Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with a rootkit


  • This topic is locked This topic is locked
9 replies to this topic

#1 danleuthner

danleuthner

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 19 July 2014 - 01:39 AM

I was told to post here have posting on the "so you think you have a virus" forum.

 

My attach and dds files are attached.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 danleuthner

danleuthner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 19 July 2014 - 06:55 AM

Here is the attached output...

Can someone look at this?

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/29/2010 8:29:09 AM
System Uptime: 7/19/2014 12:58:25 AM (1 hours ago)
.
Motherboard: BIOSTAR Group |  | TA785G3
Processor: AMD Athlon™ II X2 245 Processor | CPU 1 | 2900/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 357.215 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP266: 7/10/2014 9:52:30 AM - Windows Update
RP267: 7/10/2014 5:26:27 PM - Installed Cisco AnyConnect Secure Mobility Client
RP268: 7/12/2014 11:54:54 AM - Installed Cisco AnyConnect Secure Mobility Client
RP269: 7/13/2014 11:46:13 PM - Windows Update
RP270: 7/17/2014 5:03:48 PM - Windows Update
RP271: 7/18/2014 1:19:02 PM - Windows Update
RP272: 7/18/2014 5:17:49 PM - Removed Techliveconnect - Give Your PC Some TLC.
RP273: 7/18/2014 11:44:39 PM - Norton_Power_Eraser_20140718234436269
RP274: 7/18/2014 11:57:37 PM - Windows Update
RP275: 7/19/2014 12:12:25 AM - Windows Update
RP276: 7/19/2014 12:24:05 AM - Windows Update
RP277: 7/19/2014 12:47:04 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 11.5
AMD Drag and Drop Transcoding
AMD Fuel
ANT Drivers Installer x64
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Stream SDK v2 Developer
ATT-RC Self Support Tool
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility64
CCC Help English
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
Driver Support
Elevated Installer
Extended Update
Garmin Express
Garmin Express Tray
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
HiJackThis
iTunes
Java 7 Update 60
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.2.1012
McAfee Online Backup
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Excel Viewer
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
NOOK for PC
Octoshape add-in for Adobe Flash Player
Picasa 3
QuickTime 7
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Shared C Run-time for x64
The Lord of the Rings FREE Trial
WD SmartWare
WeatherBug®
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
Yahoo Toolbar
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
7/19/2014 12:59:34 AM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
7/19/2014 1:07:09 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
7/18/2014 9:31:46 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/18/2014 9:31:44 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/18/2014 9:31:28 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
7/18/2014 9:31:15 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
7/18/2014 8:44:22 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.
7/18/2014 5:26:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.179.431.0).
7/18/2014 5:26:27 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: Liz-PC\Liz   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 5:26:24 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: Liz-PC\Liz   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 5:26:23 PM, Error: Service Control Manager [7003]  - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
7/18/2014 5:26:23 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
7/18/2014 5:26:23 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: Liz-PC\Liz   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 5:25:37 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.179.431.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10802.0   Error code: 0x80070643   Error description: Fatal error during installation.
7/18/2014 5:25:33 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 5:25:33 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 4:41:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.179.425.0).
7/18/2014 4:38:19 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: Liz-PC\Liz   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 4:38:16 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: Liz-PC\Liz   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 4:38:16 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: Liz-PC\Liz   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 4:37:43 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.179.425.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10802.0   Error code: 0x80070643   Error description: Fatal error during installation.
7/18/2014 4:37:37 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 4:37:37 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 4:26:01 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
7/18/2014 4:26:01 PM, Error: Service Control Manager [7000]  - The Garmin Core Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/18/2014 12:42:00 PM, Error: Service Control Manager [7031]  - The RPC Endpoint Mapper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/18/2014 12:42:00 PM, Error: Service Control Manager [7031]  - The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
7/18/2014 11:38:26 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
7/18/2014 11:36:54 PM, Error: Service Control Manager [7030]  - The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/18/2014 11:00:17 PM, Error: Service Control Manager [7001]  - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:  The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.
7/18/2014 11:00:17 PM, Error: Service Control Manager [7000]  - The Base Filtering Engine service failed to start due to the following error:  The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.
7/18/2014 11:00:12 PM, Error: Service Control Manager [7000]  - The Security Center service failed to start due to the following error:  A required privilege is not held by the client.
7/18/2014 11:00:11 PM, Error: Service Control Manager [7001]  - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:  The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.
7/18/2014 11:00:07 PM, Error: Service Control Manager [7001]  - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:  The service start failed since one or more services in the same process have an incompatible service SID type setting. A service with restricted service SID type can only coexist in the same process with other services with a restricted SID type. If the service SID type for this service was just configured, the hosting process must be restarted in order to start this service.
7/18/2014 1:21:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.179.420.0).
7/18/2014 1:21:09 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 1:21:05 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\NETWORK SERVICE   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 1:21:05 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 1:21:00 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.179.420.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10802.0   Error code: 0x80070643   Error description: Fatal error during installation.
7/18/2014 1:20:56 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 1:20:56 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/18/2014 1:07:37 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Engine service to connect.
7/18/2014 1:07:37 PM, Error: Service Control Manager [7000]  - The WD File Management Engine service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/17/2014 5:06:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.179.336.0).
7/17/2014 5:05:46 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/17/2014 5:05:43 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\NETWORK SERVICE   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/17/2014 5:05:43 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/17/2014 5:05:37 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.179.336.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10802.0   Error code: 0x80070643   Error description: Fatal error during installation.
7/17/2014 5:05:30 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/17/2014 5:05:30 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/16/2014 12:51:08 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/16/2014 12:51:04 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\NETWORK SERVICE   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/16/2014 12:51:04 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/16/2014 12:50:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.179.200.0).
7/16/2014 12:49:56 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.179.200.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10802.0   Error code: 0x80070643   Error description: Fatal error during installation.
7/16/2014 12:49:52 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/16/2014 12:49:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/15/2014 12:27:56 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/15/2014 12:27:52 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\NETWORK SERVICE   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/15/2014 12:27:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/15/2014 12:27:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.179.95.0).
7/15/2014 12:27:12 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.179.95.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10802.0   Error code: 0x80070643   Error description: Fatal error during installation.
7/15/2014 12:27:07 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/15/2014 12:27:07 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/14/2014 12:18:08 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDFME service.
7/14/2014 10:06:59 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/14/2014 10:06:55 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\NETWORK SERVICE   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/14/2014 10:06:55 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/14/2014 10:06:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.177.2448.0).
7/14/2014 10:05:55 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.177.2376.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10701.0   Error code: 0x80070643   Error description: Fatal error during installation.
7/14/2014 10:05:47 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/14/2014 10:05:47 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/13/2014 11:46:45 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.177.2376.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10701.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/12/2014 9:19:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.177.2376.0).
7/12/2014 9:19:04 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Malware Protection Center   Update Stage: Install   Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094   Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/12/2014 9:19:01 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\NETWORK SERVICE   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/12/2014 9:19:01 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\NETWORK SERVICE   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/12/2014 9:18:56 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.177.2376.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10701.0   Error code: 0x80070643   Error description: Fatal error during installation.
7/12/2014 9:18:52 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.   New Engine Version:    Previous Engine Version:    Engine Type: Network Inspection System   User: NT AUTHORITY\SYSTEM   Error Code: 0x8007042c   Error description: The dependency service or group failed to start.
7/12/2014 9:18:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: Network Inspection System   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version:    Error code: 0x8007042c   Error description: The dependency service or group failed to start.
7/12/2014 2:35:40 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
7/12/2014 11:55:40 AM, Error: Service Control Manager [7000]  - The acsock service failed to start due to the following error:  A device attached to the system is not functioning.
7/12/2014 11:36:17 AM, Error: Microsoft-Windows-RasSstp [2]  - CoId={1F052F93-24AA-4083-81F7-0F599B3ED20A}:The initial Secure Socket Tunneling Protocol (SSTP) response could not be received. There might be intermittent network connectivity issues or the server might not be accepting SSTP connections. The detailed error message is provided below. Correct the problem and try again.  The specified server cannot perform the requested operation.
7/12/2014 11:07:33 AM, Error: Microsoft-Windows-RasSstp [2]  - CoId={2D322513-9C17-40BC-B089-5217AA34134D}:The initial Secure Socket Tunneling Protocol (SSTP) response could not be received. There might be intermittent network connectivity issues or the server might not be accepting SSTP connections. The detailed error message is provided below. Correct the problem and try again.  The specified server cannot perform the requested operation.
7/12/2014 11:06:28 AM, Error: Microsoft-Windows-RasSstp [2]  - CoId={EE42C42F-75E4-4416-953F-EE98E7B26670}:The initial Secure Socket Tunneling Protocol (SSTP) response could not be received. There might be intermittent network connectivity issues or the server might not be accepting SSTP connections. The detailed error message is provided below. Correct the problem and try again.  The specified server cannot perform the requested operation.
7/12/2014 11:05:23 AM, Error: Microsoft-Windows-RasSstp [2]  - CoId={DD1EC08F-E787-46A6-97D9-B57643356864}:The initial Secure Socket Tunneling Protocol (SSTP) response could not be received. There might be intermittent network connectivity issues or the server might not be accepting SSTP connections. The detailed error message is provided below. Correct the problem and try again.  The specified server cannot perform the requested operation.
7/12/2014 11:03:29 AM, Error: Microsoft-Windows-RasSstp [2]  - CoId={82E8E614-4B98-45FD-9B14-F2FE0CD164A4}:The initial Secure Socket Tunneling Protocol (SSTP) response could not be received. There might be intermittent network connectivity issues or the server might not be accepting SSTP connections. The detailed error message is provided below. Correct the problem and try again.  The specified server cannot perform the requested operation.
.
==== End Of File ===========================



#3 danleuthner

danleuthner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 19 July 2014 - 03:40 PM

Here is the stuff from the original posts on the "I think I have a virus" forum.

http://www.bleepingcomputer.com/forums/t/541516/windows-7-pro-will-not-update-highjackthis-log-will-not-autosave/

dan



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 AM

Posted 21 July 2014 - 09:16 AM

Hello and Welcome on board danleuthner,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 danleuthner

danleuthner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 21 July 2014 - 06:52 PM

Machiavelli,

Hey thanks for you help and time!

 

I think that the primary bug is gone, as the computer is running much better, but I believe there is some residual damage to the OS... highjackthis is unable to modify any objects, that is to say I select something to fix and nothing happens. I even tried to removed some of the items directly with regedit and they were not removed.

 

here are the logs, and thanks again...

 

danleuthner

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Liz (administrator) on LIZ-PC on 21-07-2014 18:45:56
Running from C:\Users\Liz\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Garmin Ltd or its subsidiaries) C:\Users\Liz\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-99505543-3047984818-3348261478-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-29] (Google Inc.)
HKU\S-1-5-21-99505543-3047984818-3348261478-1001\...\MountPoints2: {d496bc7b-ee8d-11df-8784-0030673e3149} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-99505543-3047984818-3348261478-1001\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Liz\AppData\Local\{0c16864b-7fbc-0538-1887-4447e3a26024}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-21-99505543-3047984818-3348261478-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Liz\AppData\Local\Temp\sbnxren\stqhpws\wow64.dll ATTENTION! ====> ZeroAccess?
ShellIconOverlayIdentifiers: MOBK -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK2 -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK3 -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x31071C0B4927CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com/?fr=fp-yie11
SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-dlink-chromesbox-en-us
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm025^YYA^us&si=250652_new-maps-ADDD&ptb=3A3EC835-0FE5-4ABB-B108-F0107D028C74&ind=2013122015&n=77fdcddf&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {3E9CAAE8-24BA-48C3-B4AD-468D4D859F21} URL = https://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {6CBC9F93-7D01-4E00-8AB0-EA8D2176A93E} URL = https://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {938A995A-E145-4AE1-A585-57E054A116D9} URL = https://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\r7hfwh59.default
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll No File
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Liz\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF user.js: detected! => C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\r7hfwh59.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\r7hfwh59.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-19]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Drive) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Google Search) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (RealDownloader) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-01-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-15] (APN LLC.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 Garmin Core Update Service; C:\Users\Liz\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-10-27] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-10-22] (Alcatel-Lucent) [File not signed]
S4 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130560 2010-07-29] (WDC) [File not signed]
S4 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [952832 2010-07-29] () [File not signed]
S4 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484864 2010-07-29] () [File not signed]
S4 MapsGalaxy_39Service; C:\PROGRA~2\MapsGalaxy_39\bar\1.bin\39barsvc.exe [X]

==================== Drivers (Whitelisted) ====================

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S4 6e4b6febc8ac462c; \SystemRoot\System32\Drivers\6e4b6febc8ac462c.sys [X]
S3 cpuz137; \??\C:\Users\Liz\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
U4 Messenger;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-21 18:45 - 2014-07-21 18:46 - 00019037 _____ () C:\Users\Liz\Desktop\FRST.txt
2014-07-21 18:45 - 2014-07-21 18:45 - 00000000 ____D () C:\FRST
2014-07-21 18:44 - 2014-07-21 18:44 - 02090496 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe
2014-07-21 09:11 - 2014-07-21 09:11 - 00049124 _____ () C:\Users\Liz\Desktop\Extras.Txt
2014-07-21 09:10 - 2014-07-21 18:36 - 00119638 _____ () C:\Users\Liz\Desktop\OTL.Txt
2014-07-21 07:56 - 2014-07-21 07:56 - 00602112 _____ (OldTimer Tools) C:\Users\Liz\Desktop\OTL.exe
2014-07-21 07:56 - 2014-07-21 07:56 - 00448512 _____ (OldTimer Tools) C:\Users\Liz\Desktop\TFC.exe
2014-07-21 07:43 - 2014-07-21 07:43 - 00080384 _____ () C:\Users\Liz\Desktop\MBRCheck.exe
2014-07-21 07:43 - 2014-07-21 07:43 - 00014757 _____ () C:\Users\Liz\Desktop\MBRCheck_07.21.14_07.43.32.txt
2014-07-21 06:24 - 2014-07-21 06:45 - 00010509 _____ () C:\Users\Liz\Desktop\hijackthis.log
2014-07-21 06:12 - 2014-07-21 08:49 - 00000000 ____D () C:\Users\Liz\Desktop\backups
2014-07-21 06:12 - 2014-07-21 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Liz\Desktop\HijackThis.exe
2014-07-20 01:39 - 2014-07-20 01:39 - 00000000 __SHD () C:\Users\Liz\AppData\Local\EmieUserList
2014-07-20 01:39 - 2014-07-20 01:39 - 00000000 __SHD () C:\Users\Liz\AppData\Local\EmieSiteList
2014-07-20 01:37 - 2014-07-20 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 01:37 - 2014-07-20 01:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-20 01:37 - 2014-07-20 01:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-20 01:37 - 2014-07-20 01:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-20 01:37 - 2014-07-20 01:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 01:36 - 2014-07-20 01:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-20 01:33 - 2014-07-20 01:33 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\Oracle
2014-07-20 01:28 - 2014-07-20 01:28 - 00000000 ___HD () C:\Users\Liz\AppData\Local\CrashDumps
2014-07-20 01:12 - 2014-07-20 01:13 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-20 01:06 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 01:06 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 01:06 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 01:06 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 01:06 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 01:06 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 01:06 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 01:06 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 01:06 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 01:06 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 01:06 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 01:06 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 01:06 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 01:06 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 01:06 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 01:06 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 01:06 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 01:06 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 01:06 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 01:06 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 01:06 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 01:06 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 01:06 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 01:06 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 01:06 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 01:06 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 01:06 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 01:06 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 01:06 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 01:06 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 01:06 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 01:06 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 01:06 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 01:06 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 01:06 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 01:06 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 01:06 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 01:06 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 01:06 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 01:06 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 01:06 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 01:06 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 01:06 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 01:06 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 01:06 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 01:06 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 01:06 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 01:06 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 01:06 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 01:06 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 01:06 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 01:06 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 01:06 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 01:06 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 01:06 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 01:06 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-20 00:53 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-20 00:53 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-20 00:53 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-20 00:53 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-19 07:08 - 2014-07-19 07:08 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-07-19 07:08 - 2014-07-19 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-07-19 07:08 - 2014-07-19 07:08 - 00000000 ____D () C:\Program Files\CPUID
2014-07-19 07:05 - 2014-07-19 07:08 - 01500512 _____ ( ) C:\Users\Liz\Downloads\cpu-z_1.70-setup-en.exe
2014-07-19 01:33 - 2014-07-19 01:33 - 00039495 _____ () C:\Users\Liz\Desktop\attach.txt
2014-07-19 01:33 - 2014-07-19 01:33 - 00022052 _____ () C:\Users\Liz\Desktop\dds.txt
2014-07-19 01:29 - 2014-07-21 08:39 - 00007618 ____H () C:\Users\Liz\AppData\Local\resmon.resmoncfg
2014-07-19 01:18 - 2014-07-19 01:17 - 00688992 ____R (Swearware) C:\Users\Liz\Desktop\dds.com
2014-07-19 01:17 - 2014-07-19 01:17 - 00688992 _____ (Swearware) C:\Users\Liz\Downloads\dds.com
2014-07-19 00:54 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-19 00:54 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-19 00:54 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-19 00:54 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-19 00:54 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-19 00:54 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-19 00:54 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-19 00:54 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-19 00:54 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-19 00:54 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-19 00:54 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-19 00:54 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-19 00:54 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-19 00:54 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-19 00:54 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-19 00:54 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-19 00:52 - 2014-07-19 00:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-19 00:52 - 2014-07-19 00:52 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-19 00:52 - 2014-07-19 00:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-19 00:52 - 2014-07-19 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-19 00:52 - 2014-07-19 00:52 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-19 00:52 - 2014-07-19 00:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-19 00:51 - 2014-07-19 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-19 00:48 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-07-19 00:48 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-07-19 00:48 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-07-19 00:48 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-07-19 00:46 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-19 00:46 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-19 00:42 - 2014-07-19 00:42 - 00099258 _____ () C:\Users\Liz\Desktop\kskiller.txt
2014-07-19 00:35 - 2014-07-19 00:39 - 00002606 _____ () C:\Users\Liz\Desktop\Rkill.txt
2014-07-19 00:34 - 2014-07-19 00:34 - 00001004 _____ () C:\Users\Liz\Desktop\checkup.txt
2014-07-19 00:24 - 2014-07-19 00:24 - 04161313 _____ () C:\Users\Liz\Downloads\tdsskiller.zip
2014-07-19 00:23 - 2014-07-19 00:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Liz\Downloads\rkill.exe
2014-07-19 00:23 - 2014-07-19 00:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Liz\Desktop\rkill.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00854390 _____ () C:\Users\Liz\Downloads\SecurityCheck.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00854390 _____ () C:\Users\Liz\Desktop\SecurityCheck.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00001075 _____ () C:\Users\Liz\Desktop\SecurityCheck - Shortcut.lnk
2014-07-19 00:11 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-19 00:11 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-19 00:11 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-19 00:11 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-19 00:11 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-19 00:11 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-19 00:11 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-19 00:11 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-19 00:11 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-19 00:11 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-07-19 00:11 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-07-19 00:03 - 2014-07-19 00:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-18 23:57 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-18 23:57 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-07-18 23:57 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-18 23:57 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-18 23:56 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-18 23:56 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-18 23:55 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-18 23:55 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-18 23:55 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-18 23:55 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 23:55 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 23:54 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-18 23:54 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-07-18 23:54 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-07-18 23:54 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-07-18 23:54 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-07-18 23:54 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-07-18 23:54 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-07-18 23:54 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-07-18 23:54 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-07-18 23:54 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-07-18 23:54 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-18 23:54 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-18 23:54 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-07-18 23:54 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-18 23:51 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 23:51 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 23:51 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 23:51 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-07-18 23:51 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-07-18 23:51 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-07-18 23:51 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-07-18 23:51 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-07-18 23:51 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-07-18 23:38 - 2014-07-18 23:38 - 00000000 ____D () C:\NPE
2014-07-18 23:36 - 2014-07-18 23:49 - 00000000 ____D () C:\Users\Liz\AppData\Local\NPE
2014-07-18 23:36 - 2014-07-18 23:36 - 03077584 ____N (Symantec Corporation) C:\Users\Liz\Downloads\NPE.exe
2014-07-18 22:54 - 2014-07-18 23:19 - 00000000 ____D () C:\Users\Liz\Documents\highjack
2014-07-18 22:30 - 2014-07-18 22:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.wu.LB.932917144684029.1.1.Run.exe
2014-07-18 21:58 - 2014-07-18 23:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-18 21:58 - 2014-07-18 22:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 21:58 - 2014-07-18 21:58 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-18 21:58 - 2014-07-18 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-18 21:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-18 21:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-18 21:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-18 21:56 - 2014-07-18 21:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-18 17:24 - 2014-07-18 17:24 - 00002133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-18 17:24 - 2014-07-18 17:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-18 13:14 - 2014-07-18 13:15 - 00000000 ____D () C:\Users\Liz\AppData\Local\{17B77BE0-6430-46F9-A25B-C0C10B6442C0}
2014-07-17 18:28 - 2014-07-17 18:28 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810 (2).epub
2014-07-17 18:28 - 2014-07-17 18:28 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810 (1).epub
2014-07-17 18:27 - 2014-07-17 18:27 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810.epub
2014-07-17 18:26 - 2014-07-17 18:26 - 00001812 _____ () C:\Users\Liz\Downloads\NovellaCollection.acsm
2014-07-16 15:04 - 2014-07-16 15:04 - 00001773 _____ () C:\Users\Liz\Downloads\DutifulWife9781101589694 (1).acsm
2014-07-16 15:04 - 2014-07-16 15:04 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096 (2).acsm
2014-07-13 23:46 - 2014-07-13 23:46 - 00000000 ____D () C:\6712e7574110043240cca5ddce760930
2014-07-12 14:34 - 2014-07-12 14:34 - 00001773 _____ () C:\Users\Liz\Downloads\DutifulWife9781101589694.acsm
2014-07-12 11:55 - 2013-12-12 17:14 - 00112496 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys
2014-07-12 11:54 - 2014-07-12 11:56 - 00000022 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi(2).zip
2014-07-12 11:21 - 2014-07-12 11:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WindowsFirewall.RNP.132861227893302.8.1.Run.exe
2014-07-11 09:57 - 2014-07-11 09:57 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096 (1).acsm
2014-07-11 09:36 - 2014-07-11 09:36 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096.acsm
2014-07-10 17:25 - 2014-07-10 17:25 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi (2).zip
2014-07-10 17:25 - 2014-07-10 17:25 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi (1).zip
2014-07-10 12:38 - 2014-07-19 00:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Liz\Desktop\TDSSKiller.exe
2014-07-10 09:19 - 2014-07-10 09:19 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi(1).zip
2014-07-10 09:14 - 2014-07-10 09:14 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi.zip
2014-07-10 09:10 - 2014-07-10 09:10 - 00000000 ___HD () C:\Users\Liz\AppData\Local\Adobe
2014-07-09 12:23 - 2014-07-09 12:23 - 00001784 _____ () C:\Users\Liz\Downloads\LadyFolbrokesDeliciousDeception9781459223318.acsm
2014-07-08 20:38 - 2014-07-08 20:38 - 00001773 _____ () C:\Users\Liz\Downloads\ItalianDoctorsWife9781426878817.acsm
2014-07-08 17:50 - 2014-07-08 17:51 - 00001772 _____ () C:\Users\Liz\Downloads\BeautyandtheScarredHero9781426848308.acsm
2014-07-08 13:03 - 2014-07-08 13:03 - 00001579 _____ () C:\Users\Liz\Downloads\StrangeCapers.acsm
2014-07-08 10:32 - 2014-07-08 10:32 - 00001771 _____ () C:\Users\Liz\Downloads\GreekChildrensDoctor9781426802904 (1).acsm
2014-07-07 23:00 - 2014-07-07 23:00 - 00001771 _____ () C:\Users\Liz\Downloads\GreekChildrensDoctor9781426802904.acsm
2014-07-07 15:30 - 2014-07-07 15:30 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (4).acsm
2014-07-07 13:43 - 2014-07-07 13:43 - 00001766 _____ () C:\Users\Liz\Downloads\MissDarbysDuenna.acsm
2014-07-06 14:46 - 2014-07-06 14:46 - 00001773 _____ () C:\Users\Liz\Downloads\DangerousBaronLeighThe.acsm
2014-07-06 14:45 - 2014-07-06 14:45 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (3).acsm
2014-07-06 14:44 - 2014-07-06 14:44 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (2).acsm
2014-07-06 11:42 - 2014-07-06 11:42 - 00001763 _____ () C:\Users\Liz\Downloads\CarouselofHearts.acsm
2014-07-05 12:09 - 2014-07-05 12:09 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (1).acsm
2014-07-03 20:23 - 2014-07-03 20:23 - 00001766 _____ () C:\Users\Liz\Downloads\PerfectKiss9781436284226.acsm
2014-07-03 19:27 - 2014-07-03 19:27 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504.acsm
2014-07-03 14:57 - 2014-07-03 14:57 - 00001764 _____ () C:\Users\Liz\Downloads\ReputableRake9781426861550 (1).acsm
2014-07-03 09:42 - 2014-07-03 09:42 - 00001764 _____ () C:\Users\Liz\Downloads\ReputableRake9781426861550.acsm
2014-07-02 20:24 - 2014-07-02 20:24 - 00001782 _____ () C:\Users\Liz\Downloads\PracticalWidowtoPassionateMistress9781459209473.acsm
2014-07-01 11:11 - 2014-07-01 11:11 - 04940912 _____ () C:\Users\Liz\Downloads\DSCN5295.MOV
2014-06-29 13:37 - 2014-06-29 13:37 - 00001775 _____ () C:\Users\Liz\Downloads\DiamondsofWelbourneManor9781426832703.acsm
2014-06-29 13:37 - 2014-06-29 13:37 - 00001775 _____ () C:\Users\Liz\Downloads\DiamondsofWelbourneManor9781426832703 (1).acsm
2014-06-28 18:22 - 2014-06-28 18:22 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (3).acsm
2014-06-28 18:22 - 2014-06-28 18:22 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (2).acsm
2014-06-28 16:11 - 2014-06-28 16:11 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (1).acsm
2014-06-28 16:10 - 2014-06-28 16:10 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024.acsm
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\ProgramData\APN
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-27 15:12 - 2014-07-20 01:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-23 10:21 - 2014-06-23 10:22 - 00688280 _____ (Yahoo! Inc.) C:\Users\Liz\Downloads\yahoo_firefox_us_wrap_2014.04.14.11.31.31.exe
2014-06-21 09:47 - 2014-06-21 09:47 - 00003552 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-06-21 09:47 - 2014-06-21 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-21 09:47 - 2014-06-21 09:47 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-06-21 08:24 - 2014-06-21 08:24 - 00000000 ____D () C:\Windows\SysWOW64\Garmin

==================== One Month Modified Files and Folders =======

2014-07-21 18:46 - 2014-07-21 18:45 - 00019037 _____ () C:\Users\Liz\Desktop\FRST.txt
2014-07-21 18:45 - 2014-07-21 18:45 - 00000000 ____D () C:\FRST
2014-07-21 18:44 - 2014-07-21 18:44 - 02090496 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe
2014-07-21 18:36 - 2014-07-21 09:10 - 00119638 _____ () C:\Users\Liz\Desktop\OTL.Txt
2014-07-21 18:31 - 2012-05-22 12:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 18:21 - 2010-10-29 20:52 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 14:59 - 2010-10-29 08:29 - 01156429 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 11:11 - 2009-07-13 23:45 - 00017120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 11:11 - 2009-07-13 23:45 - 00017120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 09:11 - 2014-07-21 09:11 - 00049124 _____ () C:\Users\Liz\Desktop\Extras.Txt
2014-07-21 08:49 - 2014-07-21 06:12 - 00000000 ____D () C:\Users\Liz\Desktop\backups
2014-07-21 08:41 - 2010-10-29 20:52 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 08:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 08:41 - 2009-07-13 23:51 - 00432295 _____ () C:\Windows\setupact.log
2014-07-21 08:39 - 2014-07-19 01:29 - 00007618 ____H () C:\Users\Liz\AppData\Local\resmon.resmoncfg
2014-07-21 07:56 - 2014-07-21 07:56 - 00602112 _____ (OldTimer Tools) C:\Users\Liz\Desktop\OTL.exe
2014-07-21 07:56 - 2014-07-21 07:56 - 00448512 _____ (OldTimer Tools) C:\Users\Liz\Desktop\TFC.exe
2014-07-21 07:43 - 2014-07-21 07:43 - 00080384 _____ () C:\Users\Liz\Desktop\MBRCheck.exe
2014-07-21 07:43 - 2014-07-21 07:43 - 00014757 _____ () C:\Users\Liz\Desktop\MBRCheck_07.21.14_07.43.32.txt
2014-07-21 06:45 - 2014-07-21 06:24 - 00010509 _____ () C:\Users\Liz\Desktop\hijackthis.log
2014-07-21 06:19 - 2014-02-08 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-07-21 06:12 - 2014-07-21 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Liz\Desktop\HijackThis.exe
2014-07-20 20:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-20 01:39 - 2014-07-20 01:39 - 00000000 __SHD () C:\Users\Liz\AppData\Local\EmieUserList
2014-07-20 01:39 - 2014-07-20 01:39 - 00000000 __SHD () C:\Users\Liz\AppData\Local\EmieSiteList
2014-07-20 01:39 - 2014-06-27 15:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-20 01:37 - 2014-07-20 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 01:36 - 2014-07-20 01:37 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-20 01:36 - 2014-07-20 01:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-20 01:36 - 2014-07-20 01:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-20 01:36 - 2014-07-20 01:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 01:36 - 2014-07-20 01:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-20 01:33 - 2014-07-20 01:33 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\Oracle
2014-07-20 01:28 - 2014-07-20 01:28 - 00000000 ___HD () C:\Users\Liz\AppData\Local\CrashDumps
2014-07-20 01:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-20 01:13 - 2014-07-20 01:12 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 07:08 - 2014-07-19 07:08 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-07-19 07:08 - 2014-07-19 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-07-19 07:08 - 2014-07-19 07:08 - 00000000 ____D () C:\Program Files\CPUID
2014-07-19 07:08 - 2014-07-19 07:05 - 01500512 _____ ( ) C:\Users\Liz\Downloads\cpu-z_1.70-setup-en.exe
2014-07-19 01:33 - 2014-07-19 01:33 - 00039495 _____ () C:\Users\Liz\Desktop\attach.txt
2014-07-19 01:33 - 2014-07-19 01:33 - 00022052 _____ () C:\Users\Liz\Desktop\dds.txt
2014-07-19 01:17 - 2014-07-19 01:18 - 00688992 ____R (Swearware) C:\Users\Liz\Desktop\dds.com
2014-07-19 01:17 - 2014-07-19 01:17 - 00688992 _____ (Swearware) C:\Users\Liz\Downloads\dds.com
2014-07-19 01:00 - 2014-02-15 08:56 - 00001413 _____ () C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-19 01:00 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-19 00:54 - 2013-11-27 04:01 - 00072734 _____ () C:\Windows\IE11_main.log
2014-07-19 00:52 - 2014-07-19 00:52 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-19 00:52 - 2014-07-19 00:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-19 00:52 - 2014-07-19 00:52 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-19 00:52 - 2014-07-19 00:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-19 00:52 - 2014-07-19 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-19 00:52 - 2014-07-19 00:52 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-19 00:52 - 2014-07-19 00:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-19 00:52 - 2014-07-19 00:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-19 00:42 - 2014-07-19 00:42 - 00099258 _____ () C:\Users\Liz\Desktop\kskiller.txt
2014-07-19 00:39 - 2014-07-19 00:35 - 00002606 _____ () C:\Users\Liz\Desktop\Rkill.txt
2014-07-19 00:34 - 2014-07-19 00:34 - 00001004 _____ () C:\Users\Liz\Desktop\checkup.txt
2014-07-19 00:24 - 2014-07-19 00:24 - 04161313 _____ () C:\Users\Liz\Downloads\tdsskiller.zip
2014-07-19 00:24 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Liz\Desktop\TDSSKiller.exe
2014-07-19 00:23 - 2014-07-19 00:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Liz\Downloads\rkill.exe
2014-07-19 00:23 - 2014-07-19 00:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Liz\Desktop\rkill.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00854390 _____ () C:\Users\Liz\Downloads\SecurityCheck.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00854390 _____ () C:\Users\Liz\Desktop\SecurityCheck.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00001075 _____ () C:\Users\Liz\Desktop\SecurityCheck - Shortcut.lnk
2014-07-19 00:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-19 00:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-19 00:05 - 2009-07-13 23:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-19 00:03 - 2014-07-19 00:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-19 00:03 - 2009-07-14 02:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 23:49 - 2014-07-18 23:36 - 00000000 ____D () C:\Users\Liz\AppData\Local\NPE
2014-07-18 23:46 - 2011-07-01 10:23 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-07-18 23:38 - 2014-07-18 23:38 - 00000000 ____D () C:\NPE
2014-07-18 23:36 - 2014-07-18 23:36 - 03077584 ____N (Symantec Corporation) C:\Users\Liz\Downloads\NPE.exe
2014-07-18 23:36 - 2011-12-11 11:53 - 00000000 ____D () C:\ProgramData\Norton
2014-07-18 23:26 - 2014-04-21 14:35 - 00000072 _____ () C:\Windows\system32\omiop.pte
2014-07-18 23:19 - 2014-07-18 22:54 - 00000000 ____D () C:\Users\Liz\Documents\highjack
2014-07-18 23:15 - 2010-10-29 21:39 - 00444944 _____ () C:\Windows\PFRO.log
2014-07-18 23:01 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-07-18 23:00 - 2014-07-18 21:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-18 22:41 - 2014-07-18 21:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 22:30 - 2014-07-18 22:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.wu.LB.932917144684029.1.1.Run.exe
2014-07-18 21:58 - 2014-07-18 21:58 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-18 21:58 - 2014-07-18 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-18 21:58 - 2010-10-30 08:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 21:57 - 2014-07-18 21:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-18 21:41 - 2012-04-27 12:39 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 17:24 - 2014-07-18 17:24 - 00002133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-18 17:24 - 2014-07-18 17:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-18 17:24 - 2014-02-08 10:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-18 17:24 - 2014-02-08 10:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-18 16:32 - 2014-02-08 10:24 - 00000000 ____D () C:\Windows\pss
2014-07-18 16:04 - 2012-04-27 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-18 16:04 - 2011-09-01 14:40 - 00000000 ____D () C:\ProgramData\Real
2014-07-18 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-07-18 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-18 13:15 - 2014-07-18 13:14 - 00000000 ____D () C:\Users\Liz\AppData\Local\{17B77BE0-6430-46F9-A25B-C0C10B6442C0}
2014-07-18 13:06 - 2010-10-29 08:29 - 00000000 ____D () C:\Users\Liz
2014-07-17 18:28 - 2014-07-17 18:28 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810 (2).epub
2014-07-17 18:28 - 2014-07-17 18:28 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810 (1).epub
2014-07-17 18:28 - 2010-11-22 14:31 - 00000000 ____D () C:\Users\Liz\Documents\My Digital Editions
2014-07-17 18:27 - 2014-07-17 18:27 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810.epub
2014-07-17 18:26 - 2014-07-17 18:26 - 00001812 _____ () C:\Users\Liz\Downloads\NovellaCollection.acsm
2014-07-16 15:04 - 2014-07-16 15:04 - 00001773 _____ () C:\Users\Liz\Downloads\DutifulWife9781101589694 (1).acsm
2014-07-16 15:04 - 2014-07-16 15:04 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096 (2).acsm
2014-07-13 23:46 - 2014-07-13 23:46 - 00000000 ____D () C:\6712e7574110043240cca5ddce760930
2014-07-12 14:34 - 2014-07-12 14:34 - 00001773 _____ () C:\Users\Liz\Downloads\DutifulWife9781101589694.acsm
2014-07-12 11:56 - 2014-07-12 11:54 - 00000022 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi(2).zip
2014-07-12 11:21 - 2014-07-12 11:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WindowsFirewall.RNP.132861227893302.8.1.Run.exe
2014-07-12 11:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-11 12:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-07-11 09:57 - 2014-07-11 09:57 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096 (1).acsm
2014-07-11 09:51 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-11 09:36 - 2014-07-11 09:36 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096.acsm
2014-07-11 07:28 - 2009-07-14 00:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-10 17:25 - 2014-07-10 17:25 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi (2).zip
2014-07-10 17:25 - 2014-07-10 17:25 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi (1).zip
2014-07-10 09:55 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 09:52 - 2010-10-30 09:00 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 09:19 - 2014-07-10 09:19 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi(1).zip
2014-07-10 09:14 - 2014-07-10 09:14 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi.zip
2014-07-10 09:10 - 2014-07-10 09:10 - 00000000 ___HD () C:\Users\Liz\AppData\Local\Adobe
2014-07-09 12:23 - 2014-07-09 12:23 - 00001784 _____ () C:\Users\Liz\Downloads\LadyFolbrokesDeliciousDeception9781459223318.acsm
2014-07-08 20:38 - 2014-07-08 20:38 - 00001773 _____ () C:\Users\Liz\Downloads\ItalianDoctorsWife9781426878817.acsm
2014-07-08 17:51 - 2014-07-08 17:50 - 00001772 _____ () C:\Users\Liz\Downloads\BeautyandtheScarredHero9781426848308.acsm
2014-07-08 13:03 - 2014-07-08 13:03 - 00001579 _____ () C:\Users\Liz\Downloads\StrangeCapers.acsm
2014-07-08 12:31 - 2012-05-22 12:44 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 12:31 - 2012-05-22 12:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 12:31 - 2011-06-01 15:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 10:32 - 2014-07-08 10:32 - 00001771 _____ () C:\Users\Liz\Downloads\GreekChildrensDoctor9781426802904 (1).acsm
2014-07-07 23:00 - 2014-07-07 23:00 - 00001771 _____ () C:\Users\Liz\Downloads\GreekChildrensDoctor9781426802904.acsm
2014-07-07 15:30 - 2014-07-07 15:30 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (4).acsm
2014-07-07 13:43 - 2014-07-07 13:43 - 00001766 _____ () C:\Users\Liz\Downloads\MissDarbysDuenna.acsm
2014-07-06 14:46 - 2014-07-06 14:46 - 00001773 _____ () C:\Users\Liz\Downloads\DangerousBaronLeighThe.acsm
2014-07-06 14:45 - 2014-07-06 14:45 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (3).acsm
2014-07-06 14:44 - 2014-07-06 14:44 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (2).acsm
2014-07-06 11:42 - 2014-07-06 11:42 - 00001763 _____ () C:\Users\Liz\Downloads\CarouselofHearts.acsm
2014-07-05 12:09 - 2014-07-05 12:09 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (1).acsm
2014-07-03 20:23 - 2014-07-03 20:23 - 00001766 _____ () C:\Users\Liz\Downloads\PerfectKiss9781436284226.acsm
2014-07-03 19:27 - 2014-07-03 19:27 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504.acsm
2014-07-03 14:57 - 2014-07-03 14:57 - 00001764 _____ () C:\Users\Liz\Downloads\ReputableRake9781426861550 (1).acsm
2014-07-03 09:42 - 2014-07-03 09:42 - 00001764 _____ () C:\Users\Liz\Downloads\ReputableRake9781426861550.acsm
2014-07-02 20:24 - 2014-07-02 20:24 - 00001782 _____ () C:\Users\Liz\Downloads\PracticalWidowtoPassionateMistress9781459209473.acsm
2014-07-01 11:11 - 2014-07-01 11:11 - 04940912 _____ () C:\Users\Liz\Downloads\DSCN5295.MOV
2014-06-29 21:09 - 2014-07-18 23:56 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-18 23:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 13:37 - 2014-06-29 13:37 - 00001775 _____ () C:\Users\Liz\Downloads\DiamondsofWelbourneManor9781426832703.acsm
2014-06-29 13:37 - 2014-06-29 13:37 - 00001775 _____ () C:\Users\Liz\Downloads\DiamondsofWelbourneManor9781426832703 (1).acsm
2014-06-28 18:22 - 2014-06-28 18:22 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (3).acsm
2014-06-28 18:22 - 2014-06-28 18:22 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (2).acsm
2014-06-28 16:11 - 2014-06-28 16:11 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (1).acsm
2014-06-28 16:10 - 2014-06-28 16:10 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024.acsm
2014-06-27 15:15 - 2012-07-08 18:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\ProgramData\APN
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-23 10:22 - 2014-06-23 10:21 - 00688280 _____ (Yahoo! Inc.) C:\Users\Liz\Downloads\yahoo_firefox_us_wrap_2014.04.14.11.31.31.exe
2014-06-23 10:10 - 2014-06-07 13:26 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-22 03:15 - 2011-11-24 14:53 - 00000000 ____D () C:\ProgramData\Garmin
2014-06-21 09:48 - 2013-06-28 11:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-21 09:47 - 2014-06-21 09:47 - 00003552 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-06-21 09:47 - 2014-06-21 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-21 09:47 - 2014-06-21 09:47 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-06-21 09:47 - 2013-06-28 11:27 - 00000000 ____D () C:\Users\Liz\Desktop\Garmin
2014-06-21 09:47 - 2011-11-24 14:53 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\Garmin
2014-06-21 09:47 - 2010-12-25 15:37 - 00000000 ____D () C:\Program Files\DIFX
2014-06-21 08:24 - 2014-06-21 08:24 - 00000000 ____D () C:\Windows\SysWOW64\Garmin

ZeroAccess:
C:\Users\Liz\AppData\Local\{0c16864b-7fbc-0538-1887-4447e3a26024}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-18 07:55

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Liz at 2014-07-21 18:46:46
Running from C:\Users\Liz\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.0.16600 - Adobe Systems Inc.) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2011.0104.2155.39304 - AMD) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0C02}) (Version: 12.12.2.83 - APN, LLC) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{C5970161-E13E-6661-BBDA-A08268313C83}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
ATI Stream SDK v2 Developer (HKLM\...\{22441735-5983-AD2A-5CC5-FA2CCD7EF732}) (Version: 2.3.0.0 - ATI Technologies Inc.)
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )
ATT-RC Self Support Tool (HKLM-x32\...\ATT-RC) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0104.2155.39304 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0104.2155.39304 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0104.2155.39304 - ATI) Hidden
ccc-utility64 (Version: 2011.0104.2155.39304 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Extended Update (HKCU\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
WD SmartWare (HKLM\...\{788AA6B0-E98D-406E-8FFF-827BAD8DA377}) (Version: 1.3.1.6 - Western Digital)
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.5.29 - Earth Networks, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Yahoo Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo Inc.)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

18-07-2014 18:19:02 Windows Update
18-07-2014 22:17:49 Removed Techliveconnect - Give Your PC Some TLC.
19-07-2014 04:44:39 Norton_Power_Eraser_20140718234436269
19-07-2014 04:57:37 Windows Update
19-07-2014 05:12:25 Windows Update
19-07-2014 05:24:05 Windows Update
19-07-2014 05:47:04 Windows Update
20-07-2014 05:54:24 Windows Update
20-07-2014 06:11:55 Installed Java 7 Update 65
20-07-2014 06:14:15 Windows Update
20-07-2014 06:25:21 Removed Java 7 Update 60
20-07-2014 06:26:35 Installed Java 7 Update 65
20-07-2014 06:30:33 Removed Java 7 Update 65
20-07-2014 06:31:22 Installed Java 7 Update 65
20-07-2014 06:35:00 Removed Java 7 Update 65
20-07-2014 06:36:25 Installed Java 7 Update 65
21-07-2014 10:49:33 Removed HiJackThis

==================== Scheduled Tasks (whitelisted) =============

Task: {09687BD0-F3BE-4CA2-BDEB-41C2C948141F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-99505543-3047984818-3348261478-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {1B904A7C-80BD-4EB3-92D3-65FC6009B4E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29] (Google Inc.)
Task: {212E7774-D965-4066-991D-DE9F80DF11D6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-99505543-3047984818-3348261478-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {3610453D-80F1-44DC-BC2C-006CB749DA4D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-99505543-3047984818-3348261478-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {42F0C79D-D38C-43A2-83DF-07763CFFD8FC} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-99505543-3047984818-3348261478-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06] (RealNetworks, Inc.)
Task: {43D64535-882A-4B25-8D44-5046471B062E} - System32\Tasks\GarminUpdaterTask => C:\Users\Liz\Desktop\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-06-09] ()
Task: {787D07B8-FB0E-47C5-8C11-E7ECAC109691} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {87F95B07-DB03-438B-8755-8A0818A2A7E1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-99505543-3047984818-3348261478-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {B016C593-BFDA-4B1B-8271-8645EEF34556} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {B62289DB-8315-4D8F-B676-9D1C227C4845} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-01-04 23:06 - 2011-01-04 23:06 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:A523C3AB

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MOBKbackup => 2
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: WDDMService => 2
MSCONFIG\Services: WDFME => 2
MSCONFIG\Services: WDSC => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Liz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdvancedIdentityProtector => "C:\Program Files (x86)\Tech Live Connect\Advanced Identity Protector\AdvancedIdentityProtector.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
MSCONFIG\startupreg: Driver Support => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Users\Liz\Desktop\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Liz\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MapsGalaxy EPM Support => "C:\PROGRA~2\MapsGalaxy_39\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: MapsGalaxy Home Page Guard 64 bit => "C:\PROGRA~2\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MapsGalaxy_39\bar\1.bin\39srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader 64 => C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon64.exe
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: techliveconnect => "C:\Program Files (x86)\Techliveconnect\Techliveconnect - Give Your PC Some TLC\WindowsApplication3.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: WeatherBug => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe /fromrunkey
MSCONFIG\startupreg: yjokg9tgkq => C:\Users\Liz\yjokg9tgkq.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 07:36:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/21/2014 06:41:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/21/2014 06:41:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/21/2014 06:26:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/21/2014 06:15:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/21/2014 06:06:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/21/2014 00:22:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/20/2014 08:47:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/20/2014 08:46:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/20/2014 06:12:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDFME.exe, version: 1.3.1.6, time stamp: 0x4c51ffb9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00022373
Faulting process id: 0x8ac
Faulting application start time: 0xWDFME.exe0
Faulting application path: WDFME.exe1
Faulting module path: WDFME.exe2
Report Id: WDFME.exe3

System errors:
=============
Error: (07/21/2014 08:46:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/21/2014 08:45:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ask Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/21/2014 08:45:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/21/2014 08:42:04 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/21/2014 08:41:52 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/21/2014 08:40:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/21/2014 08:32:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ask Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/21/2014 08:06:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/21/2014 07:53:06 AM) (Source: DCOM) (EventID: 10016) (User: Liz-PC)
Description: machine-defaultLocalActivation{90AFF435-B544-4F94-A0C2-CC020EACA4E3}{C1352D97-77A9-4DD5-8042-BA14D5C8E266}Liz-PCLizS-1-5-21-99505543-3047984818-3348261478-1001LocalHost (Using LRPC)

Error: (07/21/2014 07:36:34 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Microsoft Office Sessions:
=========================
Error: (07/21/2014 07:36:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

Error: (07/21/2014 06:41:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (07/21/2014 06:41:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (07/21/2014 06:26:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

Error: (07/21/2014 06:15:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

Error: (07/21/2014 06:06:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

Error: (07/21/2014 00:22:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (07/20/2014 08:47:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (07/20/2014 08:46:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/20/2014 06:12:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDFME.exe1.3.1.64c51ffb9ntdll.dll6.1.7601.18247521ea8e7c0000005000223738ac01cfa3e27353b890C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exeC:\Windows\SysWOW64\ntdll.dll497fad52-1063-11e4-8b0e-0030673e3149

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 3839.3 MB
Available physical RAM: 2573.47 MB
Total Pagefile: 9837.48 MB
Available Pagefile: 8604.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:361.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DB51DB7E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 AM

Posted 21 July 2014 - 11:59 PM

In your logs I see a Backdoor. That means that your machine is infected with some nasty files which can steal some information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.
Below are the steps that you should administer:

  • Please disconnect from the Internet! Also don't use it while we are cleaning the infected machine. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
  • It is strongly advised that you change your passwords on a clean PC and notify the bank immediately to watch out for suspicious transactions.

I can try to clean the infection but I have to say your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted.Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:

Now - you decide if you want to reformat the PC or to cleaning the PC. Think of it and choose the best solution for you! Let me know of your decision. If you decide to go through the proceed, please proceed with the following steps.

 

First,

  • Please download the attached fixlist.txt file and save it to the same location as FRST

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

Then,

  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Then,
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Attached Files


Edited by Machiavelli, 22 July 2014 - 12:01 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 danleuthner

danleuthner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 22 July 2014 - 08:41 AM

Thanks for the help...
 
funny thing is, I ran highjackthis after doing all this, and still have all the same unassociated entries.
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Liz at 2014-07-22 08:19:51 Run:1
Running from C:\Users\Liz\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-99505543-3047984818-3348261478-1001\...\MountPoints2: {d496bc7b-ee8d-11df-8784-0030673e3149} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-99505543-3047984818-3348261478-1001\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Liz\AppData\Local\{0c16864b-7fbc-0538-1887-4447e3a26024}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-21-99505543-3047984818-3348261478-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Liz\AppData\Local\Temp\sbnxren\stqhpws\wow64.dll ATTENTION! ====> ZeroAccess?
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com/?fr=fp-yie11
SearchScopes: HKCU - {3E9CAAE8-24BA-48C3-B4AD-468D4D859F21} URL = https://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {6CBC9F93-7D01-4E00-8AB0-EA8D2176A93E} URL = https://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {938A995A-E145-4AE1-A585-57E054A116D9} URL = https://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Hosts: Hosts file not detected in the default directory
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll No File
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
S4 MapsGalaxy_39Service; C:\PROGRA~2\MapsGalaxy_39\bar\1.bin\39barsvc.exe [X]
S4 6e4b6febc8ac462c; \SystemRoot\System32\Drivers\6e4b6febc8ac462c.sys [X]
C:\Users\Liz\AppData\Local\{0c16864b-7fbc-0538-1887-4447e3a26024}
*****************
 
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
'HKU\S-1-5-21-99505543-3047984818-3348261478-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d496bc7b-ee8d-11df-8784-0030673e3149}' => Key deleted successfully.
'HKCR\CLSID\{d496bc7b-ee8d-11df-8784-0030673e3149}'=> Key not found.
'HKU\S-1-5-21-99505543-3047984818-3348261478-1001\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}' => Key deleted successfully.
'HKU\S-1-5-21-99505543-3047984818-3348261478-1001\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E9CAAE8-24BA-48C3-B4AD-468D4D859F21}' => Key deleted successfully.
'HKCR\CLSID\{3E9CAAE8-24BA-48C3-B4AD-468D4D859F21}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6CBC9F93-7D01-4E00-8AB0-EA8D2176A93E}' => Key deleted successfully.
'HKCR\CLSID\{6CBC9F93-7D01-4E00-8AB0-EA8D2176A93E}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{938A995A-E145-4AE1-A585-57E054A116D9}' => Key deleted successfully.
'HKCR\CLSID\{938A995A-E145-4AE1-A585-57E054A116D9}'=> Key not found.
'HKCR\PROTOCOLS\Handler\dssrequest' => Key deleted successfully.
'HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}'=> Key not found.
'HKCR\PROTOCOLS\Handler\sacore' => Key deleted successfully.
'HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}'=> Key not found.
'HKCR\Wow6432Node\PROTOCOLS\Handler\dssrequest'=> Key not found.
'HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}'=> Key not found.
'HKCR\Wow6432Node\PROTOCOLS\Handler\sacore'=> Key not found.
'HKCR\Wow6432Node\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-mfe-ipt' => Key deleted successfully.
'HKCR\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}'=> Key not found.
'HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-mfe-ipt'=> Key not found.
'HKCR\Wow6432Node\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}'=> Key not found.
Hosts was reset successfully.
'HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10' => Key deleted successfully.
"c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll" => not found.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer' => Key deleted successfully.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10' => Key deleted successfully.
c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MVT' => Key deleted successfully.
C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
MapsGalaxy_39Service => Service deleted successfully.
6e4b6febc8ac462c => Service deleted successfully.
C:\Users\Liz\AppData\Local\{0c16864b-7fbc-0538-1887-4447e3a26024} => Moved successfully.
 
==== End of Fixlog ====
 
 
 
08:26:44.0022 0x0db4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
08:26:46.0690 0x0db4  ============================================================
08:26:46.0690 0x0db4  Current date / time: 2014/07/22 08:26:46.0690
08:26:46.0690 0x0db4  SystemInfo:
08:26:46.0690 0x0db4  
08:26:46.0690 0x0db4  OS Version: 6.1.7601 ServicePack: 1.0
08:26:46.0690 0x0db4  Product type: Workstation
08:26:46.0690 0x0db4  ComputerName: LIZ-PC
08:26:46.0690 0x0db4  UserName: Liz
08:26:46.0690 0x0db4  Windows directory: C:\Windows
08:26:46.0690 0x0db4  System windows directory: C:\Windows
08:26:46.0690 0x0db4  Running under WOW64
08:26:46.0690 0x0db4  Processor architecture: Intel x64
08:26:46.0690 0x0db4  Number of processors: 2
08:26:46.0690 0x0db4  Page size: 0x1000
08:26:46.0690 0x0db4  Boot type: Normal boot
08:26:46.0690 0x0db4  ============================================================
08:26:49.0186 0x0db4  KLMD registered as C:\Windows\system32\drivers\24950078.sys
08:26:49.0466 0x0db4  System UUID: {942C1895-2999-546A-73B8-2E6BA29815F0}
08:26:50.0044 0x0db4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:26:50.0075 0x0db4  ============================================================
08:26:50.0075 0x0db4  \Device\Harddisk0\DR0:
08:26:50.0075 0x0db4  MBR partitions:
08:26:50.0075 0x0db4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:26:50.0075 0x0db4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
08:26:50.0075 0x0db4  ============================================================
08:26:50.0090 0x0db4  C: <-> \Device\Harddisk0\DR0\Partition2
08:26:50.0090 0x0db4  ============================================================
08:26:50.0090 0x0db4  Initialize success
08:26:50.0090 0x0db4  ============================================================
08:27:18.0030 0x0e70  ============================================================
08:27:18.0030 0x0e70  Scan started
08:27:18.0030 0x0e70  Mode: Manual; 
08:27:18.0030 0x0e70  ============================================================
08:27:18.0030 0x0e70  KSN ping started
08:27:18.0139 0x0e70  KSN ping finished: false
08:27:20.0464 0x0e70  ================ Scan system memory ========================
08:27:20.0464 0x0e70  System memory - ok
08:27:20.0464 0x0e70  ================ Scan services =============================
08:27:20.0666 0x0e70  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:27:20.0682 0x0e70  1394ohci - ok
08:27:20.0760 0x0e70  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:27:20.0760 0x0e70  ACPI - ok
08:27:20.0791 0x0e70  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:27:20.0791 0x0e70  AcpiPmi - ok
08:27:20.0854 0x0e70  [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
08:27:20.0932 0x0e70  acsock - ok
08:27:21.0041 0x0e70  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:27:21.0041 0x0e70  AdobeARMservice - ok
08:27:21.0353 0x0e70  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:27:21.0353 0x0e70  AdobeFlashPlayerUpdateSvc - ok
08:27:21.0446 0x0e70  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:27:21.0462 0x0e70  adp94xx - ok
08:27:21.0478 0x0e70  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:27:21.0493 0x0e70  adpahci - ok
08:27:21.0540 0x0e70  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:27:21.0540 0x0e70  adpu320 - ok
08:27:21.0587 0x0e70  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:27:21.0602 0x0e70  AeLookupSvc - ok
08:27:21.0665 0x0e70  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
08:27:21.0680 0x0e70  AFD - ok
08:27:21.0743 0x0e70  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
08:27:21.0743 0x0e70  agp440 - ok
08:27:21.0774 0x0e70  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
08:27:21.0774 0x0e70  ALG - ok
08:27:21.0805 0x0e70  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:27:21.0805 0x0e70  aliide - ok
08:27:21.0868 0x0e70  [ A359974EAAC83A435497C52F62A2E590, 7A7AFFE1CCE8732C478AE3EA630AA46C94DE0DBFE19EE63E3FB99B0D3338F038 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:27:21.0868 0x0e70  AMD External Events Utility - ok
08:27:21.0946 0x0e70  AMD FUEL Service - ok
08:27:21.0977 0x0e70  [ DD27F6C3DE9BFE50635C721E09EDC5DD, CBB76DDF70A98745FEE85B784C6B5BA3B8801D955D04A71A907275113D7DFF07 ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
08:27:21.0977 0x0e70  AMD Reservation Manager - ok
08:27:22.0024 0x0e70  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
08:27:22.0024 0x0e70  amdide - ok
08:27:22.0102 0x0e70  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
08:27:22.0102 0x0e70  amdiox64 - ok
08:27:22.0180 0x0e70  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:27:22.0195 0x0e70  AmdK8 - ok
08:27:22.0616 0x0e70  [ 60216B0E704584DE6D5A9F59E9C34C47, CC3E9F09FB28E50FDFCC5E6A996E28CB4E721DDDD50E23710DC74C5B0F7CE3E3 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:27:22.0866 0x0e70  amdkmdag - ok
08:27:22.0928 0x0e70  [ 6B4E9261B613B047A9A145F328889968, E5C6611E88381A9D40AD1CE80BFDDBDA733F4A8D3602AAE25A155D2C39B3B7FD ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
08:27:22.0944 0x0e70  amdkmdap - ok
08:27:22.0975 0x0e70  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:27:22.0975 0x0e70  AmdPPM - ok
08:27:23.0006 0x0e70  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:27:23.0006 0x0e70  amdsata - ok
08:27:23.0038 0x0e70  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:27:23.0038 0x0e70  amdsbs - ok
08:27:23.0038 0x0e70  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:27:23.0038 0x0e70  amdxata - ok
08:27:23.0100 0x0e70  [ 424BF179C985F1B5D62DB531E5F72D42, 3E356354FAC38B124614B2069DC1AA30585DCEA49D14254FE8CF215AC65B955D ] APNMCP          C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
08:27:23.0131 0x0e70  APNMCP - ok
08:27:23.0178 0x0e70  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
08:27:23.0178 0x0e70  AppID - ok
08:27:23.0194 0x0e70  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:27:23.0194 0x0e70  AppIDSvc - ok
08:27:23.0240 0x0e70  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
08:27:23.0240 0x0e70  Appinfo - ok
08:27:23.0287 0x0e70  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:27:23.0287 0x0e70  Apple Mobile Device - ok
08:27:23.0334 0x0e70  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
08:27:23.0334 0x0e70  AppMgmt - ok
08:27:23.0365 0x0e70  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:27:23.0365 0x0e70  arc - ok
08:27:23.0381 0x0e70  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:27:23.0381 0x0e70  arcsas - ok
08:27:23.0474 0x0e70  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:27:23.0474 0x0e70  aspnet_state - ok
08:27:23.0506 0x0e70  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:27:23.0506 0x0e70  AsyncMac - ok
08:27:23.0537 0x0e70  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
08:27:23.0537 0x0e70  atapi - ok
08:27:23.0568 0x0e70  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47, 172240231981162F67DD2CF13C6D8C807EFFCE9C24B476F2942BC3E1F41C1A71 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
08:27:23.0584 0x0e70  AtiHDAudioService - ok
08:27:23.0646 0x0e70  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:27:23.0662 0x0e70  AudioEndpointBuilder - ok
08:27:23.0677 0x0e70  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:27:23.0693 0x0e70  AudioSrv - ok
08:27:23.0755 0x0e70  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:27:23.0771 0x0e70  AxInstSV - ok
08:27:23.0802 0x0e70  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
08:27:23.0802 0x0e70  b06bdrv - ok
08:27:23.0849 0x0e70  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:27:23.0849 0x0e70  b57nd60a - ok
08:27:23.0880 0x0e70  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:27:23.0880 0x0e70  BDESVC - ok
08:27:23.0896 0x0e70  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:27:23.0896 0x0e70  Beep - ok
08:27:23.0974 0x0e70  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
08:27:23.0989 0x0e70  BFE - ok
08:27:24.0083 0x0e70  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
08:27:24.0098 0x0e70  BITS - ok
08:27:24.0130 0x0e70  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:27:24.0145 0x0e70  blbdrive - ok
08:27:24.0176 0x0e70  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:27:24.0192 0x0e70  Bonjour Service - ok
08:27:24.0223 0x0e70  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:27:24.0223 0x0e70  bowser - ok
08:27:24.0254 0x0e70  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:27:24.0254 0x0e70  BrFiltLo - ok
08:27:24.0254 0x0e70  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:27:24.0254 0x0e70  BrFiltUp - ok
08:27:24.0286 0x0e70  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
08:27:24.0286 0x0e70  Browser - ok
08:27:24.0301 0x0e70  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:27:24.0317 0x0e70  Brserid - ok
08:27:24.0317 0x0e70  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:27:24.0317 0x0e70  BrSerWdm - ok
08:27:24.0332 0x0e70  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:27:24.0332 0x0e70  BrUsbMdm - ok
08:27:24.0332 0x0e70  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:27:24.0332 0x0e70  BrUsbSer - ok
08:27:24.0348 0x0e70  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:27:24.0348 0x0e70  BTHMODEM - ok
08:27:24.0364 0x0e70  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
08:27:24.0379 0x0e70  bthserv - ok
08:27:24.0395 0x0e70  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:27:24.0410 0x0e70  cdfs - ok
08:27:24.0442 0x0e70  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
08:27:24.0442 0x0e70  cdrom - ok
08:27:24.0488 0x0e70  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:27:24.0488 0x0e70  CertPropSvc - ok
08:27:24.0504 0x0e70  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:27:24.0520 0x0e70  circlass - ok
08:27:24.0535 0x0e70  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
08:27:24.0535 0x0e70  CLFS - ok
08:27:24.0598 0x0e70  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:27:24.0613 0x0e70  clr_optimization_v2.0.50727_32 - ok
08:27:24.0644 0x0e70  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:27:24.0644 0x0e70  clr_optimization_v2.0.50727_64 - ok
08:27:24.0722 0x0e70  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:27:24.0738 0x0e70  clr_optimization_v4.0.30319_32 - ok
08:27:24.0754 0x0e70  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:27:24.0769 0x0e70  clr_optimization_v4.0.30319_64 - ok
08:27:24.0785 0x0e70  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:27:24.0785 0x0e70  CmBatt - ok
08:27:24.0816 0x0e70  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:27:24.0832 0x0e70  cmdide - ok
08:27:24.0863 0x0e70  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
08:27:24.0894 0x0e70  CNG - ok
08:27:24.0910 0x0e70  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:27:24.0910 0x0e70  Compbatt - ok
08:27:24.0941 0x0e70  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
08:27:24.0941 0x0e70  CompositeBus - ok
08:27:24.0956 0x0e70  COMSysApp - ok
08:27:25.0034 0x0e70  [ 7150E3708FB489E7941F7A6A7A0DB282, 2D521FCF3CC75C86FF74B885490000A94468FC68113785B700FF62C912511843 ] CouponPrinterService C:\Program Files (x86)\Coupons\CouponPrinterService.exe
08:27:25.0066 0x0e70  CouponPrinterService - ok
08:27:25.0128 0x0e70  cpuz137 - ok
08:27:25.0144 0x0e70  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:27:25.0144 0x0e70  crcdisk - ok
08:27:25.0190 0x0e70  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:27:25.0190 0x0e70  CryptSvc - ok
08:27:25.0237 0x0e70  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
08:27:25.0253 0x0e70  CSC - ok
08:27:25.0315 0x0e70  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
08:27:25.0346 0x0e70  CscService - ok
08:27:25.0393 0x0e70  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:27:25.0409 0x0e70  DcomLaunch - ok
08:27:25.0424 0x0e70  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
08:27:25.0440 0x0e70  defragsvc - ok
08:27:25.0471 0x0e70  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:27:25.0487 0x0e70  DfsC - ok
08:27:25.0534 0x0e70  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:27:25.0549 0x0e70  Dhcp - ok
08:27:25.0580 0x0e70  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
08:27:25.0580 0x0e70  discache - ok
08:27:25.0596 0x0e70  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:27:25.0612 0x0e70  Disk - ok
08:27:25.0658 0x0e70  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:27:25.0658 0x0e70  Dnscache - ok
08:27:25.0690 0x0e70  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:27:25.0705 0x0e70  dot3svc - ok
08:27:25.0721 0x0e70  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
08:27:25.0736 0x0e70  DPS - ok
08:27:25.0752 0x0e70  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:27:25.0768 0x0e70  drmkaud - ok
08:27:25.0830 0x0e70  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:27:25.0846 0x0e70  DXGKrnl - ok
08:27:25.0877 0x0e70  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
08:27:25.0877 0x0e70  EapHost - ok
08:27:25.0986 0x0e70  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
08:27:26.0064 0x0e70  ebdrv - ok
08:27:26.0095 0x0e70  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
08:27:26.0095 0x0e70  EFS - ok
08:27:26.0142 0x0e70  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:27:26.0158 0x0e70  ehRecvr - ok
08:27:26.0173 0x0e70  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
08:27:26.0173 0x0e70  ehSched - ok
08:27:26.0220 0x0e70  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:27:26.0220 0x0e70  elxstor - ok
08:27:26.0251 0x0e70  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:27:26.0267 0x0e70  ErrDev - ok
08:27:26.0329 0x0e70  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
08:27:26.0329 0x0e70  EventSystem - ok
08:27:26.0360 0x0e70  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
08:27:26.0360 0x0e70  exfat - ok
08:27:26.0376 0x0e70  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:27:26.0376 0x0e70  fastfat - ok
08:27:26.0438 0x0e70  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
08:27:26.0454 0x0e70  Fax - ok
08:27:26.0454 0x0e70  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:27:26.0454 0x0e70  fdc - ok
08:27:26.0470 0x0e70  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
08:27:26.0485 0x0e70  fdPHost - ok
08:27:26.0485 0x0e70  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:27:26.0485 0x0e70  FDResPub - ok
08:27:26.0501 0x0e70  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:27:26.0501 0x0e70  FileInfo - ok
08:27:26.0516 0x0e70  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:27:26.0516 0x0e70  Filetrace - ok
08:27:26.0516 0x0e70  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:27:26.0516 0x0e70  flpydisk - ok
08:27:26.0532 0x0e70  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:27:26.0548 0x0e70  FltMgr - ok
08:27:26.0672 0x0e70  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
08:27:26.0719 0x0e70  FontCache - ok
08:27:26.0782 0x0e70  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:27:26.0782 0x0e70  FontCache3.0.0.0 - ok
08:27:26.0797 0x0e70  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:27:26.0797 0x0e70  FsDepends - ok
08:27:26.0828 0x0e70  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:27:26.0828 0x0e70  Fs_Rec - ok
08:27:26.0875 0x0e70  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:27:26.0875 0x0e70  fvevol - ok
08:27:26.0891 0x0e70  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:27:26.0906 0x0e70  gagp30kx - ok
08:27:27.0031 0x0e70  [ 0215DAF58C80D7EBE6084E5065717C3D, 5AED70D789FEB9EB3DBB4BC3284D8ECFD5BF96A57AF66FD527A5A0D3777D6216 ] Garmin Core Update Service C:\Users\Liz\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
08:27:27.0062 0x0e70  Garmin Core Update Service - ok
08:27:27.0094 0x0e70  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:27:27.0094 0x0e70  GEARAspiWDM - ok
08:27:27.0218 0x0e70  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:27:27.0265 0x0e70  gpsvc - ok
08:27:27.0312 0x0e70  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:27:27.0328 0x0e70  gupdate - ok
08:27:27.0328 0x0e70  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:27:27.0343 0x0e70  gupdatem - ok
08:27:27.0359 0x0e70  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:27:27.0359 0x0e70  gusvc - ok
08:27:27.0390 0x0e70  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:27:27.0390 0x0e70  hcw85cir - ok
08:27:27.0468 0x0e70  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:27:27.0484 0x0e70  HdAudAddService - ok
08:27:27.0546 0x0e70  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
08:27:27.0546 0x0e70  HDAudBus - ok
08:27:27.0546 0x0e70  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:27:27.0546 0x0e70  HidBatt - ok
08:27:27.0577 0x0e70  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:27:27.0577 0x0e70  HidBth - ok
08:27:27.0577 0x0e70  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:27:27.0577 0x0e70  HidIr - ok
08:27:27.0608 0x0e70  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
08:27:27.0608 0x0e70  hidserv - ok
08:27:27.0655 0x0e70  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:27:27.0655 0x0e70  HidUsb - ok
08:27:27.0702 0x0e70  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
08:27:27.0718 0x0e70  HipShieldK - ok
08:27:27.0749 0x0e70  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:27:27.0764 0x0e70  hkmsvc - ok
08:27:27.0811 0x0e70  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:27:27.0811 0x0e70  HomeGroupListener - ok
08:27:27.0827 0x0e70  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:27:27.0827 0x0e70  HomeGroupProvider - ok
08:27:27.0874 0x0e70  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:27:27.0874 0x0e70  HpSAMD - ok
08:27:27.0936 0x0e70  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:27:27.0952 0x0e70  HTTP - ok
08:27:27.0967 0x0e70  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:27:27.0967 0x0e70  hwpolicy - ok
08:27:28.0014 0x0e70  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:27:28.0014 0x0e70  i8042prt - ok
08:27:28.0030 0x0e70  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:27:28.0045 0x0e70  iaStorV - ok
08:27:28.0092 0x0e70  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:27:28.0108 0x0e70  idsvc - ok
08:27:28.0123 0x0e70  IEEtwCollectorService - ok
08:27:28.0139 0x0e70  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:27:28.0139 0x0e70  iirsp - ok
08:27:28.0217 0x0e70  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
08:27:28.0248 0x0e70  IKEEXT - ok
08:27:28.0295 0x0e70  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:27:28.0310 0x0e70  intelide - ok
08:27:28.0342 0x0e70  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:27:28.0342 0x0e70  intelppm - ok
08:27:28.0357 0x0e70  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:27:28.0357 0x0e70  IPBusEnum - ok
08:27:28.0388 0x0e70  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:27:28.0404 0x0e70  IpFilterDriver - ok
08:27:28.0466 0x0e70  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:27:28.0482 0x0e70  iphlpsvc - ok
08:27:28.0513 0x0e70  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:27:28.0513 0x0e70  IPMIDRV - ok
08:27:28.0544 0x0e70  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:27:28.0544 0x0e70  IPNAT - ok
08:27:28.0591 0x0e70  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:27:28.0607 0x0e70  iPod Service - ok
08:27:28.0622 0x0e70  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:27:28.0622 0x0e70  IRENUM - ok
08:27:28.0638 0x0e70  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:27:28.0638 0x0e70  isapnp - ok
08:27:28.0700 0x0e70  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:27:28.0700 0x0e70  iScsiPrt - ok
08:27:28.0732 0x0e70  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:27:28.0732 0x0e70  kbdclass - ok
08:27:28.0763 0x0e70  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:27:28.0763 0x0e70  kbdhid - ok
08:27:28.0778 0x0e70  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
08:27:28.0778 0x0e70  KeyIso - ok
08:27:28.0810 0x0e70  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:27:28.0810 0x0e70  KSecDD - ok
08:27:28.0825 0x0e70  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:27:28.0825 0x0e70  KSecPkg - ok
08:27:28.0825 0x0e70  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:27:28.0825 0x0e70  ksthunk - ok
08:27:28.0872 0x0e70  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:27:28.0872 0x0e70  KtmRm - ok
08:27:28.0919 0x0e70  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:27:28.0934 0x0e70  LanmanServer - ok
08:27:28.0966 0x0e70  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:27:28.0966 0x0e70  LanmanWorkstation - ok
08:27:28.0981 0x0e70  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:27:28.0981 0x0e70  lltdio - ok
08:27:28.0997 0x0e70  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:27:29.0012 0x0e70  lltdsvc - ok
08:27:29.0028 0x0e70  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:27:29.0028 0x0e70  lmhosts - ok
08:27:29.0044 0x0e70  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:27:29.0059 0x0e70  LSI_FC - ok
08:27:29.0075 0x0e70  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:27:29.0075 0x0e70  LSI_SAS - ok
08:27:29.0090 0x0e70  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:27:29.0090 0x0e70  LSI_SAS2 - ok
08:27:29.0106 0x0e70  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:27:29.0106 0x0e70  LSI_SCSI - ok
08:27:29.0137 0x0e70  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
08:27:29.0137 0x0e70  luafv - ok
08:27:29.0231 0x0e70  [ F8B823414A22DBF3BEC10DCAA5F93CD8, 651C7521033439C0AA9006F1AC2CF376B1588CE781BEE4D10B7622FA3D055F6C ] McciCMService   C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
08:27:29.0246 0x0e70  McciCMService - ok
08:27:29.0340 0x0e70  [ 859E5A32485178DAECA06B52E2BB44B2, 10402A9E290821A2F353CB58DA3362FB38D8BCC0E5F174F6CFEE9BE022CE0FD8 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
08:27:29.0356 0x0e70  McciCMService64 - ok
08:27:29.0387 0x0e70  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:27:29.0387 0x0e70  Mcx2Svc - ok
08:27:29.0402 0x0e70  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:27:29.0402 0x0e70  megasas - ok
08:27:29.0418 0x0e70  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:27:29.0434 0x0e70  MegaSR - ok
08:27:29.0465 0x0e70  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
08:27:29.0480 0x0e70  MMCSS - ok
08:27:29.0543 0x0e70  [ 8CC001C65C31633171991FA72A551D43, F256EED72C712C2B5C1DB6DE31DA52609EC0E47EB869E7BC0B70B286593A96DB ] MOBKbackup      C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
08:27:29.0558 0x0e70  MOBKbackup - ok
08:27:29.0590 0x0e70  [ 3800C23D0D90C59AAFCDEFDC82B5C4AF, D949CACB9EF881194B06A961071938F57F3AD57EBB5440B6E7F0B340757641BD ] MOBKFilter      C:\Windows\system32\DRIVERS\MOBK.sys
08:27:29.0590 0x0e70  MOBKFilter - ok
08:27:29.0590 0x0e70  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
08:27:29.0605 0x0e70  Modem - ok
08:27:29.0621 0x0e70  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:27:29.0621 0x0e70  monitor - ok
08:27:29.0652 0x0e70  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:27:29.0652 0x0e70  mouclass - ok
08:27:29.0668 0x0e70  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:27:29.0683 0x0e70  mouhid - ok
08:27:29.0714 0x0e70  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:27:29.0714 0x0e70  mountmgr - ok
08:27:29.0746 0x0e70  [ 96AA8BA23142CC8E2B30F3CAE0C80254, C65380761373DAD16425211FBA0B4E15F260F79A1FF328B1314076D732EE6F0E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:27:29.0761 0x0e70  MozillaMaintenance - ok
08:27:29.0792 0x0e70  [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
08:27:29.0792 0x0e70  MpFilter - ok
08:27:29.0808 0x0e70  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:27:29.0824 0x0e70  mpio - ok
08:27:29.0839 0x0e70  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:27:29.0839 0x0e70  mpsdrv - ok
08:27:29.0917 0x0e70  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:27:29.0933 0x0e70  MpsSvc - ok
08:27:29.0964 0x0e70  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:27:29.0980 0x0e70  MRxDAV - ok
08:27:30.0011 0x0e70  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:27:30.0011 0x0e70  mrxsmb - ok
08:27:30.0058 0x0e70  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:27:30.0058 0x0e70  mrxsmb10 - ok
08:27:30.0073 0x0e70  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:27:30.0073 0x0e70  mrxsmb20 - ok
08:27:30.0104 0x0e70  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:27:30.0104 0x0e70  msahci - ok
08:27:30.0136 0x0e70  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:27:30.0136 0x0e70  msdsm - ok
08:27:30.0167 0x0e70  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
08:27:30.0167 0x0e70  MSDTC - ok
08:27:30.0198 0x0e70  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:27:30.0198 0x0e70  Msfs - ok
08:27:30.0214 0x0e70  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:27:30.0214 0x0e70  mshidkmdf - ok
08:27:30.0245 0x0e70  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:27:30.0245 0x0e70  msisadrv - ok
08:27:30.0292 0x0e70  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:27:30.0292 0x0e70  MSiSCSI - ok
08:27:30.0307 0x0e70  msiserver - ok
08:27:30.0323 0x0e70  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:27:30.0323 0x0e70  MSKSSRV - ok
08:27:30.0370 0x0e70  [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:27:30.0370 0x0e70  MsMpSvc - ok
08:27:30.0370 0x0e70  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:27:30.0370 0x0e70  MSPCLOCK - ok
08:27:30.0370 0x0e70  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:27:30.0385 0x0e70  MSPQM - ok
08:27:30.0432 0x0e70  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:27:30.0448 0x0e70  MsRPC - ok
08:27:30.0479 0x0e70  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
08:27:30.0479 0x0e70  mssmbios - ok
08:27:30.0494 0x0e70  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:27:30.0494 0x0e70  MSTEE - ok
08:27:30.0494 0x0e70  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:27:30.0494 0x0e70  MTConfig - ok
08:27:30.0510 0x0e70  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
08:27:30.0510 0x0e70  Mup - ok
08:27:30.0541 0x0e70  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
08:27:30.0541 0x0e70  napagent - ok
08:27:30.0572 0x0e70  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:27:30.0572 0x0e70  NativeWifiP - ok
08:27:30.0635 0x0e70  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:27:30.0650 0x0e70  NDIS - ok
08:27:30.0697 0x0e70  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:27:30.0713 0x0e70  NdisCap - ok
08:27:30.0728 0x0e70  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:27:30.0728 0x0e70  NdisTapi - ok
08:27:30.0775 0x0e70  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:27:30.0775 0x0e70  Ndisuio - ok
08:27:30.0806 0x0e70  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:27:30.0806 0x0e70  NdisWan - ok
08:27:30.0838 0x0e70  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:27:30.0838 0x0e70  NDProxy - ok
08:27:30.0838 0x0e70  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:27:30.0853 0x0e70  NetBIOS - ok
08:27:30.0884 0x0e70  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:27:30.0884 0x0e70  NetBT - ok
08:27:30.0900 0x0e70  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
08:27:30.0900 0x0e70  Netlogon - ok
08:27:30.0931 0x0e70  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
08:27:30.0931 0x0e70  Netman - ok
08:27:30.0978 0x0e70  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:27:31.0009 0x0e70  NetMsmqActivator - ok
08:27:31.0009 0x0e70  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:27:31.0009 0x0e70  NetPipeActivator - ok
08:27:31.0072 0x0e70  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
08:27:31.0087 0x0e70  netprofm - ok
08:27:31.0103 0x0e70  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:27:31.0103 0x0e70  NetTcpActivator - ok
08:27:31.0103 0x0e70  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:27:31.0103 0x0e70  NetTcpPortSharing - ok
08:27:31.0134 0x0e70  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:27:31.0134 0x0e70  nfrd960 - ok
08:27:31.0181 0x0e70  [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:27:31.0181 0x0e70  NisDrv - ok
08:27:31.0228 0x0e70  [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
08:27:31.0243 0x0e70  NisSrv - ok
08:27:31.0274 0x0e70  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:27:31.0290 0x0e70  NlaSvc - ok
08:27:31.0306 0x0e70  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:27:31.0306 0x0e70  Npfs - ok
08:27:31.0321 0x0e70  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
08:27:31.0321 0x0e70  nsi - ok
08:27:31.0352 0x0e70  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:27:31.0352 0x0e70  nsiproxy - ok
08:27:31.0446 0x0e70  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:27:31.0540 0x0e70  Ntfs - ok
08:27:31.0555 0x0e70  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
08:27:31.0555 0x0e70  Null - ok
08:27:31.0586 0x0e70  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:27:31.0602 0x0e70  nvraid - ok
08:27:31.0618 0x0e70  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:27:31.0618 0x0e70  nvstor - ok
08:27:31.0633 0x0e70  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:27:31.0633 0x0e70  nv_agp - ok
08:27:31.0649 0x0e70  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:27:31.0649 0x0e70  ohci1394 - ok
08:27:31.0696 0x0e70  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:27:31.0696 0x0e70  ose - ok
08:27:31.0727 0x0e70  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:27:31.0727 0x0e70  p2pimsvc - ok
08:27:31.0742 0x0e70  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
08:27:31.0758 0x0e70  p2psvc - ok
08:27:31.0774 0x0e70  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:27:31.0774 0x0e70  Parport - ok
08:27:31.0820 0x0e70  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:27:31.0820 0x0e70  partmgr - ok
08:27:31.0836 0x0e70  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:27:31.0836 0x0e70  PcaSvc - ok
08:27:31.0852 0x0e70  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
08:27:31.0852 0x0e70  pci - ok
08:27:31.0883 0x0e70  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
08:27:31.0883 0x0e70  pciide - ok
08:27:31.0914 0x0e70  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:27:31.0930 0x0e70  pcmcia - ok
08:27:31.0945 0x0e70  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:27:31.0945 0x0e70  pcw - ok
08:27:31.0961 0x0e70  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:27:31.0976 0x0e70  PEAUTH - ok
08:27:32.0039 0x0e70  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
08:27:32.0101 0x0e70  PeerDistSvc - ok
08:27:32.0148 0x0e70  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:27:32.0164 0x0e70  PerfHost - ok
08:27:32.0242 0x0e70  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
08:27:32.0288 0x0e70  pla - ok
08:27:32.0366 0x0e70  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:27:32.0413 0x0e70  PlugPlay - ok
08:27:32.0429 0x0e70  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:27:32.0429 0x0e70  PNRPAutoReg - ok
08:27:32.0444 0x0e70  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:27:32.0444 0x0e70  PNRPsvc - ok
08:27:32.0476 0x0e70  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:27:32.0491 0x0e70  PolicyAgent - ok
08:27:32.0522 0x0e70  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
08:27:32.0522 0x0e70  Power - ok
08:27:32.0554 0x0e70  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:27:32.0554 0x0e70  PptpMiniport - ok
08:27:32.0569 0x0e70  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:27:32.0569 0x0e70  Processor - ok
08:27:32.0600 0x0e70  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:27:32.0616 0x0e70  ProfSvc - ok
08:27:32.0632 0x0e70  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:27:32.0632 0x0e70  ProtectedStorage - ok
08:27:32.0678 0x0e70  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:27:32.0694 0x0e70  Psched - ok
08:27:32.0741 0x0e70  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:27:32.0788 0x0e70  ql2300 - ok
08:27:32.0834 0x0e70  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:27:32.0850 0x0e70  ql40xx - ok
08:27:32.0866 0x0e70  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
08:27:32.0881 0x0e70  QWAVE - ok
08:27:32.0897 0x0e70  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:27:32.0897 0x0e70  QWAVEdrv - ok
08:27:32.0897 0x0e70  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:27:32.0897 0x0e70  RasAcd - ok
08:27:32.0944 0x0e70  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:27:32.0944 0x0e70  RasAgileVpn - ok
08:27:32.0975 0x0e70  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
08:27:32.0975 0x0e70  RasAuto - ok
08:27:33.0022 0x0e70  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:27:33.0037 0x0e70  Rasl2tp - ok
08:27:33.0084 0x0e70  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
08:27:33.0100 0x0e70  RasMan - ok
08:27:33.0100 0x0e70  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:27:33.0115 0x0e70  RasPppoe - ok
08:27:33.0115 0x0e70  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:27:33.0115 0x0e70  RasSstp - ok
08:27:33.0131 0x0e70  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:27:33.0146 0x0e70  rdbss - ok
08:27:33.0146 0x0e70  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:27:33.0146 0x0e70  rdpbus - ok
08:27:33.0162 0x0e70  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:27:33.0162 0x0e70  RDPCDD - ok
08:27:33.0193 0x0e70  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
08:27:33.0209 0x0e70  RDPDR - ok
08:27:33.0224 0x0e70  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:27:33.0224 0x0e70  RDPENCDD - ok
08:27:33.0240 0x0e70  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:27:33.0240 0x0e70  RDPREFMP - ok
08:27:33.0287 0x0e70  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
08:27:33.0287 0x0e70  RdpVideoMiniport - ok
08:27:33.0334 0x0e70  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:27:33.0334 0x0e70  RDPWD - ok
08:27:33.0380 0x0e70  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:27:33.0396 0x0e70  rdyboost - ok
08:27:33.0458 0x0e70  [ 89525CC2DBAD44F7199B9CC188B3F9C5, 09708EFA65BC1CCF92E6F2E143FCF88C645B1633AFE0DED833CDF945CB077D8C ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
08:27:33.0458 0x0e70  RealNetworks Downloader Resolver Service - ok
08:27:33.0490 0x0e70  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:27:33.0490 0x0e70  RemoteAccess - ok
08:27:33.0505 0x0e70  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:27:33.0505 0x0e70  RemoteRegistry - ok
08:27:33.0521 0x0e70  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:27:33.0521 0x0e70  RpcEptMapper - ok
08:27:33.0536 0x0e70  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
08:27:33.0536 0x0e70  RpcLocator - ok
08:27:33.0583 0x0e70  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
08:27:33.0583 0x0e70  RpcSs - ok
08:27:33.0614 0x0e70  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:27:33.0614 0x0e70  rspndr - ok
08:27:33.0630 0x0e70  [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
08:27:33.0646 0x0e70  RTL8167 - ok
08:27:33.0661 0x0e70  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
08:27:33.0677 0x0e70  s3cap - ok
08:27:33.0692 0x0e70  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
08:27:33.0692 0x0e70  SamSs - ok
08:27:33.0708 0x0e70  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:27:33.0708 0x0e70  sbp2port - ok
08:27:33.0739 0x0e70  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:27:33.0739 0x0e70  SCardSvr - ok
08:27:33.0770 0x0e70  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:27:33.0770 0x0e70  scfilter - ok
08:27:33.0833 0x0e70  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
08:27:33.0864 0x0e70  Schedule - ok
08:27:33.0911 0x0e70  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:27:33.0911 0x0e70  SCPolicySvc - ok
08:27:33.0942 0x0e70  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:27:33.0942 0x0e70  SDRSVC - ok
08:27:33.0973 0x0e70  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:27:33.0989 0x0e70  secdrv - ok
08:27:34.0004 0x0e70  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
08:27:34.0004 0x0e70  seclogon - ok
08:27:34.0036 0x0e70  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
08:27:34.0036 0x0e70  SENS - ok
08:27:34.0051 0x0e70  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:27:34.0051 0x0e70  SensrSvc - ok
08:27:34.0067 0x0e70  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:27:34.0067 0x0e70  Serenum - ok
08:27:34.0082 0x0e70  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:27:34.0082 0x0e70  Serial - ok
08:27:34.0098 0x0e70  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:27:34.0098 0x0e70  sermouse - ok
08:27:34.0145 0x0e70  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
08:27:34.0145 0x0e70  SessionEnv - ok
08:27:34.0176 0x0e70  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:27:34.0176 0x0e70  sffdisk - ok
08:27:34.0192 0x0e70  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:27:34.0192 0x0e70  sffp_mmc - ok
08:27:34.0207 0x0e70  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:27:34.0207 0x0e70  sffp_sd - ok
08:27:34.0207 0x0e70  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:27:34.0207 0x0e70  sfloppy - ok
08:27:34.0238 0x0e70  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:27:34.0270 0x0e70  SharedAccess - ok
08:27:34.0301 0x0e70  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:27:34.0316 0x0e70  ShellHWDetection - ok
08:27:34.0332 0x0e70  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:27:34.0348 0x0e70  SiSRaid2 - ok
08:27:34.0348 0x0e70  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:27:34.0363 0x0e70  SiSRaid4 - ok
08:27:34.0379 0x0e70  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:27:34.0379 0x0e70  Smb - ok
08:27:34.0410 0x0e70  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:27:34.0410 0x0e70  SNMPTRAP - ok
08:27:34.0426 0x0e70  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:27:34.0426 0x0e70  spldr - ok
08:27:34.0457 0x0e70  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
08:27:34.0472 0x0e70  Spooler - ok
08:27:34.0613 0x0e70  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
08:27:34.0722 0x0e70  sppsvc - ok
08:27:34.0753 0x0e70  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:27:34.0769 0x0e70  sppuinotify - ok
08:27:34.0816 0x0e70  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:27:34.0816 0x0e70  srv - ok
08:27:34.0862 0x0e70  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:27:34.0862 0x0e70  srv2 - ok
08:27:34.0878 0x0e70  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:27:34.0894 0x0e70  srvnet - ok
08:27:34.0909 0x0e70  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:27:34.0909 0x0e70  SSDPSRV - ok
08:27:34.0925 0x0e70  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:27:34.0925 0x0e70  SstpSvc - ok
08:27:34.0940 0x0e70  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:27:34.0940 0x0e70  stexstor - ok
08:27:34.0987 0x0e70  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
08:27:35.0003 0x0e70  stisvc - ok
08:27:35.0034 0x0e70  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
08:27:35.0034 0x0e70  storflt - ok
08:27:35.0050 0x0e70  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
08:27:35.0065 0x0e70  StorSvc - ok
08:27:35.0065 0x0e70  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
08:27:35.0065 0x0e70  storvsc - ok
08:27:35.0096 0x0e70  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
08:27:35.0112 0x0e70  swenum - ok
08:27:35.0143 0x0e70  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
08:27:35.0159 0x0e70  swprv - ok
08:27:35.0377 0x0e70  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
08:27:35.0440 0x0e70  SysMain - ok
08:27:35.0486 0x0e70  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:27:35.0486 0x0e70  TabletInputService - ok
08:27:35.0533 0x0e70  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:27:35.0549 0x0e70  TapiSrv - ok
08:27:35.0580 0x0e70  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
08:27:35.0580 0x0e70  TBS - ok
08:27:35.0674 0x0e70  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:27:35.0736 0x0e70  Tcpip - ok
08:27:35.0798 0x0e70  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:27:35.0830 0x0e70  TCPIP6 - ok
08:27:35.0861 0x0e70  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:27:35.0876 0x0e70  tcpipreg - ok
08:27:35.0923 0x0e70  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:27:35.0923 0x0e70  TDPIPE - ok
08:27:35.0970 0x0e70  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:27:35.0970 0x0e70  TDTCP - ok
08:27:36.0001 0x0e70  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:27:36.0001 0x0e70  tdx - ok
08:27:36.0032 0x0e70  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
08:27:36.0032 0x0e70  TermDD - ok
08:27:36.0064 0x0e70  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
08:27:36.0079 0x0e70  TermService - ok
08:27:36.0095 0x0e70  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
08:27:36.0095 0x0e70  Themes - ok
08:27:36.0126 0x0e70  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
08:27:36.0126 0x0e70  THREADORDER - ok
08:27:36.0142 0x0e70  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
08:27:36.0157 0x0e70  TrkWks - ok
08:27:36.0220 0x0e70  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:27:36.0235 0x0e70  TrustedInstaller - ok
08:27:36.0266 0x0e70  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:27:36.0266 0x0e70  tssecsrv - ok
08:27:36.0313 0x0e70  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:27:36.0313 0x0e70  TsUsbFlt - ok
08:27:36.0360 0x0e70  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:27:36.0360 0x0e70  tunnel - ok
08:27:36.0376 0x0e70  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:27:36.0376 0x0e70  uagp35 - ok
08:27:36.0422 0x0e70  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:27:36.0438 0x0e70  udfs - ok
08:27:36.0469 0x0e70  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:27:36.0469 0x0e70  UI0Detect - ok
08:27:36.0485 0x0e70  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:27:36.0485 0x0e70  uliagpkx - ok
08:27:36.0532 0x0e70  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
08:27:36.0532 0x0e70  umbus - ok
08:27:36.0547 0x0e70  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:27:36.0547 0x0e70  UmPass - ok
08:27:36.0578 0x0e70  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
08:27:36.0594 0x0e70  UmRdpService - ok
08:27:36.0610 0x0e70  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
08:27:36.0625 0x0e70  upnphost - ok
08:27:36.0656 0x0e70  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:27:36.0656 0x0e70  usbccgp - ok
08:27:36.0703 0x0e70  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:27:36.0703 0x0e70  usbcir - ok
08:27:36.0719 0x0e70  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:27:36.0719 0x0e70  usbehci - ok
08:27:36.0750 0x0e70  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:27:36.0750 0x0e70  usbhub - ok
08:27:36.0766 0x0e70  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
08:27:36.0766 0x0e70  usbohci - ok
08:27:36.0781 0x0e70  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:27:36.0797 0x0e70  usbprint - ok
08:27:36.0812 0x0e70  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:27:36.0828 0x0e70  USBSTOR - ok
08:27:36.0828 0x0e70  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:27:36.0844 0x0e70  usbuhci - ok
08:27:36.0859 0x0e70  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
08:27:36.0859 0x0e70  UxSms - ok
08:27:36.0875 0x0e70  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
08:27:36.0875 0x0e70  VaultSvc - ok
08:27:36.0890 0x0e70  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:27:36.0890 0x0e70  vdrvroot - ok
08:27:36.0953 0x0e70  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
08:27:36.0968 0x0e70  vds - ok
08:27:36.0984 0x0e70  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:27:36.0984 0x0e70  vga - ok
08:27:37.0000 0x0e70  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:27:37.0000 0x0e70  VgaSave - ok
08:27:37.0031 0x0e70  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:27:37.0031 0x0e70  vhdmp - ok
08:27:37.0062 0x0e70  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:27:37.0062 0x0e70  viaide - ok
08:27:37.0078 0x0e70  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
08:27:37.0078 0x0e70  vmbus - ok
08:27:37.0093 0x0e70  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
08:27:37.0093 0x0e70  VMBusHID - ok
08:27:37.0109 0x0e70  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:27:37.0109 0x0e70  volmgr - ok
08:27:37.0156 0x0e70  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:27:37.0171 0x0e70  volmgrx - ok
08:27:37.0187 0x0e70  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:27:37.0202 0x0e70  volsnap - ok
08:27:37.0218 0x0e70  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:27:37.0218 0x0e70  vsmraid - ok
08:27:37.0327 0x0e70  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
08:27:37.0390 0x0e70  VSS - ok
08:27:37.0405 0x0e70  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
08:27:37.0421 0x0e70  vwifibus - ok
08:27:37.0452 0x0e70  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
08:27:37.0452 0x0e70  W32Time - ok
08:27:37.0468 0x0e70  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:27:37.0468 0x0e70  WacomPen - ok
08:27:37.0499 0x0e70  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:27:37.0514 0x0e70  WANARP - ok
08:27:37.0514 0x0e70  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:27:37.0514 0x0e70  Wanarpv6 - ok
08:27:37.0577 0x0e70  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:27:37.0624 0x0e70  WatAdminSvc - ok
08:27:37.0702 0x0e70  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
08:27:37.0748 0x0e70  wbengine - ok
08:27:37.0780 0x0e70  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:27:37.0780 0x0e70  WbioSrvc - ok
08:27:37.0826 0x0e70  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:27:37.0826 0x0e70  wcncsvc - ok
08:27:37.0842 0x0e70  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:27:37.0842 0x0e70  WcsPlugInService - ok
08:27:37.0858 0x0e70  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:27:37.0858 0x0e70  Wd - ok
08:27:37.0889 0x0e70  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
08:27:37.0889 0x0e70  WDC_SAM - ok
08:27:37.0904 0x0e70  [ F7F367002FE49D4BBB1DD6014FC81ED6, 82873D5C61D3BDDC8018F92D354B0D35829E640611C49F82101A8D1E321856C8 ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
08:27:37.0936 0x0e70  WDDMService - ok
08:27:38.0014 0x0e70  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:27:38.0029 0x0e70  Wdf01000 - ok
08:27:38.0123 0x0e70  [ 555413A28695E063B9D24439D69AC708, 03A200A477E9ABADC962EBEBFF525585C69001ABDAC1BAE8B3EC3718E43572F4 ] WDFME           C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
08:27:38.0185 0x0e70  WDFME - ok
08:27:38.0216 0x0e70  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:27:38.0216 0x0e70  WdiServiceHost - ok
08:27:38.0216 0x0e70  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:27:38.0232 0x0e70  WdiSystemHost - ok
08:27:38.0248 0x0e70  [ 540DB6B00F9DC9EA3006098EEAA70643, 14B6FF439BBA192A568FC766D349D8DAD762D4B6F4CF9C95673D366A11D0C3EE ] WDSC            C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
08:27:38.0310 0x0e70  WDSC - ok
08:27:38.0357 0x0e70  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
08:27:38.0372 0x0e70  WebClient - ok
08:27:38.0419 0x0e70  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:27:38.0435 0x0e70  Wecsvc - ok
08:27:38.0450 0x0e70  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:27:38.0450 0x0e70  wercplsupport - ok
08:27:38.0466 0x0e70  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:27:38.0482 0x0e70  WerSvc - ok
08:27:38.0497 0x0e70  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:27:38.0497 0x0e70  WfpLwf - ok
08:27:38.0513 0x0e70  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:27:38.0528 0x0e70  WIMMount - ok
08:27:38.0544 0x0e70  WinDefend - ok
08:27:38.0544 0x0e70  WinHttpAutoProxySvc - ok
08:27:38.0606 0x0e70  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:27:38.0622 0x0e70  Winmgmt - ok
08:27:38.0731 0x0e70  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:27:38.0840 0x0e70  WinRM - ok
08:27:38.0903 0x0e70  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:27:38.0903 0x0e70  WinUsb - ok
08:27:38.0981 0x0e70  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:27:39.0012 0x0e70  Wlansvc - ok
08:27:39.0059 0x0e70  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:27:39.0059 0x0e70  wlcrasvc - ok
08:27:39.0184 0x0e70  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:27:39.0262 0x0e70  wlidsvc - ok
08:27:39.0308 0x0e70  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:27:39.0308 0x0e70  WmiAcpi - ok
08:27:39.0340 0x0e70  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:27:39.0340 0x0e70  wmiApSrv - ok
08:27:39.0355 0x0e70  WMPNetworkSvc - ok
08:27:39.0371 0x0e70  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:27:39.0371 0x0e70  WPCSvc - ok
08:27:39.0402 0x0e70  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:27:39.0418 0x0e70  WPDBusEnum - ok
08:27:39.0433 0x0e70  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:27:39.0433 0x0e70  ws2ifsl - ok
08:27:39.0449 0x0e70  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
08:27:39.0464 0x0e70  wscsvc - ok
08:27:39.0464 0x0e70  WSearch - ok
08:27:39.0589 0x0e70  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:27:39.0667 0x0e70  wuauserv - ok
08:27:39.0698 0x0e70  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:27:39.0698 0x0e70  WudfPf - ok
08:27:39.0714 0x0e70  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:27:39.0730 0x0e70  WUDFRd - ok
08:27:39.0745 0x0e70  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:27:39.0745 0x0e70  wudfsvc - ok
08:27:39.0776 0x0e70  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:27:39.0792 0x0e70  WwanSvc - ok
08:27:39.0901 0x0e70  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:27:39.0932 0x0e70  YahooAUService - ok
08:27:39.0948 0x0e70  ================ Scan global ===============================
08:27:39.0979 0x0e70  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
08:27:40.0026 0x0e70  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:27:40.0057 0x0e70  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:27:40.0073 0x0e70  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:27:40.0104 0x0e70  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
08:27:40.0104 0x0e70  [ Global ] - ok
08:27:40.0120 0x0e70  ================ Scan MBR ==================================
08:27:40.0120 0x0e70  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:27:40.0915 0x0e70  \Device\Harddisk0\DR0 - ok
08:27:40.0915 0x0e70  ================ Scan VBR ==================================
08:27:40.0931 0x0e70  [ 2AA81FB680ED2A5C5BC7EA2DD87D0C27 ] \Device\Harddisk0\DR0\Partition1
08:27:40.0946 0x0e70  \Device\Harddisk0\DR0\Partition1 - ok
08:27:40.0978 0x0e70  [ 9D719E339B91CB38D228BB7A0B73EFA3 ] \Device\Harddisk0\DR0\Partition2
08:27:41.0009 0x0e70  \Device\Harddisk0\DR0\Partition2 - ok
08:27:41.0009 0x0e70  ================ Scan generic autorun ======================
08:27:41.0258 0x0e70  [ 569AC1376B12D4083FC66CC7A304F234, DD209F09573F10A77D710E30EF3D0461D2E8F4E5F18106B18EFB587C88393460 ] c:\Program Files\Microsoft Security Client\msseces.exe
08:27:41.0321 0x0e70  MSC - ok
08:27:41.0414 0x0e70  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
08:27:41.0446 0x0e70  Adobe ARM - ok
08:27:41.0508 0x0e70  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
08:27:41.0586 0x0e70  QuickTime Task - ok
08:27:41.0633 0x0e70  [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
08:27:41.0633 0x0e70  iTunesHelper - ok
08:27:41.0664 0x0e70  [ 1DE859B82E381A645C44284A5044BC33, 305AE678D3163D57C8E027F94BC553FDFDE7F9A14599EAEC370B0867DE4A9EC2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
08:27:41.0680 0x0e70  SunJavaUpdateSched - ok
08:27:41.0789 0x0e70  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:27:41.0820 0x0e70  Sidebar - ok
08:27:41.0851 0x0e70  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:27:41.0851 0x0e70  mctadmin - ok
08:27:41.0898 0x0e70  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:27:41.0914 0x0e70  Sidebar - ok
08:27:41.0914 0x0e70  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:27:41.0929 0x0e70  mctadmin - ok
08:27:42.0007 0x0e70  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
08:27:42.0007 0x0e70  swg - ok
08:27:42.0132 0x0e70  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )
08:27:42.0163 0x0e70  Win FW state via NFP2: enabled
08:27:42.0179 0x0e70  ============================================================
08:27:42.0179 0x0e70  Scan finished
08:27:42.0179 0x0e70  ============================================================
08:27:42.0194 0x0e68  Detected object count: 0
08:27:42.0194 0x0e68  Actual detected object count: 0
 


#8 danleuthner

danleuthner
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 22 July 2014 - 08:46 AM

frst log after fix was run
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Liz (administrator) on LIZ-PC on 22-07-2014 08:41:44
Running from C:\Users\Liz\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Garmin Ltd or its subsidiaries) C:\Users\Liz\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Kaspersky Lab ZAO) C:\Users\Liz\Desktop\TDSSKiller.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" 
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-99505543-3047984818-3348261478-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-29] (Google Inc.)
ShellIconOverlayIdentifiers: MOBK -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK2 -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK3 -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x31071C0B4927CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\r7hfwh59.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Liz\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF user.js: detected! => C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\r7hfwh59.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\r7hfwh59.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-19]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Drive) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Google Search) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (RealDownloader) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-01-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-05-15] (APN LLC.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 Garmin Core Update Service; C:\Users\Liz\Desktop\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-10-27] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-10-22] (Alcatel-Lucent) [File not signed]
S4 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130560 2010-07-29] (WDC) [File not signed]
S4 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [952832 2010-07-29] () [File not signed]
S4 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484864 2010-07-29] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 cpuz137; \??\C:\Users\Liz\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
U4 Messenger; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-22 08:41 - 2014-07-22 08:41 - 00017347 _____ () C:\Users\Liz\Desktop\FRST.txt
2014-07-21 18:46 - 2014-07-21 18:47 - 00030021 _____ () C:\Users\Liz\Desktop\Addition.txt
2014-07-21 18:45 - 2014-07-22 08:41 - 00000000 ____D () C:\FRST
2014-07-21 18:45 - 2014-07-21 18:47 - 00076799 _____ () C:\Users\Liz\Desktop\FRSTjuly19.txt
2014-07-21 18:44 - 2014-07-21 18:44 - 02090496 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe
2014-07-21 09:11 - 2014-07-21 09:11 - 00049124 _____ () C:\Users\Liz\Desktop\Extras.Txt
2014-07-21 09:10 - 2014-07-21 18:36 - 00119638 _____ () C:\Users\Liz\Desktop\OTL.Txt
2014-07-21 07:56 - 2014-07-21 07:56 - 00602112 _____ (OldTimer Tools) C:\Users\Liz\Desktop\OTL.exe
2014-07-21 07:56 - 2014-07-21 07:56 - 00448512 _____ (OldTimer Tools) C:\Users\Liz\Desktop\TFC.exe
2014-07-21 07:43 - 2014-07-21 07:43 - 00080384 _____ () C:\Users\Liz\Desktop\MBRCheck.exe
2014-07-21 07:43 - 2014-07-21 07:43 - 00014757 _____ () C:\Users\Liz\Desktop\MBRCheck_07.21.14_07.43.32.txt
2014-07-21 06:12 - 2014-07-22 08:34 - 00000000 ____D () C:\Users\Liz\Desktop\backups
2014-07-21 06:12 - 2014-07-21 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Liz\Desktop\HijackThis.exe
2014-07-20 01:39 - 2014-07-20 01:39 - 00000000 __SHD () C:\Users\Liz\AppData\Local\EmieUserList
2014-07-20 01:39 - 2014-07-20 01:39 - 00000000 __SHD () C:\Users\Liz\AppData\Local\EmieSiteList
2014-07-20 01:37 - 2014-07-20 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 01:37 - 2014-07-20 01:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-20 01:37 - 2014-07-20 01:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-20 01:37 - 2014-07-20 01:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-20 01:37 - 2014-07-20 01:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 01:36 - 2014-07-20 01:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-20 01:33 - 2014-07-20 01:33 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\Oracle
2014-07-20 01:28 - 2014-07-20 01:28 - 00000000 ___HD () C:\Users\Liz\AppData\Local\CrashDumps
2014-07-20 01:12 - 2014-07-20 01:13 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-20 01:06 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 01:06 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 01:06 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 01:06 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 01:06 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 01:06 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 01:06 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 01:06 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 01:06 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 01:06 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 01:06 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 01:06 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 01:06 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 01:06 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 01:06 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 01:06 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 01:06 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 01:06 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 01:06 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 01:06 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 01:06 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 01:06 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 01:06 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 01:06 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 01:06 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 01:06 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 01:06 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 01:06 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 01:06 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 01:06 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 01:06 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 01:06 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 01:06 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 01:06 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 01:06 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 01:06 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 01:06 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 01:06 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 01:06 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 01:06 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 01:06 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 01:06 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 01:06 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 01:06 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 01:06 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 01:06 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 01:06 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 01:06 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 01:06 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 01:06 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 01:06 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 01:06 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 01:06 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 01:06 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 01:06 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 01:06 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-20 00:53 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-20 00:53 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-20 00:53 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-20 00:53 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-19 07:08 - 2014-07-19 07:08 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-07-19 07:08 - 2014-07-19 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-07-19 07:08 - 2014-07-19 07:08 - 00000000 ____D () C:\Program Files\CPUID
2014-07-19 07:05 - 2014-07-19 07:08 - 01500512 _____ ( ) C:\Users\Liz\Downloads\cpu-z_1.70-setup-en.exe
2014-07-19 01:33 - 2014-07-19 01:33 - 00039495 _____ () C:\Users\Liz\Desktop\attach.txt
2014-07-19 01:33 - 2014-07-19 01:33 - 00022052 _____ () C:\Users\Liz\Desktop\dds.txt
2014-07-19 01:29 - 2014-07-21 08:39 - 00007618 ____H () C:\Users\Liz\AppData\Local\resmon.resmoncfg
2014-07-19 01:18 - 2014-07-19 01:17 - 00688992 ____R (Swearware) C:\Users\Liz\Desktop\dds.com
2014-07-19 01:17 - 2014-07-19 01:17 - 00688992 _____ (Swearware) C:\Users\Liz\Downloads\dds.com
2014-07-19 00:54 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-19 00:54 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-19 00:54 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-19 00:54 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-19 00:54 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-19 00:54 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-19 00:54 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-19 00:54 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-19 00:54 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-19 00:54 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-19 00:54 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-19 00:54 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-19 00:54 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-19 00:54 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-19 00:54 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-19 00:54 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-19 00:52 - 2014-07-19 00:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-19 00:52 - 2014-07-19 00:52 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-19 00:52 - 2014-07-19 00:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-19 00:52 - 2014-07-19 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-19 00:52 - 2014-07-19 00:52 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-19 00:52 - 2014-07-19 00:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-19 00:51 - 2014-07-19 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-19 00:48 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-07-19 00:48 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-07-19 00:48 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-07-19 00:48 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-07-19 00:46 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-19 00:46 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-19 00:42 - 2014-07-19 00:42 - 00099258 _____ () C:\Users\Liz\Desktop\kskillerJuly19.txt
2014-07-19 00:35 - 2014-07-19 00:39 - 00002606 _____ () C:\Users\Liz\Desktop\Rkill.txt
2014-07-19 00:34 - 2014-07-19 00:34 - 00001004 _____ () C:\Users\Liz\Desktop\checkup.txt
2014-07-19 00:24 - 2014-07-19 00:24 - 04161313 _____ () C:\Users\Liz\Downloads\tdsskiller.zip
2014-07-19 00:23 - 2014-07-19 00:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Liz\Downloads\rkill.exe
2014-07-19 00:23 - 2014-07-19 00:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Liz\Desktop\rkill.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00854390 _____ () C:\Users\Liz\Downloads\SecurityCheck.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00854390 _____ () C:\Users\Liz\Desktop\SecurityCheck.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00001075 _____ () C:\Users\Liz\Desktop\SecurityCheck - Shortcut.lnk
2014-07-19 00:11 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-19 00:11 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-19 00:11 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-19 00:11 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-19 00:11 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-19 00:11 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-07-19 00:11 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-07-19 00:11 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-19 00:11 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-19 00:11 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-07-19 00:11 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-07-19 00:03 - 2014-07-19 00:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-18 23:57 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-18 23:57 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-07-18 23:57 - 2014-03-24 21:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-18 23:57 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-18 23:56 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-18 23:56 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-18 23:55 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-18 23:55 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-18 23:55 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-18 23:55 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 23:55 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 23:54 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-18 23:54 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-07-18 23:54 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-07-18 23:54 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-07-18 23:54 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-07-18 23:54 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-07-18 23:54 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-07-18 23:54 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-07-18 23:54 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-07-18 23:54 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-07-18 23:54 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-07-18 23:54 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-07-18 23:54 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-07-18 23:54 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-07-18 23:54 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-18 23:53 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-18 23:53 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-18 23:51 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 23:51 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 23:51 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 23:51 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-07-18 23:51 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-07-18 23:51 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-07-18 23:51 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-07-18 23:51 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-07-18 23:51 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-07-18 23:38 - 2014-07-18 23:38 - 00000000 ____D () C:\NPE
2014-07-18 23:36 - 2014-07-18 23:49 - 00000000 ____D () C:\Users\Liz\AppData\Local\NPE
2014-07-18 23:36 - 2014-07-18 23:36 - 03077584 ____N (Symantec Corporation) C:\Users\Liz\Downloads\NPE.exe
2014-07-18 22:54 - 2014-07-18 23:19 - 00000000 ____D () C:\Users\Liz\Documents\highjack
2014-07-18 22:30 - 2014-07-18 22:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.wu.LB.932917144684029.1.1.Run.exe
2014-07-18 21:58 - 2014-07-18 23:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-18 21:58 - 2014-07-18 22:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 21:58 - 2014-07-18 21:58 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-18 21:58 - 2014-07-18 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-18 21:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-18 21:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-18 21:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-18 21:56 - 2014-07-18 21:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-18 17:24 - 2014-07-18 17:24 - 00002133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-18 17:24 - 2014-07-18 17:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-18 13:14 - 2014-07-18 13:15 - 00000000 ____D () C:\Users\Liz\AppData\Local\{17B77BE0-6430-46F9-A25B-C0C10B6442C0}
2014-07-17 18:28 - 2014-07-17 18:28 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810 (2).epub
2014-07-17 18:28 - 2014-07-17 18:28 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810 (1).epub
2014-07-17 18:27 - 2014-07-17 18:27 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810.epub
2014-07-17 18:26 - 2014-07-17 18:26 - 00001812 _____ () C:\Users\Liz\Downloads\NovellaCollection.acsm
2014-07-16 15:04 - 2014-07-16 15:04 - 00001773 _____ () C:\Users\Liz\Downloads\DutifulWife9781101589694 (1).acsm
2014-07-16 15:04 - 2014-07-16 15:04 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096 (2).acsm
2014-07-13 23:46 - 2014-07-13 23:46 - 00000000 ____D () C:\6712e7574110043240cca5ddce760930
2014-07-12 14:34 - 2014-07-12 14:34 - 00001773 _____ () C:\Users\Liz\Downloads\DutifulWife9781101589694.acsm
2014-07-12 11:55 - 2013-12-12 17:14 - 00112496 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsock64.sys
2014-07-12 11:54 - 2014-07-12 11:56 - 00000022 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi(2).zip
2014-07-12 11:21 - 2014-07-12 11:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WindowsFirewall.RNP.132861227893302.8.1.Run.exe
2014-07-11 09:57 - 2014-07-11 09:57 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096 (1).acsm
2014-07-11 09:36 - 2014-07-11 09:36 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096.acsm
2014-07-10 17:25 - 2014-07-10 17:25 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi (2).zip
2014-07-10 17:25 - 2014-07-10 17:25 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi (1).zip
2014-07-10 12:38 - 2014-07-19 00:24 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Liz\Desktop\TDSSKiller.exe
2014-07-10 09:19 - 2014-07-10 09:19 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi(1).zip
2014-07-10 09:14 - 2014-07-10 09:14 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi.zip
2014-07-10 09:10 - 2014-07-10 09:10 - 00000000 ___HD () C:\Users\Liz\AppData\Local\Adobe
2014-07-09 12:23 - 2014-07-09 12:23 - 00001784 _____ () C:\Users\Liz\Downloads\LadyFolbrokesDeliciousDeception9781459223318.acsm
2014-07-08 20:38 - 2014-07-08 20:38 - 00001773 _____ () C:\Users\Liz\Downloads\ItalianDoctorsWife9781426878817.acsm
2014-07-08 17:50 - 2014-07-08 17:51 - 00001772 _____ () C:\Users\Liz\Downloads\BeautyandtheScarredHero9781426848308.acsm
2014-07-08 13:03 - 2014-07-08 13:03 - 00001579 _____ () C:\Users\Liz\Downloads\StrangeCapers.acsm
2014-07-08 10:32 - 2014-07-08 10:32 - 00001771 _____ () C:\Users\Liz\Downloads\GreekChildrensDoctor9781426802904 (1).acsm
2014-07-07 23:00 - 2014-07-07 23:00 - 00001771 _____ () C:\Users\Liz\Downloads\GreekChildrensDoctor9781426802904.acsm
2014-07-07 15:30 - 2014-07-07 15:30 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (4).acsm
2014-07-07 13:43 - 2014-07-07 13:43 - 00001766 _____ () C:\Users\Liz\Downloads\MissDarbysDuenna.acsm
2014-07-06 14:46 - 2014-07-06 14:46 - 00001773 _____ () C:\Users\Liz\Downloads\DangerousBaronLeighThe.acsm
2014-07-06 14:45 - 2014-07-06 14:45 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (3).acsm
2014-07-06 14:44 - 2014-07-06 14:44 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (2).acsm
2014-07-06 11:42 - 2014-07-06 11:42 - 00001763 _____ () C:\Users\Liz\Downloads\CarouselofHearts.acsm
2014-07-05 12:09 - 2014-07-05 12:09 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (1).acsm
2014-07-03 20:23 - 2014-07-03 20:23 - 00001766 _____ () C:\Users\Liz\Downloads\PerfectKiss9781436284226.acsm
2014-07-03 19:27 - 2014-07-03 19:27 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504.acsm
2014-07-03 14:57 - 2014-07-03 14:57 - 00001764 _____ () C:\Users\Liz\Downloads\ReputableRake9781426861550 (1).acsm
2014-07-03 09:42 - 2014-07-03 09:42 - 00001764 _____ () C:\Users\Liz\Downloads\ReputableRake9781426861550.acsm
2014-07-02 20:24 - 2014-07-02 20:24 - 00001782 _____ () C:\Users\Liz\Downloads\PracticalWidowtoPassionateMistress9781459209473.acsm
2014-07-01 11:11 - 2014-07-01 11:11 - 04940912 _____ () C:\Users\Liz\Downloads\DSCN5295.MOV
2014-06-29 13:37 - 2014-06-29 13:37 - 00001775 _____ () C:\Users\Liz\Downloads\DiamondsofWelbourneManor9781426832703.acsm
2014-06-29 13:37 - 2014-06-29 13:37 - 00001775 _____ () C:\Users\Liz\Downloads\DiamondsofWelbourneManor9781426832703 (1).acsm
2014-06-28 18:22 - 2014-06-28 18:22 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (3).acsm
2014-06-28 18:22 - 2014-06-28 18:22 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (2).acsm
2014-06-28 16:11 - 2014-06-28 16:11 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (1).acsm
2014-06-28 16:10 - 2014-06-28 16:10 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024.acsm
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\ProgramData\APN
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-27 15:12 - 2014-07-20 01:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-23 10:21 - 2014-06-23 10:22 - 00688280 _____ (Yahoo! Inc.) C:\Users\Liz\Downloads\yahoo_firefox_us_wrap_2014.04.14.11.31.31.exe
 
==================== One Month Modified Files and Folders =======
 
2014-07-22 08:42 - 2014-07-22 08:41 - 00017347 _____ () C:\Users\Liz\Desktop\FRST.txt
2014-07-22 08:41 - 2014-07-21 18:45 - 00000000 ____D () C:\FRST
2014-07-22 08:37 - 2010-10-29 08:29 - 01215581 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 08:34 - 2014-07-21 06:12 - 00000000 ____D () C:\Users\Liz\Desktop\backups
2014-07-22 08:33 - 2009-07-13 23:45 - 00017120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 08:33 - 2009-07-13 23:45 - 00017120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 08:31 - 2012-05-22 12:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-22 08:26 - 2010-10-29 20:52 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-22 08:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 08:26 - 2009-07-13 23:51 - 00432407 _____ () C:\Windows\setupact.log
2014-07-22 08:22 - 2010-10-29 20:52 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 18:47 - 2014-07-21 18:46 - 00030021 _____ () C:\Users\Liz\Desktop\Addition.txt
2014-07-21 18:47 - 2014-07-21 18:45 - 00076799 _____ () C:\Users\Liz\Desktop\FRSTjuly19.txt
2014-07-21 18:44 - 2014-07-21 18:44 - 02090496 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe
2014-07-21 18:36 - 2014-07-21 09:10 - 00119638 _____ () C:\Users\Liz\Desktop\OTL.Txt
2014-07-21 09:11 - 2014-07-21 09:11 - 00049124 _____ () C:\Users\Liz\Desktop\Extras.Txt
2014-07-21 08:39 - 2014-07-19 01:29 - 00007618 ____H () C:\Users\Liz\AppData\Local\resmon.resmoncfg
2014-07-21 07:56 - 2014-07-21 07:56 - 00602112 _____ (OldTimer Tools) C:\Users\Liz\Desktop\OTL.exe
2014-07-21 07:56 - 2014-07-21 07:56 - 00448512 _____ (OldTimer Tools) C:\Users\Liz\Desktop\TFC.exe
2014-07-21 07:43 - 2014-07-21 07:43 - 00080384 _____ () C:\Users\Liz\Desktop\MBRCheck.exe
2014-07-21 07:43 - 2014-07-21 07:43 - 00014757 _____ () C:\Users\Liz\Desktop\MBRCheck_07.21.14_07.43.32.txt
2014-07-21 06:19 - 2014-02-08 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-07-21 06:12 - 2014-07-21 06:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Liz\Desktop\HijackThis.exe
2014-07-20 20:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-20 01:39 - 2014-07-20 01:39 - 00000000 __SHD () C:\Users\Liz\AppData\Local\EmieUserList
2014-07-20 01:39 - 2014-07-20 01:39 - 00000000 __SHD () C:\Users\Liz\AppData\Local\EmieSiteList
2014-07-20 01:39 - 2014-06-27 15:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-20 01:37 - 2014-07-20 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 01:36 - 2014-07-20 01:37 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-20 01:36 - 2014-07-20 01:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-20 01:36 - 2014-07-20 01:37 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-20 01:36 - 2014-07-20 01:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 01:36 - 2014-07-20 01:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-20 01:33 - 2014-07-20 01:33 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\Oracle
2014-07-20 01:28 - 2014-07-20 01:28 - 00000000 ___HD () C:\Users\Liz\AppData\Local\CrashDumps
2014-07-20 01:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-20 01:13 - 2014-07-20 01:12 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 07:08 - 2014-07-19 07:08 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-07-19 07:08 - 2014-07-19 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-07-19 07:08 - 2014-07-19 07:08 - 00000000 ____D () C:\Program Files\CPUID
2014-07-19 07:08 - 2014-07-19 07:05 - 01500512 _____ ( ) C:\Users\Liz\Downloads\cpu-z_1.70-setup-en.exe
2014-07-19 01:33 - 2014-07-19 01:33 - 00039495 _____ () C:\Users\Liz\Desktop\attach.txt
2014-07-19 01:33 - 2014-07-19 01:33 - 00022052 _____ () C:\Users\Liz\Desktop\dds.txt
2014-07-19 01:17 - 2014-07-19 01:18 - 00688992 ____R (Swearware) C:\Users\Liz\Desktop\dds.com
2014-07-19 01:17 - 2014-07-19 01:17 - 00688992 _____ (Swearware) C:\Users\Liz\Downloads\dds.com
2014-07-19 01:00 - 2014-02-15 08:56 - 00001413 _____ () C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-19 01:00 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-19 00:54 - 2013-11-27 04:01 - 00072734 _____ () C:\Windows\IE11_main.log
2014-07-19 00:52 - 2014-07-19 00:52 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-07-19 00:52 - 2014-07-19 00:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-07-19 00:52 - 2014-07-19 00:52 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-07-19 00:52 - 2014-07-19 00:52 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-07-19 00:52 - 2014-07-19 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-07-19 00:52 - 2014-07-19 00:52 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-07-19 00:52 - 2014-07-19 00:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-07-19 00:52 - 2014-07-19 00:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-19 00:52 - 2014-07-19 00:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-19 00:52 - 2014-07-19 00:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-07-19 00:51 - 2014-07-19 00:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-19 00:42 - 2014-07-19 00:42 - 00099258 _____ () C:\Users\Liz\Desktop\kskillerJuly19.txt
2014-07-19 00:39 - 2014-07-19 00:35 - 00002606 _____ () C:\Users\Liz\Desktop\Rkill.txt
2014-07-19 00:34 - 2014-07-19 00:34 - 00001004 _____ () C:\Users\Liz\Desktop\checkup.txt
2014-07-19 00:24 - 2014-07-19 00:24 - 04161313 _____ () C:\Users\Liz\Downloads\tdsskiller.zip
2014-07-19 00:24 - 2014-07-10 12:38 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Liz\Desktop\TDSSKiller.exe
2014-07-19 00:23 - 2014-07-19 00:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Liz\Downloads\rkill.exe
2014-07-19 00:23 - 2014-07-19 00:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Liz\Desktop\rkill.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00854390 _____ () C:\Users\Liz\Downloads\SecurityCheck.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00854390 _____ () C:\Users\Liz\Desktop\SecurityCheck.exe
2014-07-19 00:22 - 2014-07-19 00:22 - 00001075 _____ () C:\Users\Liz\Desktop\SecurityCheck - Shortcut.lnk
2014-07-19 00:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-19 00:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-19 00:05 - 2009-07-13 23:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-19 00:03 - 2014-07-19 00:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-19 00:03 - 2009-07-14 02:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 23:49 - 2014-07-18 23:36 - 00000000 ____D () C:\Users\Liz\AppData\Local\NPE
2014-07-18 23:46 - 2011-07-01 10:23 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-07-18 23:38 - 2014-07-18 23:38 - 00000000 ____D () C:\NPE
2014-07-18 23:36 - 2014-07-18 23:36 - 03077584 ____N (Symantec Corporation) C:\Users\Liz\Downloads\NPE.exe
2014-07-18 23:36 - 2011-12-11 11:53 - 00000000 ____D () C:\ProgramData\Norton
2014-07-18 23:26 - 2014-04-21 14:35 - 00000072 _____ () C:\Windows\system32\omiop.pte
2014-07-18 23:19 - 2014-07-18 22:54 - 00000000 ____D () C:\Users\Liz\Documents\highjack
2014-07-18 23:15 - 2010-10-29 21:39 - 00444944 _____ () C:\Windows\PFRO.log
2014-07-18 23:01 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-07-18 23:00 - 2014-07-18 21:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-18 22:41 - 2014-07-18 21:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 22:30 - 2014-07-18 22:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.wu.LB.932917144684029.1.1.Run.exe
2014-07-18 21:58 - 2014-07-18 21:58 - 00001078 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-18 21:58 - 2014-07-18 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-18 21:58 - 2010-10-30 08:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-18 21:57 - 2014-07-18 21:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-18 21:41 - 2012-04-27 12:39 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 17:24 - 2014-07-18 17:24 - 00002133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-18 17:24 - 2014-07-18 17:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-18 17:24 - 2014-02-08 10:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-18 17:24 - 2014-02-08 10:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-18 16:32 - 2014-02-08 10:24 - 00000000 ____D () C:\Windows\pss
2014-07-18 16:04 - 2012-04-27 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-18 16:04 - 2011-09-01 14:40 - 00000000 ____D () C:\ProgramData\Real
2014-07-18 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-07-18 16:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-18 13:15 - 2014-07-18 13:14 - 00000000 ____D () C:\Users\Liz\AppData\Local\{17B77BE0-6430-46F9-A25B-C0C10B6442C0}
2014-07-18 13:06 - 2010-10-29 08:29 - 00000000 ____D () C:\Users\Liz
2014-07-17 18:28 - 2014-07-17 18:28 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810 (2).epub
2014-07-17 18:28 - 2014-07-17 18:28 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810 (1).epub
2014-07-17 18:28 - 2010-11-22 14:31 - 00000000 ____D () C:\Users\Liz\Documents\My Digital Editions
2014-07-17 18:27 - 2014-07-17 18:27 - 01068048 _____ () C:\Users\Liz\Downloads\%7B47C349B9-B1FD-4137-85BD-B36EA062D0DD%7DFmt810.epub
2014-07-17 18:26 - 2014-07-17 18:26 - 00001812 _____ () C:\Users\Liz\Downloads\NovellaCollection.acsm
2014-07-16 15:04 - 2014-07-16 15:04 - 00001773 _____ () C:\Users\Liz\Downloads\DutifulWife9781101589694 (1).acsm
2014-07-16 15:04 - 2014-07-16 15:04 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096 (2).acsm
2014-07-13 23:46 - 2014-07-13 23:46 - 00000000 ____D () C:\6712e7574110043240cca5ddce760930
2014-07-12 14:34 - 2014-07-12 14:34 - 00001773 _____ () C:\Users\Liz\Downloads\DutifulWife9781101589694.acsm
2014-07-12 11:56 - 2014-07-12 11:54 - 00000022 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi(2).zip
2014-07-12 11:21 - 2014-07-12 11:21 - 00347816 _____ (Microsoft Corporation) C:\Users\Liz\Downloads\MicrosoftFixit.WindowsFirewall.RNP.132861227893302.8.1.Run.exe
2014-07-12 11:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-11 12:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-07-11 09:57 - 2014-07-11 09:57 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096 (1).acsm
2014-07-11 09:51 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-11 09:36 - 2014-07-11 09:36 - 00001772 _____ () C:\Users\Liz\Downloads\NightBeforeChristmas9781459220096.acsm
2014-07-11 07:28 - 2009-07-14 00:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-10 17:25 - 2014-07-10 17:25 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi (2).zip
2014-07-10 17:25 - 2014-07-10 17:25 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi (1).zip
2014-07-10 09:55 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 09:52 - 2010-10-30 09:00 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 09:19 - 2014-07-10 09:19 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi(1).zip
2014-07-10 09:14 - 2014-07-10 09:14 - 04095558 _____ () C:\Users\Liz\Downloads\anyconnect-win-3.1.05152-pre-deploy-k9.msi.zip
2014-07-10 09:10 - 2014-07-10 09:10 - 00000000 ___HD () C:\Users\Liz\AppData\Local\Adobe
2014-07-09 12:23 - 2014-07-09 12:23 - 00001784 _____ () C:\Users\Liz\Downloads\LadyFolbrokesDeliciousDeception9781459223318.acsm
2014-07-08 20:38 - 2014-07-08 20:38 - 00001773 _____ () C:\Users\Liz\Downloads\ItalianDoctorsWife9781426878817.acsm
2014-07-08 17:51 - 2014-07-08 17:50 - 00001772 _____ () C:\Users\Liz\Downloads\BeautyandtheScarredHero9781426848308.acsm
2014-07-08 13:03 - 2014-07-08 13:03 - 00001579 _____ () C:\Users\Liz\Downloads\StrangeCapers.acsm
2014-07-08 12:31 - 2012-05-22 12:44 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 12:31 - 2012-05-22 12:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 12:31 - 2011-06-01 15:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 10:32 - 2014-07-08 10:32 - 00001771 _____ () C:\Users\Liz\Downloads\GreekChildrensDoctor9781426802904 (1).acsm
2014-07-07 23:00 - 2014-07-07 23:00 - 00001771 _____ () C:\Users\Liz\Downloads\GreekChildrensDoctor9781426802904.acsm
2014-07-07 15:30 - 2014-07-07 15:30 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (4).acsm
2014-07-07 13:43 - 2014-07-07 13:43 - 00001766 _____ () C:\Users\Liz\Downloads\MissDarbysDuenna.acsm
2014-07-06 14:46 - 2014-07-06 14:46 - 00001773 _____ () C:\Users\Liz\Downloads\DangerousBaronLeighThe.acsm
2014-07-06 14:45 - 2014-07-06 14:45 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (3).acsm
2014-07-06 14:44 - 2014-07-06 14:44 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (2).acsm
2014-07-06 11:42 - 2014-07-06 11:42 - 00001763 _____ () C:\Users\Liz\Downloads\CarouselofHearts.acsm
2014-07-05 12:09 - 2014-07-05 12:09 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504 (1).acsm
2014-07-03 20:23 - 2014-07-03 20:23 - 00001766 _____ () C:\Users\Liz\Downloads\PerfectKiss9781436284226.acsm
2014-07-03 19:27 - 2014-07-03 19:27 - 00001769 _____ () C:\Users\Liz\Downloads\MuchAdoAboutYou0061125504.acsm
2014-07-03 14:57 - 2014-07-03 14:57 - 00001764 _____ () C:\Users\Liz\Downloads\ReputableRake9781426861550 (1).acsm
2014-07-03 09:42 - 2014-07-03 09:42 - 00001764 _____ () C:\Users\Liz\Downloads\ReputableRake9781426861550.acsm
2014-07-02 20:24 - 2014-07-02 20:24 - 00001782 _____ () C:\Users\Liz\Downloads\PracticalWidowtoPassionateMistress9781459209473.acsm
2014-07-01 11:11 - 2014-07-01 11:11 - 04940912 _____ () C:\Users\Liz\Downloads\DSCN5295.MOV
2014-06-29 21:09 - 2014-07-18 23:56 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-18 23:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 13:37 - 2014-06-29 13:37 - 00001775 _____ () C:\Users\Liz\Downloads\DiamondsofWelbourneManor9781426832703.acsm
2014-06-29 13:37 - 2014-06-29 13:37 - 00001775 _____ () C:\Users\Liz\Downloads\DiamondsofWelbourneManor9781426832703 (1).acsm
2014-06-28 18:22 - 2014-06-28 18:22 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (3).acsm
2014-06-28 18:22 - 2014-06-28 18:22 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (2).acsm
2014-06-28 16:11 - 2014-06-28 16:11 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024 (1).acsm
2014-06-28 16:10 - 2014-06-28 16:10 - 00001781 _____ () C:\Users\Liz\Downloads\AutumnGloryandOtherStories9781611876024.acsm
2014-06-27 15:15 - 2012-07-08 18:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\ProgramData\APN
2014-06-27 15:14 - 2014-06-27 15:14 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-23 10:22 - 2014-06-23 10:21 - 00688280 _____ (Yahoo! Inc.) C:\Users\Liz\Downloads\yahoo_firefox_us_wrap_2014.04.14.11.31.31.exe
2014-06-23 10:10 - 2014-06-07 13:26 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-22 03:15 - 2011-11-24 14:53 - 00000000 ____D () C:\ProgramData\Garmin
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 07:55
 
==================== End Of Log ============================


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 AM

Posted 22 July 2014 - 08:51 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Edited by Machiavelli, 22 July 2014 - 08:51 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,883 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:03 AM

Posted 24 July 2014 - 11:53 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users