiSRaid2 - ok
19:37:27.0443 0x070c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:37:27.0443 0x070c  SiSRaid4 - ok
19:37:27.0474 0x070c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:37:27.0474 0x070c  Smb - ok
19:37:27.0505 0x070c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:37:27.0505 0x070c  SNMPTRAP - ok
19:37:27.0521 0x070c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:37:27.0521 0x070c  spldr - ok
19:37:27.0568 0x070c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:37:27.0583 0x070c  Spooler - ok
19:37:27.0900 0x070c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:37:27.0978 0x070c  sppsvc - ok
19:37:28.0010 0x070c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:37:28.0010 0x070c  sppuinotify - ok
19:37:28.0134 0x070c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:37:28.0150 0x070c  srv - ok
19:37:28.0212 0x070c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:37:28.0228 0x070c  srv2 - ok
19:37:28.0244 0x070c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:37:28.0244 0x070c  srvnet - ok
19:37:28.0259 0x070c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:37:28.0275 0x070c  SSDPSRV - ok
19:37:28.0275 0x070c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:37:28.0290 0x070c  SstpSvc - ok
19:37:28.0290 0x070c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:37:28.0306 0x070c  stexstor - ok
19:37:28.0384 0x070c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:37:28.0400 0x070c  stisvc - ok
19:37:28.0462 0x070c  [ 04478EECA83AFAEB9C1712AEA2851D34, B30FED6E58412DD9BA4410CBC9FEEF066B9B4EA12CB8FE633CD9781E389DA443 ] svctcom         C:\Windows\SysWOW64\svctcom.exe
19:37:28.0478 0x070c  svctcom - ok
19:37:28.0509 0x070c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:37:28.0509 0x070c  swenum - ok
19:37:28.0556 0x070c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:37:28.0571 0x070c  swprv - ok
19:37:28.0680 0x070c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:37:28.0712 0x070c  SysMain - ok
19:37:28.0743 0x070c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:37:28.0743 0x070c  TabletInputService - ok
19:37:28.0774 0x070c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:37:28.0774 0x070c  TapiSrv - ok
19:37:28.0836 0x070c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:37:28.0836 0x070c  TBS - ok
19:37:28.0977 0x070c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:37:29.0024 0x070c  Tcpip - ok
19:37:29.0148 0x070c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:37:29.0180 0x070c  TCPIP6 - ok
19:37:29.0320 0x070c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:37:29.0320 0x070c  tcpipreg - ok
19:37:29.0367 0x070c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:37:29.0367 0x070c  TDPIPE - ok
19:37:29.0398 0x070c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:37:29.0398 0x070c  TDTCP - ok
19:37:29.0429 0x070c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:37:29.0429 0x070c  tdx - ok
19:37:29.0445 0x070c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:37:29.0445 0x070c  TermDD - ok
19:37:29.0554 0x070c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
19:37:29.0585 0x070c  TermService - ok
19:37:29.0601 0x070c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:37:29.0616 0x070c  Themes - ok
19:37:29.0632 0x070c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:37:29.0632 0x070c  THREADORDER - ok
19:37:29.0663 0x070c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:37:29.0663 0x070c  TrkWks - ok
19:37:29.0757 0x070c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:37:29.0772 0x070c  TrustedInstaller - ok
19:37:29.0819 0x070c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:37:29.0819 0x070c  tssecsrv - ok
19:37:29.0887 0x070c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:37:29.0902 0x070c  TsUsbFlt - ok
19:37:29.0949 0x070c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:37:29.0965 0x070c  tunnel - ok
19:37:29.0996 0x070c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:37:29.0996 0x070c  uagp35 - ok
19:37:30.0105 0x070c  [ 3BD865754624EEA5AF13C4A114A7CAB8, 13CE6EBA86009451C8AF17EB5B038B60EF54C0072191EBA11B84537D9EAAA383 ] uagqecsvc       C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
19:37:30.0136 0x070c  uagqecsvc - ok
19:37:30.0152 0x070c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:37:30.0167 0x070c  udfs - ok
19:37:30.0199 0x070c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:37:30.0199 0x070c  UI0Detect - ok
19:37:30.0230 0x070c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:37:30.0230 0x070c  uliagpkx - ok
19:37:30.0277 0x070c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
19:37:30.0277 0x070c  umbus - ok
19:37:30.0308 0x070c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:37:30.0308 0x070c  UmPass - ok
19:37:30.0355 0x070c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:37:30.0386 0x070c  upnphost - ok
19:37:30.0417 0x070c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
19:37:30.0448 0x070c  usbccgp - ok
19:37:30.0495 0x070c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:37:30.0511 0x070c  usbcir - ok
19:37:30.0526 0x070c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:37:30.0542 0x070c  usbehci - ok
19:37:30.0573 0x070c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:37:30.0589 0x070c  usbhub - ok
19:37:30.0620 0x070c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:37:30.0635 0x070c  usbohci - ok
19:37:30.0667 0x070c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:37:30.0667 0x070c  usbprint - ok
19:37:30.0698 0x070c  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:37:30.0698 0x070c  usbscan - ok
19:37:30.0729 0x070c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:37:30.0729 0x070c  USBSTOR - ok
19:37:30.0745 0x070c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:37:30.0745 0x070c  usbuhci - ok
19:37:30.0760 0x070c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:37:30.0776 0x070c  UxSms - ok
19:37:30.0776 0x070c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
19:37:30.0776 0x070c  VaultSvc - ok
19:37:30.0791 0x070c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:37:30.0791 0x070c  vdrvroot - ok
19:37:30.0901 0x070c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:37:30.0932 0x070c  vds - ok
19:37:30.0963 0x070c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:37:30.0963 0x070c  vga - ok
19:37:30.0994 0x070c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:37:31.0010 0x070c  VgaSave - ok
19:37:31.0041 0x070c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:37:31.0057 0x070c  vhdmp - ok
19:37:31.0072 0x070c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:37:31.0072 0x070c  viaide - ok
19:37:31.0088 0x070c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:37:31.0103 0x070c  volmgr - ok
19:37:31.0135 0x070c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:37:31.0150 0x070c  volmgrx - ok
19:37:31.0213 0x070c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:37:31.0228 0x070c  volsnap - ok
19:37:31.0259 0x070c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:37:31.0259 0x070c  vsmraid - ok
19:37:31.0353 0x070c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:37:31.0400 0x070c  VSS - ok
19:37:31.0415 0x070c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:37:31.0415 0x070c  vwifibus - ok
19:37:31.0447 0x070c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:37:31.0447 0x070c  vwififlt - ok
19:37:31.0478 0x070c  [ 81843561A47A00AA302BFB7C5B678126, FBB1988CAD594EFFDA71DF212CD110B73E1D88DAABD4FE5931AE8538D8BFE7EC ] vzandnetdiag    C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys
19:37:31.0556 0x070c  vzandnetdiag - ok
19:37:31.0587 0x070c  [ 777178A779D1B7FFCE9E22487066FB85, FCE11FA7A21E9C514116EB4D3F45A7301EEDC01FC128A9301E94789DC856334D ] vzandnetdiag2   C:\Windows\system32\DRIVERS\lgvzandnetdiag264.sys
19:37:31.0587 0x070c  vzandnetdiag2 - ok
19:37:31.0603 0x070c  [ 818CA779C2457F328335FA48D507EF07, 71AD8F83A08ABEECFE335B43A74EFEF69D00FF5DD57F1C08C8ABC54278F2AD4F ] vzandnetmodem   C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys
19:37:31.0603 0x070c  vzandnetmodem - ok
19:37:31.0649 0x070c  [ 2862F437E09E0DDB3A9772ABC57F160D, 5D581D4A7A042FBC7FC8134A0E21400D924527A452CA5FE66F0F1AB589EDEA5E ] vzandnetndis    C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys
19:37:31.0649 0x070c  vzandnetndis - ok
19:37:31.0681 0x070c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:37:31.0696 0x070c  W32Time - ok
19:37:31.0712 0x070c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:37:31.0712 0x070c  WacomPen - ok
19:37:31.0759 0x070c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:37:31.0759 0x070c  WANARP - ok
19:37:31.0774 0x070c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:37:31.0774 0x070c  Wanarpv6 - ok
19:37:31.0857 0x070c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:37:31.0920 0x070c  WatAdminSvc - ok
19:37:32.0076 0x070c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:37:32.0107 0x070c  wbengine - ok
19:37:32.0138 0x070c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:37:32.0138 0x070c  WbioSrvc - ok
19:37:32.0216 0x070c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:37:32.0232 0x070c  wcncsvc - ok
19:37:32.0247 0x070c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:37:32.0247 0x070c  WcsPlugInService - ok
19:37:32.0278 0x070c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:37:32.0294 0x070c  Wd - ok
19:37:32.0388 0x070c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:37:32.0403 0x070c  Wdf01000 - ok
19:37:32.0419 0x070c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:37:32.0434 0x070c  WdiServiceHost - ok
19:37:32.0434 0x070c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:37:32.0434 0x070c  WdiSystemHost - ok
19:37:32.0512 0x070c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
19:37:32.0528 0x070c  WebClient - ok
19:37:32.0575 0x070c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:37:32.0590 0x070c  Wecsvc - ok
19:37:32.0622 0x070c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:37:32.0637 0x070c  wercplsupport - ok
19:37:32.0653 0x070c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:37:32.0653 0x070c  WerSvc - ok
19:37:32.0700 0x070c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:37:32.0700 0x070c  WfpLwf - ok
19:37:32.0715 0x070c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:37:32.0715 0x070c  WIMMount - ok
19:37:32.0731 0x070c  WinDefend - ok
19:37:32.0762 0x070c  WinHttpAutoProxySvc - ok
19:37:32.0793 0x070c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:37:32.0809 0x070c  Winmgmt - ok
19:37:33.0043 0x070c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:37:33.0090 0x070c  WinRM - ok
19:37:33.0152 0x070c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:37:33.0152 0x070c  WinUsb - ok
19:37:33.0230 0x070c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:37:33.0261 0x070c  Wlansvc - ok
19:37:33.0277 0x070c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:37:33.0277 0x070c  WmiAcpi - ok
19:37:33.0308 0x070c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:37:33.0324 0x070c  wmiApSrv - ok
19:37:33.0339 0x070c  WMPNetworkSvc - ok
19:37:33.0355 0x070c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:37:33.0355 0x070c  WPCSvc - ok
19:37:33.0386 0x070c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:37:33.0402 0x070c  WPDBusEnum - ok
19:37:33.0417 0x070c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:37:33.0433 0x070c  ws2ifsl - ok
19:37:33.0433 0x070c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
19:37:33.0448 0x070c  wscsvc - ok
19:37:33.0448 0x070c  WSearch - ok
19:37:33.0698 0x070c  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:37:33.0745 0x070c  wuauserv - ok
19:37:33.0792 0x070c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:37:33.0792 0x070c  WudfPf - ok
19:37:33.0843 0x070c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:37:33.0859 0x070c  WUDFRd - ok
19:37:33.0906 0x070c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:37:33.0906 0x070c  wudfsvc - ok
19:37:33.0968 0x070c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:37:33.0984 0x070c  WwanSvc - ok
19:37:34.0031 0x070c  ================ Scan global ===============================
19:37:34.0062 0x070c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:37:34.0109 0x070c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:37:34.0155 0x070c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:37:34.0187 0x070c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:37:34.0249 0x070c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:37:34.0249 0x070c  [ Global ] - ok
19:37:34.0249 0x070c  ================ Scan MBR ==================================
19:37:34.0265 0x070c  [ 2968C961DB611E2C5DD24F51B6C2F440 ] \Device\Harddisk0\DR0
19:37:35.0247 0x070c  \Device\Harddisk0\DR0 - ok
19:37:35.0247 0x070c  ================ Scan VBR ==================================
19:37:35.0279 0x070c  [ C992B419EAAA3C589F13BCF325DB86EA ] \Device\Harddisk0\DR0\Partition1
19:37:35.0435 0x070c  \Device\Harddisk0\DR0\Partition1 - ok
19:37:35.0466 0x070c  [ 2DC66E5E798D70E63C2FA6A137B1C1E8 ] \Device\Harddisk0\DR0\Partition2
19:37:35.0544 0x070c  \Device\Harddisk0\DR0\Partition2 - ok
19:37:35.0606 0x070c  [ 827D90683C159018F5F5E80BE9535AA0 ] \Device\Harddisk0\DR0\Partition3
19:37:35.0637 0x070c  \Device\Harddisk0\DR0\Partition3 - ok
19:37:35.0637 0x070c  ================ Scan generic autorun ======================
19:37:35.0637 0x070c  NvCplDaemon - ok
19:37:35.0986 0x070c  [ E9D228970356F01DB68E531A0F173FB8, B23032DFEA446CF4D5E75D6CC3F049314EC9EB2D4E9BEB1883D4AC4BC2631A6B ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
19:37:36.0079 0x070c  CanonMyPrinter - ok
19:37:36.0282 0x070c  [ 605BB2B2A2171D3F5748F4919E80E6C7, 4EBAAE4E2122048603D058C83E32C56F64F8FB9E7B9BB2F83E659BFFD7CB12EE ] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe
19:37:36.0329 0x070c  CanonSolutionMenu - ok
19:37:36.0376 0x070c  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
19:37:36.0391 0x070c  hpsysdrv - ok
19:37:36.0485 0x070c  [ 013F05784A4BD193C9CD1817ACC31B6B, 850E8CC4BB942D46CEDAFE6F43B3ECDD5E3DA8DECAD2802A929A9910E02D2842 ] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
19:37:36.0516 0x070c  HP Remote Solution - ok
19:37:36.0610 0x070c  [ E8F915D5140A75ABFF036BBF9D0941AD, CACAF7542A1616C43929435BC71797636A2829595967B255F856A146B63A1B2C ] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
19:37:36.0641 0x070c  NortonOnlineBackupReminder - ok
19:37:36.0672 0x070c  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
19:37:36.0688 0x070c  UpdatePRCShortCut - ok
19:37:36.0734 0x070c  [ BB73B4A6D4A9F1410563D1BA4D53E7CA, 38641DF5215C770B30FEC045D930835CF8DC72F2F6CA30A85AD08B5D6B26AD33 ] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
19:37:36.0750 0x070c  IJNetworkScanUtility - ok
19:37:36.0781 0x070c  [ 85DE9B0E4583AA1E34C1834ED56DD2A6, 8CC92D38B2BFCC44619CE6076AAF16F00DEB665A54F1987ED1596D44A0D8D617 ] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
19:37:36.0797 0x070c  Monitor - ok
19:37:36.0890 0x070c  [ 141049FEDB7E083AB10E5C4D3762EC1B, D85C4DAC22B7DE3E5F4A7EB756D0DB1C1C024BF136A602F481E0C2731FA77934 ] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
19:37:36.0922 0x070c  BYRUA_AGENT - ok
19:37:36.0922 0x070c  ROC_roc_ssl_v12 - ok
19:37:37.0156 0x070c  [ C8F0DCA0E032881B6C4422B502194629, 32996D4C0578FA9A12F3BD205F69E5357A31FBD2C9AC47DA2AB8D77196E587B1 ] C:\Program Files (x86)\AVG\AVG2014\avgui.exe
19:37:37.0358 0x070c  AVG_UI - ok
19:37:37.0483 0x070c  [ 9808FB2DD54BDF03EC605881F71C8D64, 5A10B1FF7048C9746E4E9DDA7D0D9F3C649F5CC3C88F2BDA6E2467F661935DA4 ] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
19:37:37.0546 0x070c  InstaLAN - ok
19:37:37.0608 0x070c  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:37:37.0639 0x070c  Adobe ARM - ok
19:37:37.0733 0x070c  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:37:37.0748 0x070c  SunJavaUpdateSched - ok
19:37:38.0112 0x070c  [ 10FF8B1FFF90B750F74506D2AF77C039, A376297D9F5CD0B4F2F93F2FE46E2BD14A04BE36C28294DEE5A7E0B6B56AA0A8 ] C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe
19:37:38.0253 0x070c  QAppTray - ok
19:37:38.0299 0x070c  [ 4DA2F2DA54A92850F56C0DB712058188, 9FB9BD1D9874DD64A627FFBE7B54B753D5496425BB595A112D0E17601A5E86A0 ] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe
19:37:38.0299 0x070c  Malwarebytes Anti-Malware (cleanup) - ok
19:37:38.0424 0x070c  [ 4ADCFEE16EE9978F06157634669D36FB, 57A3854CB96A6081FAF68BF2335049C20E0BBEB506DBD1F82882DD1908D411FD ] C:\Users\Jason\Documents\OTL.exe
19:37:38.0440 0x070c  OTL - ok
19:37:38.0455 0x070c  {27B5D362-5064-417B-92F6-14F2CD4F9AA1} - ok
19:37:38.0518 0x070c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:37:38.0549 0x070c  Sidebar - ok
19:37:38.0580 0x070c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:37:38.0596 0x070c  mctadmin - ok
19:37:38.0658 0x070c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:37:38.0674 0x070c  Sidebar - ok
19:37:38.0689 0x070c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:37:38.0689 0x070c  mctadmin - ok
19:37:38.0705 0x070c  AVG-Secure-Search-Update_1113a - ok
19:37:38.0721 0x070c  HPADVISOR - ok
19:37:38.0783 0x070c  [ 5D2D3856B417DEA1F0B8847DA0C7AAC3, 6712243D56813D96DFEB8F36CED89BA68FDDB6226BE0E904F3CE9D105A2D0881 ] C:\AdwCleaner\AdwCleaner[S2].txt
19:37:38.0799 0x070c  Report - ok
19:37:38.0799 0x070c  HPADVISOR - ok
19:37:38.0799 0x070c  HPADVISOR - ok
19:37:38.0814 0x070c  Waiting for KSN requests completion. In queue: 74
19:37:39.0818 0x070c  Waiting for KSN requests completion. In queue: 74
19:37:40.0832 0x070c  Waiting for KSN requests completion. In queue: 74
19:37:41.0835 0x070c  Waiting for KSN requests completion. In queue: 74
19:37:42.0880 0x070c  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4592 ), 0x41000 ( enabled : updated )
19:37:42.0880 0x070c  Win FW state via NFP2: enabled
19:37:45.0584 0x070c  ============================================================
19:37:45.0584 0x070c  Scan finished
19:37:45.0584 0x070c  ============================================================
19:37:45.0600 0x00d4  Detected object count: 0
19:37:45.0600 0x00d4  Actual detected object count: 0
19:37:53.0924 0x1a38  Deinitialize success

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-27 19:39:07
-----------------------------
19:39:07.234    OS Version: Windows x64 6.1.7601 Service Pack 1
19:39:07.234    Number of processors: 4 586 0x502
19:39:07.234    ComputerName: JASON-PC  UserName: Rachel
19:39:09.267    Initialize success
19:39:09.360    VM: initialized successfully
19:39:09.397    VM: Amd CPU BiosDisabled
19:39:16.952    VM: supported disk I/O ataport.SYS
19:39:36.709    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
19:39:36.724    Disk 0 Vendor: ST31000528AS HP34 Size: 953869MB BusType: 3
19:39:36.818    Disk 0 MBR read successfully
19:39:36.818    Disk 0 MBR scan
19:39:36.834    Disk 0 unknown MBR code
19:39:36.849    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         2036 MB offset 2048
19:39:36.865    Disk 0 Boot: NTFS     code=1
19:39:36.880    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       940665 MB offset 4176900
19:39:36.912    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        11163 MB offset 1930659840
19:39:36.943    Disk 0 scanning C:\Windows\system32\drivers
19:39:44.805    Service scanning
19:39:58.939    Modules scanning
19:39:58.954    Disk 0 trace - called modules:
19:39:58.970    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:39:58.986    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800738e060]
19:39:58.986    3 CLASSPNP.SYS[fffff8800188643f] -> nt!IofCallDriver -> [0xfffffa800668cd10]
19:39:58.986    5 ACPI.sys[fffff88000f2f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0xfffffa80070e3680]
19:39:59.001    Scan finished successfully
19:40:14.102    Disk 0 MBR has been saved successfully to "C:\Users\Jason\Downloads\MBR.dat"
19:40:14.102    The log file has been saved successfully to "C:\Users\Jason\Downloads\aswMBR.txt"



#13 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 AM

Posted 28 June 2014 - 01:07 PM

Hi jgreene6
 
We need to re-run FRST

  • Right click the Program and select "Run As Administrator"

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#14 jgreene6

jgreene6
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 28 June 2014 - 04:15 PM

Here is the latest FRST file log.  I have included the addition.txt file earlier, but included it here also for completeness.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Rachel (administrator) on JASON-PC on 28-06-2014 17:07:29
Running from C:\Users\Jason\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(DisplayLink Corp.) C:\Program Files\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe
() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
(Dropbox, Inc.) C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qustodio) C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Qustodio) C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Canon Inc.) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
(Birch Grove Software, Inc.) C:\Windows\SysWOW64\scthost.exe
(Birch Grove Software, Inc.) C:\Windows\SysWOW64\trmhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Qustodio) C:\Program Files (x86)\Qustodio\qproxy\qengine.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16334368 2009-07-18] (NVIDIA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [BYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QAppTray] => C:\Program Files (x86)\Qustodio\qapp\QAppTray.exe [3944248 2014-05-29] (Qustodio)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [OTL] - "C:\Users\Jason\Documents\OTL.exe" [602112 2014-06-20] (OldTimer Tools)
HKLM-x32\...\Runonce: [{27B5D362-5064-417B-92F6-14F2CD4F9AA1}] - cmd.exe /C start /D "C:\Users\Rachel\AppData\Local\Temp" /B {27B5D362-5064-417B-92F6-14F2CD4F9AA1}.exe -accepteula -accepteulaksn -postboot [X]
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Jason\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=de98da301e8947d08eee41affc913ec0-fccf57b02102fa433d59e589a87507eb5dfe1600 /CMPID=1113a
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {356fa755-4435-11e2-b006-e8f6775d7000} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {58ff605c-ef34-11e2-b9a1-fc7fb293621d} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {619e6b5e-f721-11e3-a41d-98081d279c05} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {dd093b9a-87b1-11e1-bb31-90e6ba75d733} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1000\...\MountPoints2: {dd093bd2-87b1-11e1-bb31-90e6ba75d733} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S2].txt [2920 2014-06-24] ()
HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2904356355-2433456798-2227466943-1003\...\MountPoints2: {356fa755-4435-11e2-b006-e8f6775d7000} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2904356355-2433456798-2227466943-1004\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-2904356355-2433456798-2227466943-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2904356355-2433456798-2227466943-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2904356355-2433456798-2227466943-1005\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-2904356355-2433456798-2227466943-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2904356355-2433456798-2227466943-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2904356355-2433456798-2227466943-1000\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL =
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://owa.eastman.com/InternalSite/WhlCompMgr.cab
DPF: HKLM-x32 {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\qproxy.dll [356688] (Qustodio)
Winsock: Catalog9 02 C:\Windows\SysWOW64\qproxy.dll [356688] (Qustodio)
Winsock: Catalog9 03 C:\Windows\SysWOW64\qproxy.dll [356688] (Qustodio)
Winsock: Catalog9 04 C:\Windows\SysWOW64\qproxy.dll [356688] (Qustodio)
Winsock: Catalog9 15 C:\Windows\SysWOW64\qproxy.dll [356688] (Qustodio)
Winsock: Catalog9-x64 01 C:\Windows\system32\qproxy64.dll [462160] (Qustodio)
Winsock: Catalog9-x64 02 C:\Windows\system32\qproxy64.dll [462160] (Qustodio)
Winsock: Catalog9-x64 03 C:\Windows\system32\qproxy64.dll [462160] (Qustodio)
Winsock: Catalog9-x64 04 C:\Windows\system32\qproxy64.dll [462160] (Qustodio)
Winsock: Catalog9-x64 15 C:\Windows\system32\qproxy64.dll [462160] (Qustodio)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]
CHR Extension: (Google Drive) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]
CHR Extension: (YouTube) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-29]
CHR Extension: (Google Search) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-29]
CHR Extension: (xscBrwse) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpkhcnnfdolacakijijboejhnaniofp [2014-06-19]
CHR Extension: (Google Wallet) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]
CHR Extension: (Gmail) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-29]

==================== Services (Whitelisted) =================

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9663848 2011-04-10] (DisplayLink Corp.)
S3 DMService; C:\Windows\Downloaded Program Files\DM.0\DMService.exe [487312 2011-09-22] (Microsoft Corporation)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
S2 qengine; C:\Program Files (x86)\Qustodio\qproxy\qengine.exe [3884880 2014-05-29] (Qustodio)
R2 qupdate; C:\Program Files (x86)\Qustodio\qapp\QUpdateService.exe [1853240 2014-05-29] (Qustodio)
S2 svctcom; C:\Windows\SysWOW64\svctcom.exe [263808 2014-05-04] (Birch Grove Software, Inc.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2011-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 androidusb; C:\Windows\System32\Drivers\motoandroid.sys [31744 2009-07-10] (Motorola)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [17408 2011-04-10] (http://libusb-win32.sourceforge.net)
R1 qwdf64; C:\Windows\system32\Drivers\qwdf64.sys [29912 2014-05-29] (Qustodio)
R1 qwdr64; C:\Windows\system32\Drivers\qwdr64.sys [45272 2014-05-29] (Qustodio)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetdiag2; C:\Windows\System32\DRIVERS\lgvzandnetdiag264.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36352 2011-10-10] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2011-10-21] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-27 19:52 - 2014-06-27 19:53 - 00000000 ____D () C:\Users\Jason\Documents\old flash drive contents
2014-06-27 19:40 - 2014-06-27 19:40 - 00001912 _____ () C:\Users\Jason\Downloads\aswMBR.txt
2014-06-27 19:40 - 2014-06-27 19:40 - 00000512 _____ () C:\Users\Jason\Downloads\MBR.dat
2014-06-27 19:38 - 2014-06-27 19:38 - 05185536 _____ (AVAST Software) C:\Users\Jason\Downloads\aswMBR.exe
2014-06-25 19:54 - 2014-06-25 19:54 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-25 07:07 - 2014-06-25 07:07 - 00001391 _____ () C:\Users\Jason\Downloads\fixlist.txt
2014-06-24 14:13 - 2014-06-24 14:13 - 00024136 _____ () C:\Users\Jason\Downloads\Addition.txt
2014-06-24 14:11 - 2014-06-28 17:07 - 00020930 _____ () C:\Users\Jason\Downloads\FRST.txt
2014-06-24 14:11 - 2014-06-28 17:07 - 00000000 ____D () C:\FRST
2014-06-24 11:16 - 2014-06-24 11:16 - 02082816 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2014-06-24 11:16 - 2014-06-24 11:16 - 01342659 _____ () C:\Users\Jason\Downloads\AdwCleaner.exe
2014-06-24 11:13 - 2014-06-24 11:13 - 00000236 _____ () C:\Users\Jason\Documents\avg infected file 20140624.txt
2014-06-24 07:08 - 2014-06-24 07:08 - 00000000 ____D () C:\_OTL
2014-06-24 06:58 - 2014-06-24 06:59 - 110501607 _____ () C:\Users\Jason\Downloads\Katy Perry - Hot N Cold.mp4
2014-06-20 17:33 - 2014-06-20 17:33 - 00002366 _____ () C:\Users\Rachel\Documents\bleeping computer forum post 2014 06 20.txt
2014-06-20 12:28 - 2014-06-20 12:28 - 00062526 _____ () C:\Users\Jason\Documents\Extras.Txt
2014-06-20 12:25 - 2014-06-20 12:25 - 00100216 _____ () C:\Users\Jason\Documents\OTL.Txt
2014-06-20 12:07 - 2014-06-20 12:07 - 00602112 _____ (OldTimer Tools) C:\Users\Jason\Documents\OTL.exe
2014-06-20 12:00 - 2014-06-20 12:00 - 00001116 _____ () C:\Users\Rachel\Documents\Attach.txt
2014-06-20 11:59 - 2014-06-20 12:03 - 00001118 _____ () C:\Users\Rachel\Desktop\attach.txt
2014-06-20 11:56 - 2014-06-20 11:56 - 00688992 ____R (Swearware) C:\Users\Jason\Documents\dds.com
2014-06-19 21:24 - 2014-06-19 21:24 - 01333465 _____ () C:\Users\Jason\Documents\AdwCleaner.exe
2014-06-19 21:18 - 2014-06-19 21:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Documents\tdsskiller.exe
2014-06-19 19:57 - 2014-06-19 19:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 19:56 - 2014-06-19 19:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-19 19:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-19 19:54 - 2014-06-19 19:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jason\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Itwoeb
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Indema
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Imzoymow
2014-06-16 13:59 - 2014-06-16 13:59 - 00068609 _____ () C:\Users\Jason\AppData\Local\fiupuwrs
2014-06-13 09:50 - 2014-06-13 09:50 - 00318600 _____ (Dropbox, Inc.) C:\Users\Jason\Desktop\DropboxInstaller.exe
2014-06-12 16:31 - 2014-06-12 16:35 - 00000000 ____D () C:\Users\Jason\Documents\chicago rental movies 2014
2014-06-11 04:42 - 2014-05-29 13:30 - 00045272 _____ (Qustodio) C:\Windows\system32\Drivers\qwdr64.sys
2014-06-11 04:42 - 2014-05-29 13:30 - 00029912 _____ (Qustodio) C:\Windows\system32\Drivers\qwdf64.sys
2014-06-10 23:03 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 23:03 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 23:03 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 23:03 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 23:03 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 23:03 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 23:03 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 23:03 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 23:03 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 23:03 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 23:03 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 23:03 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 23:03 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 23:03 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 23:03 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 23:03 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 23:03 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 23:03 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 23:03 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 23:03 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 23:03 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 23:03 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 23:03 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 23:03 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 23:03 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 23:03 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 23:03 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 23:03 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 23:03 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 23:03 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 23:03 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 23:03 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 23:03 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 23:03 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 23:03 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 23:03 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 23:03 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 23:03 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 23:03 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 23:03 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 23:03 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 23:03 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 23:03 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 23:03 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 23:03 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 23:03 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 23:03 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 23:03 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 23:03 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 23:03 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 23:03 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 23:03 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 23:03 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 23:03 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 23:03 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 23:03 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 23:03 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 23:03 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 23:03 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 23:03 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 23:03 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 23:03 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 23:03 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 23:03 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 23:02 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 23:02 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-09 14:55 - 2014-06-09 14:55 - 00018512 _____ (Birch Grove Software, Inc.) C:\Windows\SysWOW64\Aamff30000.dll
2014-06-01 22:07 - 2014-06-26 11:05 - 00000000 ____D () C:\Users\Jason\Desktop\Summer 14
2014-05-29 20:55 - 2014-06-09 17:27 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

==================== One Month Modified Files and Folders =======

2014-06-28 17:07 - 2014-06-24 14:11 - 00020930 _____ () C:\Users\Jason\Downloads\FRST.txt
2014-06-28 17:07 - 2014-06-24 14:11 - 00000000 ____D () C:\FRST
2014-06-28 16:40 - 2013-07-28 16:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 16:38 - 2014-05-10 14:21 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-28 16:38 - 2014-01-27 20:02 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 09:37 - 2012-11-06 21:29 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-27 20:13 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-27 20:13 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-27 20:12 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 20:07 - 2014-05-03 17:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\DropboxMaster
2014-06-27 20:07 - 2014-01-29 11:57 - 00000000 ____D () C:\Windows\SysWOW64\aamdata
2014-06-27 20:07 - 2013-09-07 06:50 - 00000000 ___RD () C:\Users\Jason\Dropbox
2014-06-27 20:07 - 2013-09-07 06:47 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Dropbox
2014-06-27 20:06 - 2014-01-29 11:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-27 20:06 - 2014-01-27 20:02 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-27 20:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-27 20:05 - 2009-07-14 00:51 - 00070336 _____ () C:\Windows\setupact.log
2014-06-27 19:56 - 2010-01-29 19:45 - 01144863 _____ () C:\Windows\WindowsUpdate.log
2014-06-27 19:53 - 2014-06-27 19:52 - 00000000 ____D () C:\Users\Jason\Documents\old flash drive contents
2014-06-27 19:40 - 2014-06-27 19:40 - 00001912 _____ () C:\Users\Jason\Downloads\aswMBR.txt
2014-06-27 19:40 - 2014-06-27 19:40 - 00000512 _____ () C:\Users\Jason\Downloads\MBR.dat
2014-06-27 19:38 - 2014-06-27 19:38 - 05185536 _____ (AVAST Software) C:\Users\Jason\Downloads\aswMBR.exe
2014-06-26 11:05 - 2014-06-01 22:07 - 00000000 ____D () C:\Users\Jason\Desktop\Summer 14
2014-06-25 19:54 - 2014-06-25 19:54 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-25 09:40 - 2014-01-29 12:22 - 00019272 _____ () C:\Windows\SysWOW64\qengine.ini
2014-06-25 09:40 - 2014-01-29 12:22 - 00002688 _____ () C:\Windows\SysWOW64\qengineOff.ini
2014-06-25 09:40 - 2014-01-29 12:22 - 00002688 _____ () C:\Windows\system32\qengineOff.ini
2014-06-25 07:07 - 2014-06-25 07:07 - 00001391 _____ () C:\Users\Jason\Downloads\fixlist.txt
2014-06-24 14:13 - 2014-06-24 14:13 - 00024136 _____ () C:\Users\Jason\Downloads\Addition.txt
2014-06-24 11:32 - 2009-12-06 08:46 - 00387128 _____ () C:\Windows\PFRO.log
2014-06-24 11:30 - 2014-05-10 14:05 - 00000000 ____D () C:\AdwCleaner
2014-06-24 11:16 - 2014-06-24 11:16 - 02082816 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2014-06-24 11:16 - 2014-06-24 11:16 - 01342659 _____ () C:\Users\Jason\Downloads\AdwCleaner.exe
2014-06-24 11:13 - 2014-06-24 11:13 - 00000236 _____ () C:\Users\Jason\Documents\avg infected file 20140624.txt
2014-06-24 07:08 - 2014-06-24 07:08 - 00000000 ____D () C:\_OTL
2014-06-24 07:00 - 2010-02-03 22:12 - 00000000 ____D () C:\hmb
2014-06-24 06:59 - 2014-06-24 06:58 - 110501607 _____ () C:\Users\Jason\Downloads\Katy Perry - Hot N Cold.mp4
2014-06-22 20:30 - 2013-03-26 17:35 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\vlc
2014-06-20 17:33 - 2014-06-20 17:33 - 00002366 _____ () C:\Users\Rachel\Documents\bleeping computer forum post 2014 06 20.txt
2014-06-20 12:28 - 2014-06-20 12:28 - 00062526 _____ () C:\Users\Jason\Documents\Extras.Txt
2014-06-20 12:25 - 2014-06-20 12:25 - 00100216 _____ () C:\Users\Jason\Documents\OTL.Txt
2014-06-20 12:07 - 2014-06-20 12:07 - 00602112 _____ (OldTimer Tools) C:\Users\Jason\Documents\OTL.exe
2014-06-20 12:03 - 2014-06-20 11:59 - 00001118 _____ () C:\Users\Rachel\Desktop\attach.txt
2014-06-20 12:00 - 2014-06-20 12:00 - 00001116 _____ () C:\Users\Rachel\Documents\Attach.txt
2014-06-20 11:56 - 2014-06-20 11:56 - 00688992 ____R (Swearware) C:\Users\Jason\Documents\dds.com
2014-06-20 11:48 - 2014-01-29 11:39 - 00000000 ____D () C:\Users\Rachel
2014-06-19 21:24 - 2014-06-19 21:24 - 01333465 _____ () C:\Users\Jason\Documents\AdwCleaner.exe
2014-06-19 21:18 - 2014-06-19 21:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jason\Documents\tdsskiller.exe
2014-06-19 19:58 - 2014-06-19 19:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 19:56 - 2014-06-19 19:56 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-06-19 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-19 19:56 - 2014-01-29 11:51 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\Malwarebytes
2014-06-19 19:56 - 2010-10-28 20:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-19 19:55 - 2014-06-19 19:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jason\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-18 16:08 - 2014-06-18 09:39 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Itwoeb
2014-06-18 16:08 - 2014-06-18 09:39 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Indema
2014-06-18 16:08 - 2014-06-18 09:39 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Imzoymow
2014-06-18 15:49 - 2013-09-22 19:35 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-18 09:41 - 2014-04-09 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-18 09:41 - 2013-09-22 19:37 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-16 19:32 - 2014-01-27 20:02 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-16 19:32 - 2014-01-27 20:02 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-16 16:21 - 2013-07-28 16:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-16 16:21 - 2012-11-06 19:57 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-16 16:21 - 2011-07-06 21:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-16 13:59 - 2014-06-16 13:59 - 00068609 _____ () C:\Users\Jason\AppData\Local\fiupuwrs
2014-06-15 18:05 - 2010-06-01 21:22 - 00000000 ____D () C:\Users\Jason\Desktop\photos from rachel vx8500 phone
2014-06-13 09:56 - 2014-01-29 11:39 - 00000632 __RSH () C:\Users\Rachel\ntuser.pol
2014-06-13 09:50 - 2014-06-13 09:50 - 00318600 _____ (Dropbox, Inc.) C:\Users\Jason\Desktop\DropboxInstaller.exe
2014-06-12 16:35 - 2014-06-12 16:31 - 00000000 ____D () C:\Users\Jason\Documents\chicago rental movies 2014
2014-06-11 19:34 - 2014-01-27 20:02 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 03:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:01 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 20:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-09 17:27 - 2014-05-29 20:55 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-09 17:26 - 2014-01-29 12:22 - 00000000 ____D () C:\Program Files (x86)\Qustodio
2014-06-09 14:55 - 2014-06-09 14:55 - 00018512 _____ (Birch Grove Software, Inc.) C:\Windows\SysWOW64\Aamff30000.dll
2014-06-08 05:13 - 2014-06-10 23:02 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-10 23:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-31 10:00 - 2010-01-29 20:35 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-05-30 08:28 - 2014-03-03 12:19 - 00000000 ____D () C:\Users\Jason\Documents\CVs
2014-05-30 06:21 - 2014-06-10 23:03 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-10 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-10 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-10 23:03 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-10 23:03 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-10 23:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-10 23:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-10 23:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-10 23:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-10 23:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-10 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:21 - 2014-06-10 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:20 - 2014-06-10 23:03 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-10 23:03 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-10 23:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-10 23:03 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-10 23:03 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-10 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-10 23:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-10 23:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-10 23:03 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-10 23:03 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-10 23:03 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-10 23:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-10 23:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-10 23:03 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-10 23:03 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-10 23:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-10 23:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-10 23:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-10 23:03 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-10 23:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-10 23:03 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-10 23:03 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-10 23:03 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-10 23:03 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-10 23:03 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-10 23:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-10 23:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-10 23:03 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-10 23:03 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-10 23:03 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-10 23:03 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-10 23:03 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-10 23:03 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-10 23:03 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-10 23:03 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-10 23:03 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-10 23:03 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-10 23:03 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-10 23:03 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-10 23:03 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 20:53 - 2013-09-07 06:50 - 00000981 _____ () C:\Users\Jason\Desktop\Dropbox.lnk
2014-05-29 20:53 - 2013-09-07 06:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-29 13:32 - 2014-01-29 12:23 - 00462160 _____ (Qustodio) C:\Windows\system32\qproxy64.dll
2014-05-29 13:32 - 2014-01-29 12:23 - 00356688 _____ (Qustodio) C:\Windows\SysWOW64\qproxy.dll
2014-05-29 13:30 - 2014-06-11 04:42 - 00045272 _____ (Qustodio) C:\Windows\system32\Drivers\qwdr64.sys
2014-05-29 13:30 - 2014-06-11 04:42 - 00029912 _____ (Qustodio) C:\Windows\system32\Drivers\qwdf64.sys

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2904356355-2433456798-2227466943-1000\$6da677bdffd216b1e2281035260519bc

Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpasb9qd.dll
C:\Users\Rachel\AppData\Local\Temp\Quarantine.exe
C:\Users\Rachel\AppData\Local\Temp\{27B5D362-5064-417B-92F6-14F2CD4F9AA1}.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-28 00:13

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by Jason at 2014-06-24 14:13:46
Running from C:\Users\Jason\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
ActivTrak Agent v3.5.4 (x32 Version: 3.5.4.0 - Birch Grove Software, Inc.) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3972 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Avidemux 2.5 (32-bit) (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.6.7716 - )
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
BIMP Lite 1.62 (HKLM-x32\...\BIMPLite) (Version:  - )
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM-x32\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Canon MX350 series User Registration (HKLM-x32\...\Canon MX350 series User Registration) (Version:  - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.3.0.11 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Digital Photo Professional 2.1 (HKLM-x32\...\DPP) (Version: 2.1.1.4 - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.3.17 - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.6.0.27 - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{29E6A126-BB06-41CF-B12D-E6A56261328D}) (Version: 5.6.31854.0 - DisplayLink Corp.)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 3.1.4.1125 - Foxit Software Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP PSC 1100/1200/1300 series Cartridge Compatibility Utility (HKLM-x32\...\HP PSC Cartridge Compatibility Utility) (Version:  - )
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Remote Solution (x32 Version: 1.1.9.0 - TopSeed) Hidden
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
ImageJ 1.42q (HKLM-x32\...\ImageJ_is1) (Version:  - NIH)
ISI ResearchSoft - Export Helper (HKLM-x32\...\ISI ResearchSoft - Export Helper) (Version:  - )
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kensington Display Adapter (HKLM\...\{03628D03-BED8-4282-9411-6F9F03B2C83E}) (Version: 5.2.22663.0 - Kensington Computer Products Group)
Kensington Universal Multi-Display Adapter (HKLM\...\Kensington Universal Multi-Display Adapter) (Version: 5.2 - )
K-Lite Codec Pack 5.8.3 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.8.3 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 3.2.19.13664 - LeapFrog)
LeapFrog Connect (x32 Version: 3.2.19.13664 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 3.2.22.13714 - LeapFrog) Hidden
LG Verizon United Drivers (HKLM-x32\...\{C6A4A9B1-D8AC-46E4-B143-72FE9B8173A3}) (Version: 2.5.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version:  - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Motorola Driver Installation 4.6.0 (HKLM\...\{37DEBC1E-0A1F-448A-8DDD-A2FF4B1578EB}) (Version: 4.6.0 - Motorola Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM-x32\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
Qustodio (HKLM-x32\...\Qustodio) (Version: 150.4.1598.0 - Qustodio)
Qustodio (x32 Version: 150.4.1598.0 - Qustodio) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Reference Manager 11.0.1 (HKLM-x32\...\{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}) (Version: 11.0.1709 - Thomson ResearchSoft)
RSDLite (HKLM-x32\...\{3F470FED-77A1-4545-BF6E-AF687FF0B42D}) (Version: 4.6 - Motorola)
Torch (HKCU\...\Torch) (Version: 2.0.0.1614 - Torch Media Inc.) <==== ATTENTION
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1434 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0347 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0152 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0126 - Intuit Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-06-24 11:03 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => ?

==================== Loaded Modules (whitelisted) =============

2009-11-06 18:36 - 2009-11-06 18:36 - 02469888 _____ () C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
2009-05-26 04:36 - 2009-05-26 04:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Jason\Documents\DSC02388.JPG:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Jason\Documents\DSC02388.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\qengine => ""="service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2014 11:32:52 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (06/24/2014 11:08:03 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (06/24/2014 10:42:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19d8

Start Time: 01cf8f9d039c15c0

Termination Time: 125

Application Path: C:\Users\Jason\Documents\OTL.exe

Report Id:

Error: (06/24/2014 07:10:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 100c

Start Time: 01cf8f9c74fb6f78

Termination Time: 0

Application Path: C:\Users\Jason\Documents\OTL.exe

Report Id:

Error: (06/22/2014 08:49:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x11b0
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (06/21/2014 08:51:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x1fd8
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (06/20/2014 09:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x2870
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

Error: (06/20/2014 11:44:26 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (06/20/2014 08:16:22 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

Error: (06/19/2014 09:42:19 PM) (Source: uagqecsvc) (EventID: 16) (User: )
Description: The Microsoft Forefront UAG Quarantine Enforcement Client component cannot retrieve the status of the Network Access Protection (NAP) Agent service.
System error 1115: A system shutdown is in progress. (0x45b).
When the Microsoft Forefront UAG Quarantine Enforcement Client component starts, it attempts to query settings for the NAP agent service.

System errors:
=============
Error: (06/24/2014 11:40:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The qupdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/24/2014 11:39:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The qengine service failed to start due to the following error:
%%1053

Error: (06/24/2014 11:39:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the qengine service to connect.

Error: (06/24/2014 11:38:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The qengine service failed to start due to the following error:
%%1053

Error: (06/24/2014 11:38:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the qengine service to connect.

Error: (06/24/2014 11:38:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The qengine service failed to start due to the following error:
%%1053

Error: (06/24/2014 11:38:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the qengine service to connect.

Error: (06/24/2014 11:37:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The qengine service failed to start due to the following error:
%%1053

Error: (06/24/2014 11:37:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the qengine service to connect.

Error: (06/24/2014 11:37:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The qengine service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (06/24/2014 11:32:52 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x88980406

Error: (06/24/2014 11:08:03 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x88980406

Error: (06/24/2014 10:42:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.019d801cf8f9d039c15c0125C:\Users\Jason\Documents\OTL.exe

Error: (06/24/2014 07:10:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0100c01cf8f9c74fb6f780C:\Users\Jason\Documents\OTL.exe

Error: (06/22/2014 08:49:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e011b001cf8e72dcdf9590C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll3fa78070-fa70-11e3-b5a6-bccd9e391d96

Error: (06/21/2014 08:51:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e01fd801cf8da9b27642f0C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll6164de70-f9a7-11e3-b5a6-bccd9e391d96

Error: (06/20/2014 09:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e0287001cf8ce088248f30C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll863dc80c-f8e6-11e3-b5a6-bccd9e391d96

Error: (06/20/2014 11:44:26 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x88980406

Error: (06/20/2014 08:16:22 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x88980406

Error: (06/19/2014 09:42:19 PM) (Source: uagqecsvc) (EventID: 16) (User: )
Description: 1115A system shutdown is in progress. (0x45b)

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 7935.24 MB
Available physical RAM: 3543.84 MB
Total Pagefile: 15870.48 MB
Available Pagefile: 8607.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.62 GB) (Free:465.34 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:1.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:43 AM

Posted 29 June 2014 - 03:20 AM

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

start
HKLM-x32\...\Runonce: [{27B5D362-5064-417B-92F6-14F2CD4F9AA1}] - cmd.exe /C start /D "C:\Users\Rachel\AppData\Local\Temp" /B {27B5D362-5064-417B-92F6-14F2CD4F9AA1}.exe -accepteula -accepteulaksn -postboot [X]
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rachel\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2904356355-2433456798-2227466943-1000\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {44D54988-DF36-4BA7-9B3F-4A4A0354D0CD} URL =
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
C:\$Recycle.Bin\S-1-5-21-2904356355-2433456798-2227466943-1000\$6da677bdffd216b1e2281035260519bc
AlternateDataStreams: C:\Users\Jason\Documents\DSC02388.JPG:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\Users\Jason\Documents\DSC02388.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Itwoeb
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Indema
2014-06-18 09:39 - 2014-06-18 16:08 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Imzoymow
2014-06-16 13:59 - 2014-06-16 13:59 - 00068609 _____ () C:\Users\Jason\AppData\Local\fiupuwrs
C:\Users\Rachel\AppData\Local\Temp\Quarantine.exe
C:\Users\Rachel\AppData\Local\Temp\{27B5D362-5064-417B-92F6-14F2CD4F9AA1}.exe
CMD: Net Start
end

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Right Click FRST64 and Select Run as Administrator. When FRST open's Select Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users