Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:DOS/Aluren.J infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 maynardlu

maynardlu

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 07 October 2014 - 01:07 AM

Hello and thank you ahead of time for any and all help you may give me.

 

My computer is win 7 home premium 32 bit SP1.

 

I have MSE as my A/V program but I also scan with Malwarebytes and I run CCleaner daily

 

MSE keeps popping up saying it found and removed  Aluren.J infection but gives me error code 0x80508023. the program could not find the malware or potentially unwanted software on this computer.

 

initial location for infection was MBR boot:\device\Harddisk1\DR1 now it has changed to boot\device\Harddisk0\DR0

 

MSE pops up and says it has removed a threat every time I boot comp or run any A/V related software

 

 

My original post was http://www.bleepingcomputer.com/forums/t/550349/trojandosalurenj-infection/

 

I have been working with and following boopme's help suggestions and I am  posting  the DDS logs here :

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by Maynardlu at 1:39:10 on 2014-10-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3579.2215 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Coupons\CouponPrinterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\taskeng.exe
D:\program files\CCleaner\CCleaner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\WUDFHost.exe
D:\program files\Speccy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://search.coupons.com/
uURLSearchHooks: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - <orphaned>
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - d:\program files\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - d:\program files\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - d:\program files\roboform.dll
uRun: [CCleaner Monitoring] "d:\program files\ccleaner\CCleaner.exe" /MONITOR
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Customize Menu - d:\program files\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - d:\program files\RoboFormComFillForms.html
IE: RoboForm Toolbar - d:\program files\RoboFormComShowToolbar.html
IE: Save Forms - d:\program files\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - d:\program files\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - d:\program files\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - d:\program files\RoboFormComShowToolbar.html
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{720312BE-6A4A-4D9E-85B7-7F00A8669FEA} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\maynardlu\appdata\roaming\mozilla\firefox\profiles\ihx5kcxh.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\totalrecipesearch_14ei\installr\1.bin\NP14EISb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - plugin: d:\program files\plugins\npqtplugin.dll
FF - plugin: d:\program files\plugins\npqtplugin2.dll
FF - plugin: d:\program files\plugins\npqtplugin3.dll
FF - plugin: d:\program files\plugins\npqtplugin4.dll
FF - plugin: d:\program files\plugins\npqtplugin5.dll
FF - plugin: d:\program files\plugins\npqtplugin6.dll
FF - plugin: d:\program files\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R1 MpKslc117c188;MpKslc117c188;c:\programdata\microsoft\microsoft antimalware\definition updates\{0a334b7d-3456-43a4-98bb-e07d990a809a}\MpKslc117c188.sys [2014-10-7 39464]
R2 CouponPrinterService;Coupon Printer Service;c:\program files\coupons\CouponPrinterService.exe [2014-2-13 153072]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-7-17 95920]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-8-28 33568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-5-23 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-5-23 8456]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-16 108032]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-19 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-19 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-29 1343400]
S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2013-7-30 350792]
S4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-8-28 14573856]
S4 Secunia PSI Agent;Secunia PSI Agent;d:\program files\psi\psia.exe [2011-1-10 993848]
S4 Secunia Update Agent;Secunia Update Agent;d:\program files\psi\sua.exe [2011-1-10 399416]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-9-12 414496]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=c:\windows\system32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-07 05:26:48 39464 -c--a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0a334b7d-3456-43a4-98bb-e07d990a809a}\MpKslc117c188.sys
2014-10-07 05:11:11 62576 -c--a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0a334b7d-3456-43a4-98bb-e07d990a809a}\offreg.dll
2014-10-06 16:04:36 8806800 -c--a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0a334b7d-3456-43a4-98bb-e07d990a809a}\mpengine.dll
2014-10-05 15:52:32 8806800 -c--a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-10-02 11:12:34 908840 -c----w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2014-10-02 11:12:34 908840 -c----w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48313a7a-f0f3-4b17-8d0f-d4fa1f34600d}\gapaengine.dll
2014-10-01 15:25:04 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 06:24:35 -------- dc----w- c:\program files\Microsoft Security Client
2014-09-28 19:30:16 179600 -c--a-w- c:\windows\system32\mfevtps.exe.a2d9.deleteme
2014-09-28 19:26:41 -------- dc----w- c:\program files\stinger
2014-09-22 06:35:49 -------- dc----w- C:\LGMobileUpgrade
2014-09-21 07:33:32 536576 -c--a-w- c:\windows\system32\sqlite3.dll
2014-09-21 07:32:38 -------- dc----w- C:\AdwCleaner
2014-09-21 05:54:15 -------- dc----w- c:\programdata\Kaspersky Lab
2014-09-21 05:54:15 -------- dc----w- c:\program files\Kaspersky Lab
2014-09-17 00:24:57 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-16 23:57:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-16 23:57:36 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-16 23:57:23 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-16 23:57:22 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-16 23:57:20 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-16 23:56:26 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-12 09:43:10 227728 -c--a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-10-02 20:09:28 110296 -c--a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-30 01:19:35 701104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-30 01:19:34 71344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 06:41:56 231568 -c----w- c:\windows\system32\MpSigStub.exe
2014-09-03 17:35:36 444912 -c--a-w- c:\windows\CouponPrinter.ocx
2014-09-02 18:57:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-09-02 18:57:55 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-14 07:37:04 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 07:36:27 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-14 07:36:27 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-14 07:36:27 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-14 07:35:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-14 07:35:32 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-14 07:35:31 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-14 07:35:31 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-14 07:35:31 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-14 07:35:15 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 07:35:15 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 07:35:15 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 07:35:15 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 07:30:45 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-14 07:30:45 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-07 08:46:00 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-02 06:38:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-02 06:38:36 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-02 06:38:31 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-07-25 16:55:14 96680 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-17 22:05:08 95920 -c--a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-17 22:05:08 231800 -c--a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-10 00:21:14 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-10 00:21:07 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-10 00:21:04 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-10 00:18:37 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-10 00:18:37 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-10 00:18:37 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-10 00:18:37 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-10 00:18:37 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-10 00:18:37 172032 ----a-w- c:\windows\system32\wdigest.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
1 ntkrnlpa!IofCallDriver[0x83487BBA] -> \Device\Harddisk0\DR0[0x86D97AC8]
3 CLASSPNP[0x8CFDC59E] -> ntkrnlpa!IofCallDriver[0x83487BBA] -> [0x86C44918]
5 ACPI[0x8CABB3D4] -> ntkrnlpa!IofCallDriver[0x83487BBA] -> \Device\Ide\IdeDeviceP2T0L0-3[0x86C45030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user != kernel MBR !!!
.
============= FINISH:  1:39:49.31 ===============

 

Thank you all once again
 

 

 

 



BC AdBot (Login to Remove)

 


#2 maynardlu

maynardlu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 07 October 2014 - 01:12 AM

sorry to all somehow my post posted 3 times!

 

Mod Edit:  Deleted two dupes - Hamluis.


Edited by hamluis, 07 October 2014 - 08:21 AM.


#3 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 11 October 2014 - 07:51 AM

Hello maynardlu,

I will be helping you in this case. Please, let me take a look at the logs you provided and I will be back with further instructions.

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#4 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 12 October 2014 - 04:09 AM

Hello maynardlu,
 

I'm Stan and I will be helping you for this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

********************

Do you experience any other issues with the system? Are there any slowdowns, performance drops or unusual problems with system/third-party apps? Do you experience any abnormal behavior from the system?

********************

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 

Note: You need to run the version compatible with your system. In your case, it should be 32-bit version.

  • Right-click FRST then click "Run as administrator".
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.

Please copy and paste the log in your next reply.

Note : The first time the tool is run it generates another log - Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


********************

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your Desktop.

Please, paste the content of the log in your next reply.

 

********************
 

In your next post, I will be waiting for the following:

  • FRST.txt
  • Addition.txt
  • Log from aswMBR

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#5 maynardlu

maynardlu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 13 October 2014 - 01:42 AM

Hello Stan and I look forward to working with you and clearing up this problem.

No major problems with comp operation a little slower on boot times now though.

ran farbar here are logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by Maynardlu (administrator) on MAYNARDLU-PC on 13-10-2014 01:37:11
Running from C:\Users\Maynardlu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEE9ZPVC
Loaded Profile: Maynardlu (Available profiles: Maynardlu & Carolyn & maribel & Administrator 1 & UpdatusUser & Liz)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) D:\program files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\Run: [CCleaner Monitoring] => D:\program files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {0bfa8687-cc14-11df-88a4-806e6f6e6963} - I:\EIVCD.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {14159878-938c-11e2-8973-001cc02bf97d} - K:\LGAutoRun.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {60913ee8-923b-11e0-beba-001cc02bf97d} - R:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {b60341ed-8f92-11e2-897d-001cc02bf97d} - H:\LGAutoRun.exe
Startup: C:\Users\Administrator 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Carolyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\maribel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
GroupPolicyUsers\S-1-5-21-1681582941-3042821878-2095393726-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x577EFF3EA4E4CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://www.yahoo.com/?fr=befhp&type=iehp-3.14-1305
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
URLSearchHook: HKCU - (No Name) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} -  No File
SearchScopes: HKLM - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^0D^xdm260^YY^us&ptb=2F789605-9A9E-45F5-965E-6AC922FC0587&ind=2013051723&n=77fcbb4b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm070^YY^us&si=59605&ptb=69F6E57C-9555-4300-A0DB-B717D2812FEE&ind=2012090220&n=77ee0f6c&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^man000^YYA^&ptb=90CB7B3D-D6A5-4183-AAD7-83CAFE36B9FE&psa=&ind=2014041219&st=sb&n=780bd483&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKCU - {091F9848-312A-45F5-B67F-EFF6CC84ADBA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3231939&CUI=UN10125167982720828&UM=2
SearchScopes: HKCU - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL =
SearchScopes: HKCU - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL =
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^man000^YYA^&ptb=90CB7B3D-D6A5-4183-AAD7-83CAFE36B9FE&psa=&ind=2014041219&st=sb&n=780bd483&searchfor={searchTerms}
BHO: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> D:\program files\roboform.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKLM - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\program files\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKCU - &RoboForm - {724D43A0-0D85-11D4-9908-00400523E39A} - D:\program files\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Maynardlu\AppData\Roaming\Mozilla\Firefox\Profiles\ihx5kcxh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM\...\Chrome\Extension: [dmgonlhnmmomeoojpibabenofffojbll] - C:\Users\Maynardlu\AppData\Local\CRE\dmgonlhnmmomeoojpibabenofffojbll.crx []
CHR HKCU\...\Chrome\Extension: [dmgonlhnmmomeoojpibabenofffojbll] - C:\Users\Maynardlu\AppData\Local\CRE\dmgonlhnmmomeoojpibabenofffojbll.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon) [File not signed]
S4 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14573856 2013-08-27] (NVIDIA Corporation)
S4 Secunia PSI Agent; D:\program files\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
S4 Secunia Update Agent; D:\program files\PSI\sua.exe [399416 2011-01-10] (Secunia)
S4 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-25] (SigmaTel, Inc.) [File not signed]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-13] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-03-24] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-03-24] () [File not signed]
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21792 2011-04-13] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-08-20] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-25] (SigmaTel, Inc.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 MSICDSetup; \??\M:\CDriver.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 XDva402; \??\C:\Windows\system32\XDva402.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva406; \??\C:\Windows\system32\XDva406.sys [X]
S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 01:36 - 2014-10-13 01:37 - 00000000 ___DC () C:\FRST
2014-10-12 11:55 - 2014-10-13 01:11 - 00000168 ____C () C:\Windows\setupact.log
2014-10-12 11:55 - 2014-10-12 11:55 - 00000000 ____C () C:\Windows\setuperr.log
2014-10-09 07:18 - 2014-10-09 07:18 - 00065160 ____C () C:\Users\Carolyn\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-07 01:59 - 2014-10-07 01:59 - 00002498 ____C () C:\Users\Maynardlu\Desktop\attach.zip
2014-10-07 01:40 - 2014-10-07 01:40 - 00007951 ____C () C:\Users\Maynardlu\Desktop\attach.txt
2014-10-07 01:40 - 2014-10-07 01:39 - 00016310 ____C () C:\Users\Maynardlu\Desktop\dds.txt
2014-10-07 01:38 - 2014-10-07 01:38 - 00688992 ___RC (Swearware) C:\Users\Maynardlu\Desktop\dds.com
2014-10-01 19:39 - 2014-10-01 19:39 - 09317168 ____C (ESET, spol. s r.o.) C:\Users\Maynardlu\Downloads\eset_sysrescue_live_creator_enu.exe
2014-10-01 16:13 - 2014-10-01 16:13 - 142546944 ____C () C:\Users\Maynardlu\Downloads\rescue-cd-3.16-63801.iso
2014-10-01 15:46 - 2014-10-01 15:53 - 00000000 ___DC () C:\Users\Maynardlu\Documents\My ISO Files
2014-10-01 15:45 - 2014-10-01 15:45 - 04384520 ____C (EZB Systems, Inc. ) C:\Users\Maynardlu\Downloads\uiso9_pe.exe
2014-10-01 14:59 - 2014-10-01 15:01 - 303190016 ____C () C:\Users\Maynardlu\Downloads\kav_rescue_10.iso
2014-10-01 11:25 - 2014-10-01 11:25 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 02:24 - 2014-10-01 02:24 - 00002124 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-01 02:24 - 2014-10-01 02:24 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2014-10-01 02:14 - 2014-10-01 02:14 - 01944824 ____C (Bleeping Computer, LLC) C:\Users\Maynardlu\Desktop\rkill.exe
2014-10-01 02:11 - 2014-10-01 02:15 - 00002038 ____C () C:\Users\Maynardlu\Desktop\Rkill.txt
2014-09-28 18:27 - 2014-09-28 18:27 - 00000000 ____C () C:\Users\Maynardlu\Downloads\3ursnk3b.reg
2014-09-28 18:27 - 2014-09-28 18:27 - 00000000 ____C () C:\Users\Maynardlu\Downloads\3ursnk3b.bat
2014-09-28 18:11 - 2014-09-28 18:11 - 00002361 ____C () C:\Users\Maynardlu\Documents\gmer 9.28.14.log
2014-09-28 17:39 - 2014-09-28 17:39 - 00380416 ____C () C:\Users\Maynardlu\Downloads\3ursnk3b.exe
2014-09-28 16:07 - 2014-09-28 16:09 - 158692152 ____C () C:\Users\Maynardlu\Downloads\setup_11.0.3.7.x01_2014_09_28_22_27.exe
2014-09-28 15:30 - 2014-09-28 15:30 - 00179600 ____C (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.a2d9.deleteme
2014-09-28 15:26 - 2014-09-28 15:39 - 00000000 ___DC () C:\Program Files\stinger
2014-09-25 16:36 - 2014-09-25 16:36 - 00002212 ____C () C:\Users\Administrator 1\Desktop\Google Chrome.lnk
2014-09-25 07:56 - 2014-09-25 07:56 - 02079600 ____C (Coupons.com Incorporated) C:\Users\Carolyn\Downloads\CouponPrinter (2).exe
2014-09-23 23:03 - 2014-09-23 23:03 - 00000069 ____C () C:\Windows\NeroDigital.ini
2014-09-22 02:35 - 2014-09-22 02:35 - 00000000 ___DC () C:\LGMobileUpgrade
2014-09-22 02:23 - 2014-09-22 02:30 - 00000838 ____C () C:\Users\Administrator 1\Desktop\LGMobile Support Tool.lnk
2014-09-22 02:23 - 2014-09-22 02:30 - 00000838 _____ () C:\Users\UpdatusUser.Maynardlu-PC\Desktop\LGMobile Support Tool.lnk
2014-09-21 11:04 - 2014-09-21 11:04 - 02079600 ____C (Coupons.com Incorporated) C:\Users\Carolyn\Downloads\CouponPrinter (1).exe
2014-09-21 03:33 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-21 03:32 - 2014-09-23 23:00 - 00000000 ___DC () C:\AdwCleaner
2014-09-21 03:03 - 2014-09-23 22:08 - 00006075 ____C () C:\Users\Maynardlu\Documents\aswMBR.txt
2014-09-21 03:03 - 2014-09-23 22:08 - 00000512 ____C () C:\Users\Maynardlu\Documents\MBR.dat
2014-09-21 01:54 - 2014-09-28 16:10 - 00000000 ___DC () C:\ProgramData\Kaspersky Lab
2014-09-21 01:54 - 2014-09-21 01:54 - 00000000 ___DC () C:\Program Files\Kaspersky Lab
2014-09-16 20:28 - 2014-09-16 20:28 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-16 20:28 - 2014-09-16 20:28 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-16 20:28 - 2014-09-16 20:28 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-16 20:28 - 2014-09-16 20:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-16 20:28 - 2014-09-16 20:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-16 20:28 - 2014-09-16 20:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-16 20:28 - 2014-09-16 20:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-16 20:28 - 2014-09-16 20:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-16 20:24 - 2014-09-16 20:24 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-16 19:57 - 2014-09-16 20:29 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-16 19:57 - 2014-09-16 20:29 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-16 19:57 - 2014-09-16 20:20 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-16 19:57 - 2014-09-16 20:19 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-16 19:57 - 2014-09-16 20:19 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-16 19:56 - 2014-09-16 20:20 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 01:37 - 2014-08-17 21:19 - 00000356 ____C () C:\Windows\Tasks\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000.job
2014-10-13 01:20 - 2011-08-16 18:38 - 00000892 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-13 01:19 - 2013-03-20 03:34 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 01:19 - 2009-07-14 00:34 - 00022592 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 01:19 - 2009-07-14 00:34 - 00022592 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 01:14 - 2013-10-20 13:18 - 02021221 ____C () C:\Windows\WindowsUpdate.log
2014-10-13 01:12 - 2011-08-16 18:38 - 00000888 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 01:11 - 2009-07-14 00:53 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-10-12 21:43 - 2010-11-30 19:13 - 00000948 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003UA.job
2014-10-12 20:46 - 2012-07-27 20:41 - 00000936 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001UA.job
2014-10-12 20:46 - 2012-07-27 20:41 - 00000914 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001Core.job
2014-10-12 16:43 - 2010-11-30 19:12 - 00000896 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003Core.job
2014-10-09 03:05 - 2013-03-18 02:55 - 00000000 ___DC () C:\Program Files\LG Electronics
2014-10-07 04:16 - 2014-05-05 03:51 - 00110296 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-02 17:16 - 2011-09-21 14:25 - 00065160 ____C () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-10-02 07:00 - 2011-08-16 18:38 - 00000000 ___DC () C:\Program Files\Google
2014-10-02 07:00 - 2010-09-29 21:13 - 00000000 __HDC () C:\Program Files\InstallShield Installation Information
2014-10-01 22:22 - 2011-08-16 18:38 - 00000000 ___DC () C:\ProgramData\Google
2014-10-01 22:22 - 2010-09-29 21:59 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Local\Google
2014-10-01 22:21 - 2010-09-29 21:26 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Roaming\Skype
2014-10-01 22:21 - 2010-09-29 21:26 - 00000000 ___DC () C:\ProgramData\Skype
2014-10-01 02:46 - 2010-09-29 15:36 - 00778834 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-10-01 02:24 - 2011-01-30 14:31 - 00001945 ____C () C:\Windows\epplauncher.mif
2014-09-30 13:13 - 2010-11-11 03:06 - 00000695 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-30 07:19 - 2013-10-26 18:06 - 00000000 ___DC () C:\Program Files\Coupons
2014-09-30 07:19 - 2012-08-15 12:04 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-09-29 21:19 - 2012-07-19 13:01 - 00701104 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-29 21:19 - 2011-06-02 02:30 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 16:36 - 2010-11-24 13:06 - 00000632 _RSHC () C:\Users\Administrator 1\ntuser.pol
2014-09-25 16:36 - 2010-11-24 13:06 - 00000000 __HDC () C:\Users\Administrator 1
2014-09-23 23:03 - 2013-01-02 23:39 - 00000086 ____C () C:\Users\Maynardlu\AppData\default.pls
2014-09-23 21:28 - 2010-09-29 15:34 - 00000000 ___DC () C:\Users\Maynardlu
2014-09-22 02:46 - 2013-03-18 02:52 - 00000000 ___DC () C:\ProgramData\LGMOBILEAX
2014-09-22 02:41 - 2010-09-29 16:08 - 00231568 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 02:31 - 2013-03-18 02:53 - 00000000 ___DC () C:\LGMS770
2014-09-22 02:30 - 2013-03-18 02:52 - 00002411 ____C () C:\Windows\system32\lgAxconfig.ini
2014-09-21 06:18 - 2014-09-09 17:29 - 00000000 ___DC () C:\Users\Liz
2014-09-21 06:18 - 2013-08-30 18:42 - 00000000 ___DC () C:\Users\UpdatusUser.Maynardlu-PC
2014-09-21 06:18 - 2010-09-29 17:43 - 00000000 ___DC () C:\Users\Carolyn
2014-09-21 06:18 - 2010-09-29 16:41 - 00000000 ___DC () C:\Users\maribel
2014-09-21 06:18 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\system32\wfp
2014-09-21 06:18 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\registration
2014-09-19 12:29 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\AppCompat
2014-09-19 12:29 - 2009-07-13 22:37 - 00000000 ___DC () C:\Program Files\Common Files\microsoft shared
2014-09-19 12:28 - 2014-05-15 14:25 - 00000000 __SDC () C:\Windows\system32\CompatTel
2014-09-19 12:28 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\system32\NDF
2014-09-19 12:28 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\schemas
2014-09-19 12:28 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-19 03:12 - 2009-07-14 00:56 - 00000000 ___DC () C:\Windows\DigitalLocker
2014-09-18 23:03 - 2014-09-09 17:29 - 00002212 ____C () C:\Users\Liz\Desktop\Google Chrome.lnk
2014-09-17 05:29 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\Microsoft.NET
2014-09-16 20:24 - 2013-08-10 03:25 - 00000000 ___DC () C:\Windows\system32\MRT
2014-09-16 19:16 - 2014-06-11 16:41 - 00002441 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 16:27 - 2009-07-14 00:53 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-06 04:09

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01
Ran by Maynardlu at 2014-10-13 01:37:59
Running from C:\Users\Maynardlu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEE9ZPVC
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AI RoboForm (All Users) (HKLM\...\AI RoboForm) (Version:  - )
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Catalina Savings Printer (HKLM\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
EASEUS Partition Master 8.0.1 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
IHA_MessageCenter (HKLM\...\{3EECDAD2-50D8-41B2-A8BA-359ED85D2D5F}) (Version: 1.9.1 - Verizon)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{8C6CB33A-AA86-446C-8C4D-304A7FA51033}) (Version: 8.10.380 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.6.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Update 8.3.14 (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)
OpenOffice.org 3.4 (HKLM\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Secunia PSI (2.0.0.3001) (HKLM\...\Secunia PSI) (Version:  - )
SecurDisc Viewer (HKLM\...\{B941B1C3-40AF-4E1E-AA5F-ED99EDEA1033}) (Version: 1.2.8 - Nero AG)
SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden
ShopAtHome.com Helper (HKLM\...\ShopAtHome.com Helper) (Version: 7.0.6.8 - ShopAtHome.com) <==== ATTENTION
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5205.0 - SigmaTel)
Speccy (HKLM\...\Speccy) (Version: 1.07 - Piriform)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Verizon Media Manager (HKLM\...\Verizon Media Manager) (Version: 9.6.12 - Verizon)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
Wrapper (HKLM\...\{394E7D98-28C7-4CD8-B503-7E43BC43A0F2}) (Version: 1.00.0000 - Verizon)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1681582941-3042821878-2095393726-1000_Classes\CLSID\{0067DBFC-A752-458C-AE6E-B9C7E63D4824}\InprocServer32 -> C:\Users\Maynardlu\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection32.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-1681582941-3042821878-2095393726-1000_Classes\CLSID\{33DDB83C-9959-4AC1-990C-00D28FFBB37F}\InprocServer32 -> C:\Users\Maynardlu\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection32.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-1681582941-3042821878-2095393726-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\MAYNAR~1\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe  (the data entry has 7 more characters).

==================== Restore Points  =========================

09-10-2014 06:54:04 Installed LG United Mobile Drivers.
09-10-2014 11:30:09 Windows Update
10-10-2014 05:46:22 Microsoft Antimalware Checkpoint
11-10-2014 16:04:29 Microsoft Antimalware Checkpoint
12-10-2014 19:02:49 Microsoft Antimalware Checkpoint
12-10-2014 23:00:31 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {020E7EC4-107A-4D88-AC6F-9D3825FDBE05} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001UA => C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-27] (Facebook Inc.)
Task: {03CDBD10-F109-4B72-BFC0-9FEDD9D857BF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {0B3BDBB1-C279-4569-A158-98E502872C29} - System32\Tasks\CCleanerSkipUAC => D:\program files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {0E911284-29F5-42D9-9EFE-F0B2F43A27E6} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-01] (Microsoft Corporation)
Task: {1DDC83BE-C334-4838-9AE3-7D07F0DD24B3} - System32\Tasks\Security Center Update - 1014852971 => C:\Users\Carolyn\AppData\Roaming\Ryefqit\tyixf.exe <==== ATTENTION
Task: {1E17C717-ADBC-4903-9DB9-F3314880B971} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1EBD945D-9B67-4370-80D6-8A0311876C19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-29] (Adobe Systems Incorporated)
Task: {24A45CD7-645D-4BB9-886B-C5BBFCDC3611} - System32\Tasks\Security Center Update - 2902965781 => C:\Users\Carolyn\AppData\Roaming\Tuykezry\vydeav.exe <==== ATTENTION
Task: {4D2DD5F1-0788-4C64-80E7-EA601012D7C3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {5916D56E-8F00-41A4-A82E-75EFAF4069ED} - System32\Tasks\{CEFDB6A3-2ADB-44A4-BF19-0BB0AD57F792} => C:\Program Files\Skype\Phone\Skype.exe
Task: {6D293744-B747-4728-9A81-6E0A2BB7DFF0} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMKMJJPMHMKMKJJMCNPMMMOJJMCNLMNMOMKMCNNJLJHMLJCNGMOMLJNJLMJJNMNMGMMMLJMJJNJICMJMCNOMPMCNOMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMMJBJKJLIMJFMPMJNHICMMJBJKJLIMJJNBJCMCLOJGIBJOJNILJDJKIJNKJCMJNNICMJNDJCMKJBJ"
Task: {6DB90204-F93E-4AF5-9D0B-2D3A1AE87327} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-16] (Google Inc.)
Task: {7220306E-EEC3-42DD-B70D-3655DB1FCC15} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {B0349736-EB1A-4461-9B02-FFFF1540FB6B} - System32\Tasks\Run RoboForm TaskBar Icon => D:\program files\RoboTaskBarIcon.exe [2010-10-12] (Siber Systems)
Task: {B8C3C664-C8FC-4399-86C3-9E66EBB16519} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003UA => C:\Users\Administrator 1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-30] (Google Inc.)
Task: {C0989217-FCA3-4A14-8C9B-53CA734A0EC4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001Core => C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-27] (Facebook Inc.)
Task: {C7CBBB50-87F4-4706-B711-4377479AE95B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {D3A30FC5-7126-481C-A119-6FFEFDB08FFA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DC9DBFC8-F751-4F2D-BD8C-65DFB0A0AF21} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003Core => C:\Users\Administrator 1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-30] (Google Inc.)
Task: {DE92EF7C-D16F-4649-8787-171A9DCDA7B8} - System32\Tasks\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
Task: {EE8EE900-ED9C-4B5F-A9AC-765AC535B4ED} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {F3126423-EDA0-4CD3-A402-723258012F12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-16] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001Core.job => C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001UA.job => C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003Core.job => C:\Users\Administrator 1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003UA.job => C:\Users\Administrator 1\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-10-30 19:09 - 2006-10-18 06:36 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\08839049.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25342297.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08839049.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25342297.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CouponXplorer_5zService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: lxct_device => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: RUBotSrv => 2
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^What's my computer doing.lnk => C:\Windows\pss\What's my computer doing.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Maynardlu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BackgroundContainer => "C:\Windows\system32\Rundll32.exe" "C:\Users\Maynardlu\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: ccleaner => "D:\program files\CCleaner\CCleaner.exe" /AUTO
MSCONFIG\startupreg: CouponAlert_2p Browser Plugin Loader => C:\PROGRA~1\COUPON~2\bar\1.bin\2pbrmon.exe
MSCONFIG\startupreg: CouponXplorer Search Scope Monitor => "C:\PROGRA~1\COUPON~2\bar\5.bin\5zsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: CouponXplorer_5z Browser Plugin Loader => C:\PROGRA~1\COUPON~2\bar\3.bin\5zbrmon.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Maynardlu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "D:\program files\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: Lexmark 5400 Series Fax Server => "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
MSCONFIG\startupreg: lxctmon.exe => "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "D:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: Nvtmru => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Price Finder => C:\Program Files\Price Finder\PriceFinderHelper.exe /check
MSCONFIG\startupreg: QuickTime Task => "D:\program files\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoboForm => "D:\program files\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: SelectRebates => C:\Program Files\SelectRebates\SelectRebates.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Carolyn\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: SigmatelSysTrayApp => sttray.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader => C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe
MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor => "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: TotalRecipeSearch_14 Browser Plugin Loader => C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe
MSCONFIG\startupreg: Trend Micro RUBotted V2.0 Beta => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
MSCONFIG\startupreg: Verizon Media Manager => C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe 0

========================= Accounts: ==========================

Administrator (S-1-5-21-1681582941-3042821878-2095393726-500 - Administrator - Disabled)
Administrator 1 (S-1-5-21-1681582941-3042821878-2095393726-1003 - Administrator - Enabled) => C:\Users\Administrator 1
Carolyn (S-1-5-21-1681582941-3042821878-2095393726-1001 - Limited - Enabled) => C:\Users\Carolyn
Guest (S-1-5-21-1681582941-3042821878-2095393726-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1681582941-3042821878-2095393726-1005 - Limited - Enabled)
Liz (S-1-5-21-1681582941-3042821878-2095393726-1009 - Limited - Enabled) => C:\Users\Liz
maribel (S-1-5-21-1681582941-3042821878-2095393726-1002 - Limited - Enabled) => C:\Users\maribel
Maynardlu (S-1-5-21-1681582941-3042821878-2095393726-1000 - Administrator - Enabled) => C:\Users\Maynardlu
UpdatusUser (S-1-5-21-1681582941-3042821878-2095393726-1008 - Limited - Enabled) => C:\Users\UpdatusUser.Maynardlu-PC

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2014 05:13:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x53f262ac
Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67
Exception code: 0xc0000005
Fault offset: 0x00140273
Faulting process id: 0x1050
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/12/2014 03:29:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7d8

Start Time: 01cfe64f34f6f661

Termination Time: 103

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (10/12/2014 03:02:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {65d29fed-835f-4351-87bc-79e2a0c1686c}

Error: (10/12/2014 11:56:52 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2014 11:56:52 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2014 11:56:52 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2014 11:56:52 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/12/2014 11:56:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2014 11:56:49 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/12/2014 11:56:49 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (10/12/2014 03:49:56 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/12/2014 03:49:56 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/12/2014 11:56:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/12/2014 11:56:52 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (10/10/2014 08:56:20 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/10/2014 08:56:20 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/10/2014 08:53:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/10/2014 08:53:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/10/2014 08:32:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (10/10/2014 08:32:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Microsoft Office Sessions:
=========================
Error: (10/12/2014 05:13:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1728053f262acMSHTML.dll11.0.9600.1728053f27d67c000000500140273105001cfe65043e9c494C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll97478649-5254-11e4-a78f-001cc02bf97d

Error: (10/12/2014 03:29:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.172807d801cfe64f34f6f661103C:\Program Files\Internet Explorer\iexplore.exe

Error: (10/12/2014 03:02:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {65d29fed-835f-4351-87bc-79e2a0c1686c}

Error: (10/12/2014 11:56:52 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2014 11:56:52 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2014 11:56:52 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2014 11:56:52 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (10/12/2014 11:56:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (10/12/2014 11:56:49 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/12/2014 11:56:49 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 3578.68 MB
Available physical RAM: 2063.13 MB
Total Pagefile: 9998.97 MB
Available Pagefile: 8502.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.16 MB

==================== Drives ================================

Drive c: (windows) (Fixed) (Total:93.15 GB) (Free:47.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (AOL downloads) (Fixed) (Total:93.15 GB) (Free:92.58 GB) NTFS
Drive e: () (Fixed) (Total:93.15 GB) (Free:54.59 GB) NTFS
Drive f: () (Fixed) (Total:93.15 GB) (Free:87.75 GB) NTFS
Drive g: () (Fixed) (Total:93.15 GB) (Free:81.3 GB) NTFS
Drive h: () (Fixed) (Total:7.78 GB) (Free:7.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: () (Fixed) (Total:141.27 GB) (Free:74.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D540D540)
Partition 1: (Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=141.3 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-13 01:52:45
-----------------------------
01:52:45.266    OS Version: Windows 6.1.7601 Service Pack 1
01:52:45.266    Number of processors: 4 586 0xF0B
01:52:45.266    ComputerName: MAYNARDLU-PC  UserName: Maynardlu
01:52:46.497    Initialize success
01:52:46.528    VM: initialized successfully
01:52:46.548    VM: Intel CPU supported
01:54:06.751    AVAST engine defs: 14101201
01:54:16.448    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
01:54:16.448    Disk 0 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
01:54:16.448    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
01:54:16.448    Disk 1 Vendor: WDC_WD1600JB-00REA0 20.00K20 Size: 152627MB BusType: 3
01:54:19.464    Scan stopped
01:54:33.141    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
01:54:33.157    Disk 0 Vendor: ST3500630AS 3.AAK Size: 476940MB BusType: 3
01:54:33.157    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
01:54:33.157    Disk 1 Vendor: WDC_WD1600JB-00REA0 20.00K20 Size: 152627MB BusType: 3
01:54:33.297    Disk 0 MBR read successfully
01:54:33.297    Disk 0 MBR scan
01:54:33.313    Disk 0 Windows 7 default MBR code
01:54:33.313    Disk 0 MBR hidden
01:54:33.328    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        95385 MB offset 63
01:54:33.328    Disk 0 default boot code
01:54:33.391    Disk 0 Partition - 00     0F Extended LBA            381543 MB offset 195350400
01:54:33.391    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        95385 MB offset 195350463
01:54:33.406    Disk 0 Partition - 00     05     Extended             95385 MB offset 390700800
01:54:33.406    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        95385 MB offset 390700863
01:54:33.422    Disk 0 Partition - 00     05     Extended             95385 MB offset 781401600
01:54:33.422    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        95385 MB offset 586051263
01:54:33.437    Disk 0 Partition - 00     05     Extended             95385 MB offset 1172102400
01:54:33.453    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS        95385 MB offset 781401663
01:54:33.469    Disk 0 scanning sectors +976752000
01:54:33.583    Disk 0 scanning C:\Windows\system32\drivers
01:54:48.609    Service scanning
01:54:59.794    Service MpKsl85c9dd5d C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C41DE45-1531-4FA6-A10D-8FF533C382C3}\MpKsl85c9dd5d.sys **LOCKED** 32
01:55:19.952    Modules scanning
01:55:26.270    Disk 0 trace - called modules:
01:55:26.302    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
01:55:26.302    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d99ac8]
01:55:26.302    3 CLASSPNP.SYS[8cdbe59e] -> nt!IofCallDriver -> [0x86c0e918]
01:55:26.317    5 ACPI.sys[8caaa3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x86c40908]
01:55:27.362    AVAST engine scan C:\Windows
01:55:30.165    AVAST engine scan C:\Windows\system32
02:00:09.980    AVAST engine scan C:\Windows\system32\drivers
02:00:37.381    AVAST engine scan C:\Users\Maynardlu
02:08:49.255    AVAST engine scan C:\ProgramData
02:19:11.576    Scan finished successfully
02:38:54.449    Disk 0 MBR has been saved successfully to "C:\Users\Maynardlu\Desktop\MBR.dat"
02:38:54.511    The log file has been saved successfully to "C:\Users\Maynardlu\Desktop\aswMBR.txt"

 

Hope this helps

Maynardlu



#6 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 14 October 2014 - 01:52 PM

Hello maynardlu,

Thank you for the provided logs.

I can see that you have run Farbar Recovery Scan Tool from a temporary direcotory. While this is not certainly bad, you should download and save the file directly on your Desktop. Otherwise feature fixes with the tool will not work.

Your system has some items related to adware/malware that has to be removed. I want to run additional checks so I can be sure that the detection of MSE is valid/invalid.
 
I have to ask you some questions and then we will continue with the removal process.

  • Do you actively use Coupon Printer for Windows? This software, while not entirely bad, has signs of bundled adware in it. Exactly this is the reason for a couple of modifications in your browser settings as long with a constantly running service. If it is not absolutely necessary to have that software on the system, I will suggest removing it since there is high possibility for further adware presence. For additional information, see the information here.
  • Are you familiar with those files:

C:\Users\Maynardlu\Downloads\3ursnk3b.reg
C:\Users\Maynardlu\Downloads\3ursnk3b.bat
C:\Users\Maynardlu\Downloads\3ursnk3b.exe
C:\Users\Maynardlu\Downloads\setup_11.0.3.7.x01_2014_09_28_22_27.exe

 
********************
 
Please, do the following:

  • Press Windows button + R key simultaneously. A new windows should appear.
  • Please, type control and press Enter.
    • If you use Category Mode, click Uninstall a program.
    • If you use Icons mode, click Program and Features.
  • Right-click on the programs listed below and choose Uninstall.
Catalina Savings Printer
Coupon Printer for Windows
ShopAtHome.com Helper

Visual instructions can be found here.

Note: If you decide to leave Coupon Printer for Windows on your system, please, do not follow the steps for that application.
 
********************

Please, download TDSSKiller .

  • Save the file on your Desktop.

Note: Be sure to save the file first and then execute it. Otherwise, if executed from temporary directory, problems may occur.

  • Right-click on tool's icon and choose Run as Administrator.

Note: If for some reason the tool cannot run, please, try renaming it to a random generated name.

  • Push the Start Scan button. Do not use the computer during the scan process.
  • If the scan completes with nothing found, choose Close to exit.
  • If there are malicious objects found, they will show in Scan results -> Select action for found objects.
  • Three options will be available for you. Please, ensure that Cure option is selected.
  • Choose Continue -> Reboot now to finish the cleaning process by the tool.

Important note: If the Cure option is not available, choose Skip instead. Do not choose Delete unless instructed to do so.

  • A log file, named as following - TDSSKiller_Version_Date_Time_Log.txt will be created in the root directory:
C:\

Please, post the content of the log file in your next post.

********************

In your next post, I will be waiting for:

  • Answers to the questions above.
  • Log file from TDSSKiller.

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#7 maynardlu

maynardlu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 15 October 2014 - 02:22 AM

Hello again Stan,

Do you want me to rerun Farbar from the desktop?

 

As for the files you highlighted the first three are the files for GMER

and the last one is from a Kaspersky program I tried before I got help on here.

My wife uses coupon printer and would like to keep it

the other two aren't listed in my program files?

 

log from TDSSkiller follows

 

17:56:58.0249 0x32d98  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
17:57:02.0535 0x32d98  ============================================================
17:57:02.0535 0x32d98  Current date / time: 2014/10/14 17:57:02.0535
17:57:02.0535 0x32d98  SystemInfo:
17:57:02.0535 0x32d98 
17:57:02.0536 0x32d98  OS Version: 6.1.7601 ServicePack: 1.0
17:57:02.0536 0x32d98  Product type: Workstation
17:57:02.0536 0x32d98  ComputerName: MAYNARDLU-PC
17:57:02.0536 0x32d98  UserName: Maynardlu
17:57:02.0536 0x32d98  Windows directory: C:\Windows
17:57:02.0536 0x32d98  System windows directory: C:\Windows
17:57:02.0536 0x32d98  Processor architecture: Intel x86
17:57:02.0536 0x32d98  Number of processors: 4
17:57:02.0536 0x32d98  Page size: 0x1000
17:57:02.0536 0x32d98  Boot type: Normal boot
17:57:02.0536 0x32d98  ============================================================
17:57:04.0556 0x32d98  KLMD registered as C:\Windows\system32\drivers\58955214.sys
17:57:05.0369 0x32d98  System UUID: {9FC4529D-CDF4-2B57-FC03-0F8232339679}
17:57:06.0193 0x32d98  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:57:06.0197 0x32d98  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:57:08.0214 0x32d98  ============================================================
17:57:08.0214 0x32d98  \Device\Harddisk1\DR1:
17:57:08.0214 0x32d98  MBR partitions:
17:57:08.0214 0x32d98  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xF90DB9
17:57:08.0215 0x32d98  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xF90E3D, BlocksNum 0x11A87C84
17:57:08.0215 0x32d98  \Device\Harddisk0\DR0:
17:57:08.0231 0x32d98  MBR partitions:
17:57:08.0231 0x32d98  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
17:57:08.0240 0x32d98  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBA4CFBF, BlocksNum 0xBA4CF41
17:57:08.0249 0x32d98  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x17499F3F, BlocksNum 0xBA4CF41
17:57:08.0262 0x32d98  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x22EE6EBF, BlocksNum 0xBA4CF41
17:57:08.0271 0x32d98  \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x2E933E3F, BlocksNum 0xBA4CF41
17:57:08.0272 0x32d98  ============================================================
17:57:08.0308 0x32d98  C: <-> \Device\Harddisk0\DR0\Partition1
17:57:08.0332 0x32d98  D: <-> \Device\Harddisk0\DR0\Partition2
17:57:08.0983 0x32d98  F: <-> \Device\Harddisk0\DR0\Partition4
17:57:09.0015 0x32d98  G: <-> \Device\Harddisk0\DR0\Partition5
17:57:09.0023 0x32d98  H: <-> \Device\Harddisk1\DR1\Partition1
17:57:09.0055 0x32d98  I: <-> \Device\Harddisk1\DR1\Partition2
17:57:09.0055 0x32d98  ============================================================
17:57:09.0056 0x32d98  Initialize success
17:57:09.0056 0x32d98  ============================================================
17:58:01.0667 0x33c9c  ============================================================
17:58:01.0667 0x33c9c  Scan started
17:58:01.0667 0x33c9c  Mode: Manual;
17:58:01.0667 0x33c9c  ============================================================
17:58:01.0667 0x33c9c  KSN ping started
17:58:15.0071 0x33c9c  KSN ping finished: true
17:58:17.0888 0x33c9c  ================ Scan system memory ========================
17:58:17.0888 0x33c9c  System memory - ok
17:58:17.0889 0x33c9c  ================ Scan services =============================
17:58:18.0075 0x33c9c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:58:18.0093 0x33c9c  1394ohci - ok
17:58:18.0153 0x33c9c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:58:18.0160 0x33c9c  ACPI - ok
17:58:18.0177 0x33c9c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:58:18.0178 0x33c9c  AcpiPmi - ok
17:58:18.0311 0x33c9c  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:58:18.0376 0x33c9c  AdobeARMservice - ok
17:58:18.0452 0x33c9c  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:58:18.0461 0x33c9c  AdobeFlashPlayerUpdateSvc - ok
17:58:18.0518 0x33c9c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:58:18.0531 0x33c9c  adp94xx - ok
17:58:18.0558 0x33c9c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:58:18.0568 0x33c9c  adpahci - ok
17:58:18.0583 0x33c9c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:58:18.0588 0x33c9c  adpu320 - ok
17:58:18.0606 0x33c9c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:58:18.0608 0x33c9c  AeLookupSvc - ok
17:58:18.0640 0x33c9c  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
17:58:18.0649 0x33c9c  AFD - ok
17:58:18.0673 0x33c9c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:58:18.0675 0x33c9c  agp440 - ok
17:58:18.0702 0x33c9c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:58:18.0704 0x33c9c  aic78xx - ok
17:58:18.0728 0x33c9c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
17:58:18.0731 0x33c9c  ALG - ok
17:58:18.0759 0x33c9c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:58:18.0760 0x33c9c  aliide - ok
17:58:18.0777 0x33c9c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:58:18.0780 0x33c9c  amdagp - ok
17:58:18.0798 0x33c9c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:58:18.0799 0x33c9c  amdide - ok
17:58:18.0818 0x33c9c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:58:18.0820 0x33c9c  AmdK8 - ok
17:58:18.0848 0x33c9c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:58:18.0850 0x33c9c  AmdPPM - ok
17:58:18.0871 0x33c9c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:58:18.0875 0x33c9c  amdsata - ok
17:58:18.0904 0x33c9c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:58:18.0911 0x33c9c  amdsbs - ok
17:58:18.0923 0x33c9c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:58:18.0924 0x33c9c  amdxata - ok
17:58:18.0935 0x33c9c  andnetadb - ok
17:58:18.0946 0x33c9c  AndNetDiag - ok
17:58:18.0949 0x33c9c  ANDNetModem - ok
17:58:18.0978 0x33c9c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
17:58:18.0980 0x33c9c  AppID - ok
17:58:19.0007 0x33c9c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:58:19.0009 0x33c9c  AppIDSvc - ok
17:58:19.0036 0x33c9c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
17:58:19.0038 0x33c9c  Appinfo - ok
17:58:19.0089 0x33c9c  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:58:19.0091 0x33c9c  Apple Mobile Device - ok
17:58:19.0108 0x33c9c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:58:19.0112 0x33c9c  arc - ok
17:58:19.0122 0x33c9c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:58:19.0126 0x33c9c  arcsas - ok
17:58:19.0208 0x33c9c  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:58:19.0210 0x33c9c  aspnet_state - ok
17:58:19.0230 0x33c9c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:58:19.0232 0x33c9c  AsyncMac - ok
17:58:19.0253 0x33c9c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:58:19.0254 0x33c9c  atapi - ok
17:58:19.0291 0x33c9c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:58:19.0304 0x33c9c  AudioEndpointBuilder - ok
17:58:19.0332 0x33c9c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:58:19.0341 0x33c9c  Audiosrv - ok
17:58:19.0372 0x33c9c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:58:19.0375 0x33c9c  AxInstSV - ok
17:58:19.0409 0x33c9c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:58:19.0423 0x33c9c  b06bdrv - ok
17:58:19.0457 0x33c9c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:58:19.0465 0x33c9c  b57nd60x - ok
17:58:19.0491 0x33c9c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
17:58:19.0495 0x33c9c  BDESVC - ok
17:58:19.0515 0x33c9c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:58:19.0516 0x33c9c  Beep - ok
17:58:19.0545 0x33c9c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
17:58:19.0559 0x33c9c  BFE - ok
17:58:19.0618 0x33c9c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
17:58:19.0635 0x33c9c  BITS - ok
17:58:19.0682 0x33c9c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:58:19.0684 0x33c9c  blbdrive - ok
17:58:19.0758 0x33c9c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:58:19.0770 0x33c9c  Bonjour Service - ok
17:58:19.0790 0x33c9c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:58:19.0793 0x33c9c  bowser - ok
17:58:19.0806 0x33c9c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:58:19.0808 0x33c9c  BrFiltLo - ok
17:58:19.0818 0x33c9c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:58:19.0819 0x33c9c  BrFiltUp - ok
17:58:19.0845 0x33c9c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
17:58:19.0848 0x33c9c  Browser - ok
17:58:19.0869 0x33c9c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:58:19.0885 0x33c9c  Brserid - ok
17:58:19.0895 0x33c9c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:58:19.0897 0x33c9c  BrSerWdm - ok
17:58:19.0909 0x33c9c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:58:19.0910 0x33c9c  BrUsbMdm - ok
17:58:19.0918 0x33c9c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:58:19.0919 0x33c9c  BrUsbSer - ok
17:58:19.0928 0x33c9c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:58:19.0931 0x33c9c  BTHMODEM - ok
17:58:19.0962 0x33c9c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
17:58:19.0965 0x33c9c  bthserv - ok
17:58:19.0985 0x33c9c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:58:19.0987 0x33c9c  cdfs - ok
17:58:20.0040 0x33c9c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:58:20.0044 0x33c9c  cdrom - ok
17:58:20.0078 0x33c9c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:58:20.0080 0x33c9c  CertPropSvc - ok
17:58:20.0092 0x33c9c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:58:20.0094 0x33c9c  circlass - ok
17:58:20.0115 0x33c9c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
17:58:20.0132 0x33c9c  CLFS - ok
17:58:20.0174 0x33c9c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:58:20.0186 0x33c9c  clr_optimization_v2.0.50727_32 - ok
17:58:20.0254 0x33c9c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:58:20.0259 0x33c9c  clr_optimization_v4.0.30319_32 - ok
17:58:20.0270 0x33c9c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:58:20.0271 0x33c9c  CmBatt - ok
17:58:20.0289 0x33c9c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:58:20.0291 0x33c9c  cmdide - ok
17:58:20.0315 0x33c9c  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
17:58:20.0332 0x33c9c  CNG - ok
17:58:20.0347 0x33c9c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:58:20.0348 0x33c9c  Compbatt - ok
17:58:20.0382 0x33c9c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:58:20.0384 0x33c9c  CompositeBus - ok
17:58:20.0392 0x33c9c  COMSysApp - ok
17:58:20.0459 0x33c9c  [ 4FAB04AE709F4FA6E35127B9DC18D969, 0C6814D31D436D8BF6D4D4759EA519D76A477ED873A81EF36B3C370ADA15438F ] CouponPrinterService C:\Program Files\Coupons\CouponPrinterService.exe
17:58:20.0565 0x33c9c  CouponPrinterService - ok
17:58:20.0583 0x33c9c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:58:20.0585 0x33c9c  crcdisk - ok
17:58:20.0616 0x33c9c  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:58:20.0620 0x33c9c  CryptSvc - ok
17:58:20.0655 0x33c9c  [ 90F8539FA0DE4AAFE4FDBE7F95D6A512, 8F788EB5788CC04D53728FADF72114E0A12CC6F66B6A84EA7C7293722AC76137 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
17:58:20.0658 0x33c9c  dc3d - ok
17:58:20.0690 0x33c9c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:58:20.0707 0x33c9c  DcomLaunch - ok
17:58:20.0740 0x33c9c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
17:58:20.0757 0x33c9c  defragsvc - ok
17:58:20.0780 0x33c9c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:58:20.0783 0x33c9c  DfsC - ok
17:58:20.0812 0x33c9c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:58:20.0820 0x33c9c  Dhcp - ok
17:58:20.0829 0x33c9c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
17:58:20.0831 0x33c9c  discache - ok
17:58:20.0864 0x33c9c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:58:20.0866 0x33c9c  Disk - ok
17:58:20.0898 0x33c9c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:58:20.0902 0x33c9c  Dnscache - ok
17:58:20.0925 0x33c9c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:58:20.0931 0x33c9c  dot3svc - ok
17:58:20.0978 0x33c9c  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
17:58:20.0983 0x33c9c  dot4 - ok
17:58:20.0999 0x33c9c  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:58:21.0001 0x33c9c  Dot4Print - ok
17:58:21.0017 0x33c9c  [ 9F7DE667C505CE6500BECDD8E11644D7, AA9C589980684429DBAF882AB9A197A6894F23B0CB629C7AF3E27B34B61CB6C1 ] Dot4Scan        C:\Windows\system32\DRIVERS\Dot4Scan.sys
17:58:21.0019 0x33c9c  Dot4Scan - ok
17:58:21.0038 0x33c9c  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
17:58:21.0040 0x33c9c  dot4usb - ok
17:58:21.0078 0x33c9c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
17:58:21.0083 0x33c9c  DPS - ok
17:58:21.0117 0x33c9c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:58:21.0118 0x33c9c  drmkaud - ok
17:58:21.0174 0x33c9c  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:58:21.0200 0x33c9c  DXGKrnl - ok
17:58:21.0236 0x33c9c  [ CF0A6015F437161698C5B2A0A12CF052, C23A777CF5D34C96B16A4A6197DA3F14CC2F8C56421E422BBD46617C941DBBCE ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
17:58:21.0243 0x33c9c  e1express - ok
17:58:21.0271 0x33c9c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
17:58:21.0275 0x33c9c  EapHost - ok
17:58:21.0410 0x33c9c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
17:58:21.0518 0x33c9c  ebdrv - ok
17:58:21.0568 0x33c9c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
17:58:21.0570 0x33c9c  EFS - ok
17:58:21.0627 0x33c9c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:58:21.0652 0x33c9c  ehRecvr - ok
17:58:21.0671 0x33c9c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
17:58:21.0674 0x33c9c  ehSched - ok
17:58:21.0719 0x33c9c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:58:21.0742 0x33c9c  elxstor - ok
17:58:21.0781 0x33c9c  [ 539CA34FBC74EC366A0D751028C32A08, 5A52964970564D363B9D676A182892B3CE61B3A1BAA67BEF59DFA29F15ED5815 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
17:58:21.0808 0x33c9c  epmntdrv - ok
17:58:21.0832 0x33c9c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:58:21.0833 0x33c9c  ErrDev - ok
17:58:21.0867 0x33c9c  [ 1F2F4AB15CE03ECC257FEB2F6DC5A013, FB06406AD9CCD946155C4E8CA769E0430589A4E4BBBDA2C90A67C84E0D2F8EE0 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
17:58:21.0898 0x33c9c  EuGdiDrv - ok
17:58:21.0932 0x33c9c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
17:58:21.0940 0x33c9c  EventSystem - ok
17:58:21.0959 0x33c9c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:58:21.0964 0x33c9c  exfat - ok
17:58:21.0979 0x33c9c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:58:21.0983 0x33c9c  fastfat - ok
17:58:22.0025 0x33c9c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
17:58:22.0051 0x33c9c  Fax - ok
17:58:22.0073 0x33c9c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:58:22.0075 0x33c9c  fdc - ok
17:58:22.0086 0x33c9c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
17:58:22.0088 0x33c9c  fdPHost - ok
17:58:22.0099 0x33c9c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:58:22.0101 0x33c9c  FDResPub - ok
17:58:22.0115 0x33c9c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:58:22.0118 0x33c9c  FileInfo - ok
17:58:22.0133 0x33c9c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:58:22.0135 0x33c9c  Filetrace - ok
17:58:22.0151 0x33c9c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:58:22.0153 0x33c9c  flpydisk - ok
17:58:22.0176 0x33c9c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:58:22.0182 0x33c9c  FltMgr - ok
17:58:22.0238 0x33c9c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
17:58:22.0272 0x33c9c  FontCache - ok
17:58:22.0349 0x33c9c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:58:22.0367 0x33c9c  FontCache3.0.0.0 - ok
17:58:22.0392 0x33c9c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:58:22.0394 0x33c9c  FsDepends - ok
17:58:22.0414 0x33c9c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:58:22.0416 0x33c9c  Fs_Rec - ok
17:58:22.0449 0x33c9c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:58:22.0455 0x33c9c  fvevol - ok
17:58:22.0476 0x33c9c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:58:22.0478 0x33c9c  gagp30kx - ok
17:58:22.0506 0x33c9c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:58:22.0508 0x33c9c  GEARAspiWDM - ok
17:58:22.0545 0x33c9c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:58:22.0575 0x33c9c  gpsvc - ok
17:58:22.0676 0x33c9c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:58:22.0680 0x33c9c  gupdate - ok
17:58:22.0686 0x33c9c  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:58:22.0688 0x33c9c  gupdatem - ok
17:58:22.0698 0x33c9c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:58:22.0700 0x33c9c  hcw85cir - ok
17:58:22.0737 0x33c9c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:58:22.0747 0x33c9c  HdAudAddService - ok
17:58:22.0769 0x33c9c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:58:22.0773 0x33c9c  HDAudBus - ok
17:58:22.0791 0x33c9c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:58:22.0792 0x33c9c  HidBatt - ok
17:58:22.0809 0x33c9c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:58:22.0813 0x33c9c  HidBth - ok
17:58:22.0824 0x33c9c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:58:22.0826 0x33c9c  HidIr - ok
17:58:22.0840 0x33c9c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
17:58:22.0843 0x33c9c  hidserv - ok
17:58:22.0870 0x33c9c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:58:22.0889 0x33c9c  HidUsb - ok
17:58:22.0903 0x33c9c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:58:22.0907 0x33c9c  hkmsvc - ok
17:58:22.0932 0x33c9c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:58:22.0938 0x33c9c  HomeGroupListener - ok
17:58:22.0959 0x33c9c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:58:22.0966 0x33c9c  HomeGroupProvider - ok
17:58:22.0997 0x33c9c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:58:23.0000 0x33c9c  HpSAMD - ok
17:58:23.0039 0x33c9c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:58:23.0065 0x33c9c  HTTP - ok
17:58:23.0089 0x33c9c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:58:23.0091 0x33c9c  hwpolicy - ok
17:58:23.0115 0x33c9c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:58:23.0118 0x33c9c  i8042prt - ok
17:58:23.0143 0x33c9c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:58:23.0159 0x33c9c  iaStorV - ok
17:58:23.0189 0x33c9c  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:58:23.0191 0x33c9c  IDriverT - ok
17:58:23.0251 0x33c9c  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:58:23.0285 0x33c9c  idsvc - ok
17:58:23.0298 0x33c9c  IEEtwCollectorService - ok
17:58:23.0374 0x33c9c  [ 3962F0BE2018A275DBE7510A80173759, 4144CC7B33B5CED4BCA25D41874EDF6CDB88BCA2EE63FAC71C3F32CECA4D3E6E ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
17:58:23.0492 0x33c9c  IHA_MessageCenter - ok
17:58:23.0514 0x33c9c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:58:23.0516 0x33c9c  iirsp - ok
17:58:23.0565 0x33c9c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:58:23.0608 0x33c9c  IKEEXT - ok
17:58:23.0635 0x33c9c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:58:23.0636 0x33c9c  intelide - ok
17:58:23.0649 0x33c9c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:58:23.0651 0x33c9c  intelppm - ok
17:58:23.0668 0x33c9c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:58:23.0672 0x33c9c  IPBusEnum - ok
17:58:23.0682 0x33c9c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:58:23.0685 0x33c9c  IpFilterDriver - ok
17:58:23.0719 0x33c9c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:58:23.0744 0x33c9c  iphlpsvc - ok
17:58:23.0763 0x33c9c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:58:23.0767 0x33c9c  IPMIDRV - ok
17:58:23.0780 0x33c9c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:58:23.0784 0x33c9c  IPNAT - ok
17:58:23.0837 0x33c9c  [ 35828479CCB4EE3CFD7523AF63443D5B, CA582DB092DC049597268B8245F2EEFF5DB807CBE2CFABEA04EA00DD5ED9A2B6 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:58:23.0853 0x33c9c  iPod Service - ok
17:58:23.0877 0x33c9c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:58:23.0879 0x33c9c  IRENUM - ok
17:58:23.0896 0x33c9c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:58:23.0899 0x33c9c  isapnp - ok
17:58:23.0922 0x33c9c  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:58:23.0930 0x33c9c  iScsiPrt - ok
17:58:23.0952 0x33c9c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:58:23.0954 0x33c9c  kbdclass - ok
17:58:23.0971 0x33c9c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:58:23.0972 0x33c9c  kbdhid - ok
17:58:23.0984 0x33c9c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
17:58:23.0985 0x33c9c  KeyIso - ok
17:58:24.0009 0x33c9c  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:58:24.0012 0x33c9c  KSecDD - ok
17:58:24.0024 0x33c9c  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:58:24.0028 0x33c9c  KSecPkg - ok
17:58:24.0058 0x33c9c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:58:24.0076 0x33c9c  KtmRm - ok
17:58:24.0097 0x33c9c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:58:24.0104 0x33c9c  LanmanServer - ok
17:58:24.0119 0x33c9c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:58:24.0124 0x33c9c  LanmanWorkstation - ok
17:58:24.0155 0x33c9c  [ 01CC7FB6E790EF044B411377F3A1FF41, A935C0C45F7A8EA7D6A462064928B6F982709FB33C21DE6424232297F3A1948B ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:58:24.0157 0x33c9c  LHidFilt - ok
17:58:24.0186 0x33c9c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:58:24.0189 0x33c9c  lltdio - ok
17:58:24.0211 0x33c9c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:58:24.0218 0x33c9c  lltdsvc - ok
17:58:24.0232 0x33c9c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:58:24.0235 0x33c9c  lmhosts - ok
17:58:24.0256 0x33c9c  [ A2E7EAE8898D7B4B8C302B8F4E836BB5, 1F3C1228891C90B4567DE07AD8A9EF1F5005ED74A71EC5E814906FEF44D02ADC ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:58:24.0259 0x33c9c  LMouFilt - ok
17:58:24.0285 0x33c9c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:58:24.0289 0x33c9c  LSI_FC - ok
17:58:24.0304 0x33c9c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:58:24.0308 0x33c9c  LSI_SAS - ok
17:58:24.0323 0x33c9c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:58:24.0326 0x33c9c  LSI_SAS2 - ok
17:58:24.0344 0x33c9c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:58:24.0348 0x33c9c  LSI_SCSI - ok
17:58:24.0372 0x33c9c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:58:24.0375 0x33c9c  luafv - ok
17:58:24.0412 0x33c9c  [ DDFA88E36D5F8DB5FBDBDDDC4969DB0A, BBC675F013B6EB9A5860ABCF16A0ACEC2D726B102DA3E4F294CD25383F6D3D1B ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
17:58:24.0414 0x33c9c  LUsbFilt - ok
17:58:24.0449 0x33c9c  lxct_device - ok
17:58:24.0469 0x33c9c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:58:24.0473 0x33c9c  Mcx2Svc - ok
17:58:24.0483 0x33c9c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:58:24.0484 0x33c9c  megasas - ok
17:58:24.0503 0x33c9c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:58:24.0511 0x33c9c  MegaSR - ok
17:58:24.0534 0x33c9c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
17:58:24.0537 0x33c9c  MMCSS - ok
17:58:24.0550 0x33c9c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
17:58:24.0552 0x33c9c  Modem - ok
17:58:24.0591 0x33c9c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:58:24.0593 0x33c9c  monitor - ok
17:58:24.0624 0x33c9c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:58:24.0626 0x33c9c  mouclass - ok
17:58:24.0647 0x33c9c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:58:24.0648 0x33c9c  mouhid - ok
17:58:24.0668 0x33c9c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:58:24.0672 0x33c9c  mountmgr - ok
17:58:24.0727 0x33c9c  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:58:24.0732 0x33c9c  MozillaMaintenance - ok
17:58:24.0765 0x33c9c  [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
17:58:24.0786 0x33c9c  MpFilter - ok
17:58:24.0817 0x33c9c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:58:24.0821 0x33c9c  mpio - ok
17:58:24.0853 0x33c9c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:58:24.0855 0x33c9c  mpsdrv - ok
17:58:24.0894 0x33c9c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:58:24.0921 0x33c9c  MpsSvc - ok
17:58:24.0941 0x33c9c  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:58:24.0945 0x33c9c  MRxDAV - ok
17:58:24.0979 0x33c9c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:58:24.0983 0x33c9c  mrxsmb - ok
17:58:25.0003 0x33c9c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:58:25.0010 0x33c9c  mrxsmb10 - ok
17:58:25.0032 0x33c9c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:58:25.0036 0x33c9c  mrxsmb20 - ok
17:58:25.0059 0x33c9c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:58:25.0060 0x33c9c  msahci - ok
17:58:25.0080 0x33c9c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:58:25.0084 0x33c9c  msdsm - ok
17:58:25.0097 0x33c9c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
17:58:25.0103 0x33c9c  MSDTC - ok
17:58:25.0134 0x33c9c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:58:25.0136 0x33c9c  Msfs - ok
17:58:25.0145 0x33c9c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:58:25.0146 0x33c9c  mshidkmdf - ok
17:58:25.0157 0x33c9c  MSICDSetup - ok
17:58:25.0175 0x33c9c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:58:25.0176 0x33c9c  msisadrv - ok
17:58:25.0201 0x33c9c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:58:25.0206 0x33c9c  MSiSCSI - ok
17:58:25.0211 0x33c9c  msiserver - ok
17:58:25.0232 0x33c9c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:58:25.0234 0x33c9c  MSKSSRV - ok
17:58:25.0273 0x33c9c  [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:58:25.0275 0x33c9c  MsMpSvc - ok
17:58:25.0291 0x33c9c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:58:25.0292 0x33c9c  MSPCLOCK - ok
17:58:25.0303 0x33c9c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:58:25.0304 0x33c9c  MSPQM - ok
17:58:25.0324 0x33c9c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:58:25.0330 0x33c9c  MsRPC - ok
17:58:25.0352 0x33c9c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:58:25.0353 0x33c9c  mssmbios - ok
17:58:25.0369 0x33c9c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:58:25.0370 0x33c9c  MSTEE - ok
17:58:25.0379 0x33c9c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:58:25.0380 0x33c9c  MTConfig - ok
17:58:25.0397 0x33c9c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:58:25.0400 0x33c9c  Mup - ok
17:58:25.0432 0x33c9c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
17:58:25.0448 0x33c9c  napagent - ok
17:58:25.0483 0x33c9c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:58:25.0491 0x33c9c  NativeWifiP - ok
17:58:25.0542 0x33c9c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:58:25.0592 0x33c9c  NDIS - ok
17:58:25.0607 0x33c9c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:58:25.0609 0x33c9c  NdisCap - ok
17:58:25.0635 0x33c9c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:58:25.0637 0x33c9c  NdisTapi - ok
17:58:25.0657 0x33c9c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:58:25.0659 0x33c9c  Ndisuio - ok
17:58:25.0686 0x33c9c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:58:25.0704 0x33c9c  NdisWan - ok
17:58:25.0737 0x33c9c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:58:25.0739 0x33c9c  NDProxy - ok
17:58:25.0751 0x33c9c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:58:25.0753 0x33c9c  NetBIOS - ok
17:58:25.0779 0x33c9c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:58:25.0785 0x33c9c  NetBT - ok
17:58:25.0808 0x33c9c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
17:58:25.0809 0x33c9c  Netlogon - ok
17:58:25.0852 0x33c9c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
17:58:25.0861 0x33c9c  Netman - ok
17:58:25.0894 0x33c9c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:58:25.0901 0x33c9c  NetMsmqActivator - ok
17:58:25.0912 0x33c9c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:58:25.0915 0x33c9c  NetPipeActivator - ok
17:58:25.0934 0x33c9c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
17:58:25.0951 0x33c9c  netprofm - ok
17:58:25.0968 0x33c9c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:58:25.0971 0x33c9c  NetTcpActivator - ok
17:58:25.0977 0x33c9c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:58:25.0980 0x33c9c  NetTcpPortSharing - ok
17:58:26.0003 0x33c9c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:58:26.0005 0x33c9c  nfrd960 - ok
17:58:26.0054 0x33c9c  [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:58:26.0058 0x33c9c  NisDrv - ok
17:58:26.0090 0x33c9c  [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
17:58:26.0099 0x33c9c  NisSrv - ok
17:58:26.0125 0x33c9c  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:58:26.0134 0x33c9c  NlaSvc - ok
17:58:26.0218 0x33c9c  [ 9B664C0186EC16EA8812831CECC80BC8, 6DE6C1AA3500F26BA757A1ED37DB9FD9B85B206D11F10A6803CBA584F175FCD1 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:58:26.0229 0x33c9c  NMIndexingService - ok
17:58:26.0270 0x33c9c  [ B9730495E0CF674680121E34BD95A73B, 1A3DD943B0EEA19A676175825CB135825ECF41404B59349AC9B1E6D137FA9B46 ] NPF             C:\Windows\system32\drivers\npf.sys
17:58:26.0272 0x33c9c  NPF - ok
17:58:26.0288 0x33c9c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:58:26.0290 0x33c9c  Npfs - ok
17:58:26.0312 0x33c9c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
17:58:26.0315 0x33c9c  nsi - ok
17:58:26.0337 0x33c9c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:58:26.0339 0x33c9c  nsiproxy - ok
17:58:26.0396 0x33c9c  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:58:26.0438 0x33c9c  Ntfs - ok
17:58:26.0467 0x33c9c  NTIOLib_1_0_4 - ok
17:58:26.0497 0x33c9c  [ 9620A1D8160A550F064BBAF48D0F97CC, 812625770EB81A35A18AB077813E205A2F547BE1705D9A6D5B064DDDE5D1719F ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
17:58:26.0498 0x33c9c  NuidFltr - ok
17:58:26.0511 0x33c9c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
17:58:26.0513 0x33c9c  Null - ok
17:58:26.0552 0x33c9c  [ FBEC0FD36ED61EFEE1E3063281EAB984, AE4BC81897FDDE6EBEE7A9A3C9252A8E454B80831A853F9D1DCC0C2F8FA7DAAC ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
17:58:26.0557 0x33c9c  NVHDA - ok
17:58:26.0912 0x33c9c  [ FD5A76AF84FC210CD15548C701243A3F, F960CEF9EE09E32E9838EDF2332D50DC72570669EE6737377312EEB4E57BDE19 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:58:27.0239 0x33c9c  nvlddmkm - ok
17:58:27.0298 0x33c9c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:58:27.0302 0x33c9c  nvraid - ok
17:58:27.0336 0x33c9c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:58:27.0341 0x33c9c  nvstor - ok
17:58:27.0895 0x33c9c  [ 1CFA39D040682BCB8A5E8617E5743A80, E15FE6CFEAE0F15E4B57C62CAC1B33442B28EBCFA84BB1541D82DC6C526D23CE ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
17:58:28.0399 0x33c9c  NvStreamSvc - ok
17:58:28.0487 0x33c9c  [ 6004D55C0434E15CE98A4CF2A6A4BE94, 572D5B497CF76135B5F5AE85FFD479ED366D66981A571FAFE9B28797B4F667AF ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:58:28.0514 0x33c9c  nvsvc - ok
17:58:28.0633 0x33c9c  [ BC120F98DCA622BE48D16B4A5714CA71, 5C6F29F1723F8361B69812CBE202248A1E9FB55EA03446A5BB558C48032E8AB4 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:58:28.0709 0x33c9c  nvUpdatusService - ok
17:58:28.0738 0x33c9c  [ 9C6266C4A78D48A4000F658AD187E9E5, F8776C287AFCDB0F07A387D10048DE8F38702FFF49DE5D531C0A1C332AC59279 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad32v.sys
17:58:28.0740 0x33c9c  nvvad_WaveExtensible - ok
17:58:28.0762 0x33c9c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:58:28.0766 0x33c9c  nv_agp - ok
17:58:28.0783 0x33c9c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:58:28.0786 0x33c9c  ohci1394 - ok
17:58:28.0819 0x33c9c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:58:28.0836 0x33c9c  p2pimsvc - ok
17:58:28.0862 0x33c9c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:58:28.0873 0x33c9c  p2psvc - ok
17:58:28.0892 0x33c9c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:58:28.0895 0x33c9c  Parport - ok
17:58:28.0912 0x33c9c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:58:28.0915 0x33c9c  partmgr - ok
17:58:28.0924 0x33c9c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:58:28.0926 0x33c9c  Parvdm - ok
17:58:28.0939 0x33c9c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:58:28.0946 0x33c9c  PcaSvc - ok
17:58:28.0961 0x33c9c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
17:58:28.0966 0x33c9c  pci - ok
17:58:28.0988 0x33c9c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:58:28.0990 0x33c9c  pciide - ok
17:58:29.0011 0x33c9c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:58:29.0017 0x33c9c  pcmcia - ok
17:58:29.0037 0x33c9c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:58:29.0039 0x33c9c  pcw - ok
17:58:29.0076 0x33c9c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:58:29.0093 0x33c9c  PEAUTH - ok
17:58:29.0338 0x33c9c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
17:58:29.0412 0x33c9c  pla - ok
17:58:29.0451 0x33c9c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:58:29.0469 0x33c9c  PlugPlay - ok
17:58:29.0485 0x33c9c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:58:29.0488 0x33c9c  PNRPAutoReg - ok
17:58:29.0518 0x33c9c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:58:29.0525 0x33c9c  PNRPsvc - ok
17:58:29.0553 0x33c9c  [ 896D916DE06F5502D301E8C4DC442AE8, 7B5C5FA075BA680B990A0A78A690CF2DE04EF7EB1457781E38D0EE4A95CEFDCA ] Point32         C:\Windows\system32\DRIVERS\point32.sys
17:58:29.0555 0x33c9c  Point32 - ok
17:58:29.0584 0x33c9c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:58:29.0601 0x33c9c  PolicyAgent - ok
17:58:29.0618 0x33c9c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
17:58:29.0624 0x33c9c  Power - ok
17:58:29.0660 0x33c9c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:58:29.0663 0x33c9c  PptpMiniport - ok
17:58:29.0675 0x33c9c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:58:29.0678 0x33c9c  Processor - ok
17:58:29.0712 0x33c9c  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:58:29.0719 0x33c9c  ProfSvc - ok
17:58:29.0731 0x33c9c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:58:29.0733 0x33c9c  ProtectedStorage - ok
17:58:29.0756 0x33c9c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:58:29.0760 0x33c9c  Psched - ok
17:58:29.0794 0x33c9c  [ D24DFD16A1E2A76034DF5AA18125C35D, BB1F2BB3EB69DE742AA8ED33DCB572888BC473182E0F7DA860CB57903C9924A6 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
17:58:29.0811 0x33c9c  PSI - ok
17:58:29.0872 0x33c9c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:58:29.0924 0x33c9c  ql2300 - ok
17:58:29.0952 0x33c9c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:58:29.0956 0x33c9c  ql40xx - ok
17:58:29.0983 0x33c9c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
17:58:30.0000 0x33c9c  QWAVE - ok
17:58:30.0015 0x33c9c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:58:30.0019 0x33c9c  QWAVEdrv - ok
17:58:30.0032 0x33c9c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:58:30.0033 0x33c9c  RasAcd - ok
17:58:30.0059 0x33c9c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:58:30.0061 0x33c9c  RasAgileVpn - ok
17:58:30.0087 0x33c9c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
17:58:30.0092 0x33c9c  RasAuto - ok
17:58:30.0106 0x33c9c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:58:30.0110 0x33c9c  Rasl2tp - ok
17:58:30.0170 0x33c9c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
17:58:30.0188 0x33c9c  RasMan - ok
17:58:30.0203 0x33c9c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:58:30.0206 0x33c9c  RasPppoe - ok
17:58:30.0220 0x33c9c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:58:30.0223 0x33c9c  RasSstp - ok
17:58:30.0247 0x33c9c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:58:30.0254 0x33c9c  rdbss - ok
17:58:30.0276 0x33c9c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:58:30.0278 0x33c9c  rdpbus - ok
17:58:30.0297 0x33c9c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:58:30.0298 0x33c9c  RDPCDD - ok
17:58:30.0319 0x33c9c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:58:30.0320 0x33c9c  RDPENCDD - ok
17:58:30.0330 0x33c9c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:58:30.0331 0x33c9c  RDPREFMP - ok
17:58:30.0378 0x33c9c  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:58:30.0379 0x33c9c  RdpVideoMiniport - ok
17:58:30.0408 0x33c9c  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:58:30.0414 0x33c9c  RDPWD - ok
17:58:30.0445 0x33c9c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:58:30.0451 0x33c9c  rdyboost - ok
17:58:30.0472 0x33c9c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:58:30.0476 0x33c9c  RemoteAccess - ok
17:58:30.0504 0x33c9c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:58:30.0523 0x33c9c  RemoteRegistry - ok
17:58:30.0573 0x33c9c  [ A780D3EAA74582EA1DEB6BD9C7A3D9C9, 9F66C47D49AADDC946C20945685C1B8BDFAF011D9CD840AC9F3130B5BA09946C ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
17:58:30.0577 0x33c9c  rpcapd - ok
17:58:30.0599 0x33c9c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:58:30.0603 0x33c9c  RpcEptMapper - ok
17:58:30.0624 0x33c9c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
17:58:30.0626 0x33c9c  RpcLocator - ok
17:58:30.0652 0x33c9c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
17:58:30.0661 0x33c9c  RpcSs - ok
17:58:30.0700 0x33c9c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:58:30.0703 0x33c9c  rspndr - ok
17:58:30.0722 0x33c9c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
17:58:30.0724 0x33c9c  SamSs - ok
17:58:30.0757 0x33c9c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:58:30.0760 0x33c9c  sbp2port - ok
17:58:30.0793 0x33c9c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:58:30.0799 0x33c9c  SCardSvr - ok
17:58:30.0820 0x33c9c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:58:30.0822 0x33c9c  scfilter - ok
17:58:30.0874 0x33c9c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
17:58:30.0915 0x33c9c  Schedule - ok
17:58:30.0939 0x33c9c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:58:30.0941 0x33c9c  SCPolicySvc - ok
17:58:30.0968 0x33c9c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:58:30.0974 0x33c9c  SDRSVC - ok
17:58:31.0002 0x33c9c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:58:31.0004 0x33c9c  secdrv - ok
17:58:31.0016 0x33c9c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
17:58:31.0019 0x33c9c  seclogon - ok
17:58:31.0104 0x33c9c  [ 7198BBFBE46C0070257278C536386687, 8670549D1C26F5924B3FADC35AD526C56728A51D377369B1C74397496497BE5D ] Secunia PSI Agent D:\program files\PSI\PSIA.exe
17:58:31.0385 0x33c9c  Secunia PSI Agent - ok
17:58:31.0425 0x33c9c  [ D2FCA567F9BE87E29B9A9FA32FFE79CA, 2DEFC814B5979A80FFC74242871C9ECB09FBCA994BF9069D6B1E94A5F7588F17 ] Secunia Update Agent D:\program files\PSI\sua.exe
17:58:31.0598 0x33c9c  Secunia Update Agent - ok
17:58:31.0623 0x33c9c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
17:58:31.0626 0x33c9c  SENS - ok
17:58:31.0649 0x33c9c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:58:31.0653 0x33c9c  SensrSvc - ok
17:58:31.0665 0x33c9c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:58:31.0666 0x33c9c  Serenum - ok
17:58:31.0761 0x33c9c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:58:31.0779 0x33c9c  Serial - ok
17:58:31.0803 0x33c9c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:58:31.0805 0x33c9c  sermouse - ok
17:58:31.0883 0x33c9c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:58:31.0888 0x33c9c  SessionEnv - ok
17:58:31.0904 0x33c9c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:58:31.0906 0x33c9c  sffdisk - ok
17:58:31.0917 0x33c9c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:58:31.0919 0x33c9c  sffp_mmc - ok
17:58:31.0934 0x33c9c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:58:31.0936 0x33c9c  sffp_sd - ok
17:58:31.0942 0x33c9c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:58:31.0944 0x33c9c  sfloppy - ok
17:58:31.0979 0x33c9c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:58:31.0989 0x33c9c  SharedAccess - ok
17:58:32.0020 0x33c9c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:58:32.0036 0x33c9c  ShellHWDetection - ok
17:58:32.0052 0x33c9c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:58:32.0055 0x33c9c  sisagp - ok
17:58:32.0077 0x33c9c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:58:32.0079 0x33c9c  SiSRaid2 - ok
17:58:32.0099 0x33c9c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:58:32.0103 0x33c9c  SiSRaid4 - ok
17:58:32.0123 0x33c9c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:58:32.0125 0x33c9c  Smb - ok
17:58:32.0150 0x33c9c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:58:32.0153 0x33c9c  SNMPTRAP - ok
17:58:32.0161 0x33c9c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:58:32.0162 0x33c9c  spldr - ok
17:58:32.0189 0x33c9c  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
17:58:32.0200 0x33c9c  Spooler - ok
17:58:32.0324 0x33c9c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
17:58:32.0435 0x33c9c  sppsvc - ok
17:58:32.0463 0x33c9c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:58:32.0467 0x33c9c  sppuinotify - ok
17:58:32.0496 0x33c9c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:58:32.0505 0x33c9c  srv - ok
17:58:32.0532 0x33c9c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:58:32.0541 0x33c9c  srv2 - ok
17:58:32.0554 0x33c9c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:58:32.0559 0x33c9c  srvnet - ok
17:58:32.0594 0x33c9c  [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B, CBB57877DF2F4D5CCF39D65E863F4C3EC30E6EBBD95132667908BF6E638E27FA ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
17:58:32.0597 0x33c9c  sscdbus - ok
17:58:32.0621 0x33c9c  [ 8A1BE0C347814F482F493AEA619D57F6, 868AA830CC581FDB66F065938F8AC69621FD2E1767D5A29BAD1B9DB154C46F4A ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
17:58:32.0623 0x33c9c  sscdmdfl - ok
17:58:32.0634 0x33c9c  [ 5AB0B1987F682A59B15B78F84C6AD7D0, 1A7FD72E82884D16525F36C0394F2F6845FE9F3580D9A01E6066605E5B72AB8D ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
17:58:32.0638 0x33c9c  sscdmdm - ok
17:58:32.0674 0x33c9c  [ 751E66EB32EFA80633B80F5D7FF0A1D8, 0826F4E707D27F633CB3B0D2B3EE6B8A9FBB6E00A91A26A33D0223CCBFF4799B ] sscdserd        C:\Windows\system32\DRIVERS\sscdserd.sys
17:58:32.0677 0x33c9c  sscdserd - ok
17:58:32.0698 0x33c9c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:58:32.0705 0x33c9c  SSDPSRV - ok
17:58:32.0719 0x33c9c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:58:32.0724 0x33c9c  SstpSvc - ok
17:58:32.0758 0x33c9c  [ B218068EBA6F46F102B4218BDB81BE0B, 1E9732AF444B3A3B511B100AC2DB0CDFE1600AA5DB0B13FE3E7A2B70BB704856 ] STacSV          C:\Windows\system32\STacSV.exe
17:58:32.0914 0x33c9c  STacSV - ok
17:58:32.0986 0x33c9c  [ 4F08BE2C2AC568EE9867A9B0F4F09540, 2EACD391B66D649BA458955257912B302270AB883B13FD4034B069B7CECE75FD ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:58:33.0002 0x33c9c  Stereo Service - ok
17:58:33.0023 0x33c9c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:58:33.0025 0x33c9c  stexstor - ok
17:58:33.0056 0x33c9c  [ 167909A1C36AA3E8F2582962F0CCC748, 8E6AAA22BAB77C08F4189A407E8E332C33C31EF5691630F7A8176D6848A77105 ] STHDA           C:\Windows\system32\drivers\stwrt.sys
17:58:33.0072 0x33c9c  STHDA - ok
17:58:33.0113 0x33c9c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:58:33.0139 0x33c9c  StiSvc - ok
17:58:33.0157 0x33c9c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:58:33.0159 0x33c9c  swenum - ok
17:58:33.0194 0x33c9c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
17:58:33.0205 0x33c9c  swprv - ok
17:58:33.0290 0x33c9c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
17:58:33.0334 0x33c9c  SysMain - ok
17:58:33.0346 0x33c9c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
17:58:33.0362 0x33c9c  TabletInputService - ok
17:58:33.0403 0x33c9c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:58:33.0420 0x33c9c  TapiSrv - ok
17:58:33.0441 0x33c9c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
17:58:33.0445 0x33c9c  TBS - ok
17:58:33.0515 0x33c9c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:58:33.0566 0x33c9c  Tcpip - ok
17:58:33.0631 0x33c9c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:58:33.0656 0x33c9c  TCPIP6 - ok
17:58:33.0685 0x33c9c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:58:33.0687 0x33c9c  tcpipreg - ok
17:58:33.0715 0x33c9c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:58:33.0716 0x33c9c  TDPIPE - ok
17:58:33.0737 0x33c9c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:58:33.0739 0x33c9c  TDTCP - ok
17:58:33.0761 0x33c9c  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:58:33.0764 0x33c9c  tdx - ok
17:58:33.0776 0x33c9c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:58:33.0779 0x33c9c  TermDD - ok
17:58:33.0819 0x33c9c  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
17:58:33.0845 0x33c9c  TermService - ok
17:58:33.0860 0x33c9c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
17:58:33.0863 0x33c9c  Themes - ok
17:58:33.0871 0x33c9c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:58:33.0874 0x33c9c  THREADORDER - ok
17:58:33.0897 0x33c9c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
17:58:33.0906 0x33c9c  TrkWks - ok
17:58:33.0942 0x33c9c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:58:33.0948 0x33c9c  TrustedInstaller - ok
17:58:33.0976 0x33c9c  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:58:33.0978 0x33c9c  tssecsrv - ok
17:58:34.0006 0x33c9c  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:58:34.0009 0x33c9c  TsUsbFlt - ok
17:58:34.0033 0x33c9c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:58:34.0037 0x33c9c  tunnel - ok
17:58:34.0055 0x33c9c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:58:34.0058 0x33c9c  uagp35 - ok
17:58:34.0082 0x33c9c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:58:34.0089 0x33c9c  udfs - ok
17:58:34.0244 0x33c9c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:58:34.0248 0x33c9c  UI0Detect - ok
17:58:34.0280 0x33c9c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:58:34.0283 0x33c9c  uliagpkx - ok
17:58:34.0303 0x33c9c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:58:34.0306 0x33c9c  umbus - ok
17:58:34.0324 0x33c9c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:58:34.0326 0x33c9c  UmPass - ok
17:58:34.0357 0x33c9c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
17:58:34.0376 0x33c9c  upnphost - ok
17:58:34.0409 0x33c9c  [ D4FB6ECC60A428564BA8768B0E23C0FC, 4170FB6D0D593B5C22F5B4F664F6253435208C8948AFB66C0D12E2B818BA6DD5 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
17:58:34.0411 0x33c9c  USBAAPL - ok
17:58:34.0423 0x33c9c  usbbus - ok
17:58:34.0443 0x33c9c  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:58:34.0478 0x33c9c  usbccgp - ok
17:58:34.0495 0x33c9c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:58:34.0507 0x33c9c  usbcir - ok
17:58:34.0511 0x33c9c  UsbDiag - ok
17:58:34.0536 0x33c9c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:58:34.0538 0x33c9c  usbehci - ok
17:58:34.0570 0x33c9c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:58:34.0579 0x33c9c  usbhub - ok
17:58:34.0589 0x33c9c  USBModem - ok
17:58:34.0607 0x33c9c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:58:34.0609 0x33c9c  usbohci - ok
17:58:34.0634 0x33c9c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:58:34.0635 0x33c9c  usbprint - ok
17:58:34.0668 0x33c9c  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:58:34.0670 0x33c9c  usbscan - ok
17:58:34.0693 0x33c9c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:58:34.0696 0x33c9c  USBSTOR - ok
17:58:34.0707 0x33c9c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:58:34.0709 0x33c9c  usbuhci - ok
17:58:34.0728 0x33c9c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
17:58:34.0732 0x33c9c  UxSms - ok
17:58:34.0746 0x33c9c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
17:58:34.0748 0x33c9c  VaultSvc - ok
17:58:34.0775 0x33c9c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:58:34.0777 0x33c9c  vdrvroot - ok
17:58:34.0815 0x33c9c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
17:58:34.0842 0x33c9c  vds - ok
17:58:34.0874 0x33c9c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:58:34.0875 0x33c9c  vga - ok
17:58:34.0890 0x33c9c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:58:34.0892 0x33c9c  VgaSave - ok
17:58:34.0909 0x33c9c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:58:34.0915 0x33c9c  vhdmp - ok
17:58:34.0933 0x33c9c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:58:34.0936 0x33c9c  viaagp - ok
17:58:34.0954 0x33c9c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:58:34.0956 0x33c9c  ViaC7 - ok
17:58:34.0975 0x33c9c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:58:34.0976 0x33c9c  viaide - ok
17:58:34.0990 0x33c9c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:58:34.0993 0x33c9c  volmgr - ok
17:58:35.0012 0x33c9c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:58:35.0029 0x33c9c  volmgrx - ok
17:58:35.0057 0x33c9c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:58:35.0074 0x33c9c  volsnap - ok
17:58:35.0095 0x33c9c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:58:35.0100 0x33c9c  vsmraid - ok
17:58:35.0158 0x33c9c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
17:58:35.0201 0x33c9c  VSS - ok
17:58:35.0217 0x33c9c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:58:35.0219 0x33c9c  vwifibus - ok
17:58:35.0259 0x33c9c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
17:58:35.0284 0x33c9c  W32Time - ok
17:58:35.0300 0x33c9c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:58:35.0302 0x33c9c  WacomPen - ok
17:58:35.0328 0x33c9c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:58:35.0331 0x33c9c  WANARP - ok
17:58:35.0335 0x33c9c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:58:35.0337 0x33c9c  Wanarpv6 - ok
17:58:35.0416 0x33c9c  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:58:35.0475 0x33c9c  WatAdminSvc - ok
17:58:35.0532 0x33c9c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
17:58:35.0591 0x33c9c  wbengine - ok
17:58:35.0620 0x33c9c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:58:35.0628 0x33c9c  WbioSrvc - ok
17:58:35.0670 0x33c9c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:58:35.0695 0x33c9c  wcncsvc - ok
17:58:35.0717 0x33c9c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:58:35.0721 0x33c9c  WcsPlugInService - ok
17:58:35.0733 0x33c9c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:58:35.0734 0x33c9c  Wd - ok
17:58:35.0774 0x33c9c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:58:35.0789 0x33c9c  Wdf01000 - ok
17:58:35.0808 0x33c9c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:58:35.0813 0x33c9c  WdiServiceHost - ok
17:58:35.0818 0x33c9c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:58:35.0822 0x33c9c  WdiSystemHost - ok
17:58:35.0854 0x33c9c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
17:58:35.0862 0x33c9c  WebClient - ok
17:58:35.0890 0x33c9c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:58:35.0897 0x33c9c  Wecsvc - ok
17:58:35.0910 0x33c9c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:58:35.0914 0x33c9c  wercplsupport - ok
17:58:35.0938 0x33c9c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
17:58:35.0943 0x33c9c  WerSvc - ok
17:58:35.0966 0x33c9c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:58:35.0967 0x33c9c  WfpLwf - ok
17:58:35.0992 0x33c9c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:58:35.0993 0x33c9c  WIMMount - ok
17:58:36.0072 0x33c9c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:58:36.0100 0x33c9c  WinDefend - ok
17:58:36.0121 0x33c9c  WinHttpAutoProxySvc - ok
17:58:36.0156 0x33c9c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:58:36.0162 0x33c9c  Winmgmt - ok
17:58:36.0240 0x33c9c  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:58:36.0292 0x33c9c  WinRM - ok
17:58:36.0326 0x33c9c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:58:36.0348 0x33c9c  WinUsb - ok
17:58:36.0442 0x33c9c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:58:36.0487 0x33c9c  Wlansvc - ok
17:58:36.0596 0x33c9c  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:58:36.0664 0x33c9c  wlidsvc - ok
17:58:36.0727 0x33c9c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:58:36.0729 0x33c9c  WmiAcpi - ok
17:58:36.0756 0x33c9c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:58:36.0761 0x33c9c  wmiApSrv - ok
17:58:36.0848 0x33c9c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:58:36.0890 0x33c9c  WMPNetworkSvc - ok
17:58:36.0913 0x33c9c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:58:36.0916 0x33c9c  WPCSvc - ok
17:58:36.0931 0x33c9c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:58:36.0937 0x33c9c  WPDBusEnum - ok
17:58:36.0955 0x33c9c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:58:36.0957 0x33c9c  ws2ifsl - ok
17:58:36.0969 0x33c9c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:58:36.0974 0x33c9c  wscsvc - ok
17:58:36.0978 0x33c9c  WSearch - ok
17:58:37.0083 0x33c9c  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
17:58:37.0160 0x33c9c  wuauserv - ok
17:58:37.0214 0x33c9c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:58:37.0217 0x33c9c  WudfPf - ok
17:58:37.0246 0x33c9c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:58:37.0252 0x33c9c  WUDFRd - ok
17:58:37.0284 0x33c9c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:58:37.0289 0x33c9c  wudfsvc - ok
17:58:37.0316 0x33c9c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:58:37.0324 0x33c9c  WwanSvc - ok
17:58:37.0335 0x33c9c  XDva402 - ok
17:58:37.0371 0x33c9c  XDva405 - ok
17:58:37.0382 0x33c9c  XDva406 - ok
17:58:37.0395 0x33c9c  XDva407 - ok
17:58:37.0408 0x33c9c  ================ Scan global ===============================
17:58:37.0427 0x33c9c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
17:58:37.0452 0x33c9c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:58:37.0466 0x33c9c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:58:37.0490 0x33c9c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
17:58:37.0517 0x33c9c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
17:58:37.0534 0x33c9c  [ Global ] - ok
17:58:37.0534 0x33c9c  ================ Scan MBR ==================================
17:58:37.0537 0x33c9c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:58:37.0669 0x33c9c  \Device\Harddisk1\DR1 - ok
17:58:37.0704 0x33c9c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:58:38.0902 0x33c9c  \Device\Harddisk0\DR0 - ok
17:58:38.0902 0x33c9c  ================ Scan VBR ==================================
17:58:38.0911 0x33c9c  [ E09F42012C43A0B39974DBE43AB1FA1C ] \Device\Harddisk1\DR1\Partition1
17:58:38.0912 0x33c9c  \Device\Harddisk1\DR1\Partition1 - ok
17:58:38.0915 0x33c9c  [ DE674264376BCCD176A14357AA76767D ] \Device\Harddisk1\DR1\Partition2
17:58:38.0950 0x33c9c  \Device\Harddisk1\DR1\Partition2 - ok
17:58:38.0953 0x33c9c  [ A7D39B83E81350EC46C3D6E12FA09984 ] \Device\Harddisk0\DR0\Partition1
17:58:38.0954 0x33c9c  \Device\Harddisk0\DR0\Partition1 - ok
17:58:38.0957 0x33c9c  [ 90B9E2E715B8956103F678B16109947A ] \Device\Harddisk0\DR0\Partition2
17:58:39.0032 0x33c9c  \Device\Harddisk0\DR0\Partition2 - ok
17:58:39.0044 0x33c9c  [ 9CF3EB524BBC3FC5F3EB4F2171A0FEA8 ] \Device\Harddisk0\DR0\Partition3
17:58:39.0079 0x33c9c  \Device\Harddisk0\DR0\Partition3 - ok
17:58:39.0098 0x33c9c  [ 56FD019746892115451BA7191C5FB2C4 ] \Device\Harddisk0\DR0\Partition4
17:58:39.0140 0x33c9c  \Device\Harddisk0\DR0\Partition4 - ok
17:58:39.0143 0x33c9c  [ 4AAF266C021FD0D5592DE397F8913A57 ] \Device\Harddisk0\DR0\Partition5
17:58:39.0156 0x33c9c  \Device\Harddisk0\DR0\Partition5 - ok
17:58:39.0157 0x33c9c  ================ Scan generic autorun ======================
17:58:39.0369 0x33c9c  [ E774F875819DEE4A312A921A88F779FE, 793AE0F4C6173EAABC6A0B533735984ECFAFF7715D5BA8F0CF3F467660DFFC1B ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
17:58:39.0428 0x33c9c  IntelliPoint - ok
17:58:39.0506 0x33c9c  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:58:39.0533 0x33c9c  Adobe ARM - ok
17:58:39.0583 0x33c9c  [ 3B5045DDD039FAB9782851BC486FD92B, 12C59F9E79EB37F26FE0805585EA6B0DAFB41FB8A4FAE972774BC8E3815A1673 ] C:\Program Files\iTunes\iTunesHelper.exe
17:58:39.0588 0x33c9c  iTunesHelper - ok
17:58:39.0633 0x33c9c  [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] C:\Program Files\Microsoft Security Client\msseces.exe
17:58:39.0678 0x33c9c  MSC - ok
17:58:39.0751 0x33c9c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:58:39.0793 0x33c9c  Sidebar - ok
17:58:39.0822 0x33c9c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:58:39.0828 0x33c9c  mctadmin - ok
17:58:39.0876 0x33c9c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:58:39.0896 0x33c9c  Sidebar - ok
17:58:39.0914 0x33c9c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:58:39.0917 0x33c9c  mctadmin - ok
17:58:40.0092 0x33c9c  [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] D:\program files\CCleaner\CCleaner.exe
17:58:40.0257 0x33c9c  CCleaner Monitoring - ok
17:58:40.0284 0x33c9c  [ B01FFCF11904AB1DA0C06972EF02D25F, 22B46CCA2B2559C940EC82E56A499751B54377958548E27BFA2BF9F0270D7549 ] D:\program files\RoboTaskBarIcon.exe
17:58:40.0289 0x33c9c  RoboForm - ok
17:58:40.0357 0x33c9c  [ 2A3FB4C98F139038E23330D2439DB8A4, DE9253AD362B03FA5D3D4912662398E5C4AC76F7274B83E51C251A6921A5B838 ] C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe
17:58:40.0361 0x33c9c  Facebook Update - ok
17:58:40.0378 0x33c9c  [ 4FD2C311A7878C5B9BCBD878CB0C2826, 16D143123CA3C1922CAC5BEE975317F1E01929146B2598375EAD19A5B61375C9 ] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
17:58:40.0386 0x33c9c  BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
17:58:40.0558 0x33c9c  [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] D:\program files\CCleaner\CCleaner.exe
17:58:40.0641 0x33c9c  CCleaner Monitoring - ok
17:58:40.0659 0x33c9c  [ B01FFCF11904AB1DA0C06972EF02D25F, 22B46CCA2B2559C940EC82E56A499751B54377958548E27BFA2BF9F0270D7549 ] D:\program files\RoboTaskBarIcon.exe
17:58:40.0662 0x33c9c  RoboForm - ok
17:58:40.0883 0x33c9c  [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] D:\program files\CCleaner\CCleaner.exe
17:58:40.0967 0x33c9c  CCleaner Monitoring - ok
17:58:40.0992 0x33c9c  [ B01FFCF11904AB1DA0C06972EF02D25F, 22B46CCA2B2559C940EC82E56A499751B54377958548E27BFA2BF9F0270D7549 ] D:\program files\RoboTaskBarIcon.exe
17:58:40.0995 0x33c9c  RoboForm - ok
17:58:41.0067 0x33c9c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Users\Administrator 1\AppData\Local\Google\Update\GoogleUpdate.exe
17:58:41.0071 0x33c9c  Google Update - ok
17:58:41.0117 0x33c9c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:58:41.0137 0x33c9c  Sidebar - ok
17:58:41.0155 0x33c9c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:58:41.0158 0x33c9c  mctadmin - ok
17:58:41.0209 0x33c9c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:58:41.0229 0x33c9c  Sidebar - ok
17:58:41.0236 0x33c9c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:58:41.0239 0x33c9c  mctadmin - ok
17:58:41.0284 0x33c9c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:58:41.0304 0x33c9c  Sidebar - ok
17:58:41.0322 0x33c9c  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:58:41.0325 0x33c9c  mctadmin - ok
17:58:41.0342 0x33c9c  [ B01FFCF11904AB1DA0C06972EF02D25F, 22B46CCA2B2559C940EC82E56A499751B54377958548E27BFA2BF9F0270D7549 ] D:\program files\RoboTaskBarIcon.exe
17:58:41.0345 0x33c9c  RoboForm - ok
17:58:41.0518 0x33c9c  [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] D:\program files\CCleaner\CCleaner.exe
17:58:41.0601 0x33c9c  CCleaner Monitoring - ok
17:58:41.0610 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:42.0610 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:43.0610 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:44.0610 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:45.0610 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:46.0610 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:47.0610 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:48.0610 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:49.0610 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:50.0610 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:51.0611 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:52.0611 0x33c9c  Waiting for KSN requests completion. In queue: 54
17:58:53.0659 0x33c9c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
17:58:53.0726 0x33c9c  Win FW state via NFP2: enabled
17:58:56.0262 0x33c9c  ============================================================
17:58:56.0262 0x33c9c  Scan finished
17:58:56.0262 0x33c9c  ============================================================
17:58:56.0269 0x33d60  Detected object count: 0
17:58:56.0269 0x33d60  Actual detected object count: 0
17:59:23.0654 0x33abc  Deinitialize success

 

Stan I hope I didn't mess things up for you but I updated RoboForm to latest version 7.9.10.1
 



#8 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 15 October 2014 - 03:22 PM

Hello maynardlu,

 

Do you want me to rerun Farbar from the desktop?

 
No, not for now. I mentioned this so the next time we work with the tool, you should first save it and then run. Just a precautionary measure.

 

As for the files you highlighted the first three are the files for GMER
and the last one is from a Kaspersky program I tried before I got help on here.

 
Thank you for the feedback. I did suspect these entries to be related to the previously run tools, but I wanted to make sure if you are familiar with them.

My wife uses coupon printer and would like to keep it 

It is your choice and I will accept it. Please, remember that this may lead to the appearance of new adware on the system in the future.
 

the other two aren't listed in my program files?

 
It's not an entirely unusual behavior, so don't worry, we will check these.
 

Stan I hope I didn't mess things up for you but I updated RoboForm to latest version 7.9.10.1

 
Thank you for notifying me. Not, it is not a problem and I'm glad to see that feedback. You are doing great job so far.
 
********************
 

Please, run TDSSKiller again. This time, before pressing Start Scan, please, do the following:

  • Choose the Change parameters option. A new windows should pop up.
  • Please, check the checkbox in front of Detect TDLFS file system and push OK.
  • Click Start Scan button and follow the instructions as mentioned in post number 6.

********************
 
Please, download AdwCleaner by Explode.

  • Save the file on your Desktop.
  • Right-click on the executable and choose Run as Administrator.
  • You will now see the main window of the program. Please, push the Scan button.
  • The tool will start scanning the system. Please, note that this may take some time.
  • After the scan has finished, push the Report button.
  • A logfile called AdwCleaner[R#].txt should open in Notepad for review.

Note: The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.

Please, copy the content of the logfile in your next reply.

Note: Copy of all logfile are saved in the C:\AdwCleaner folder.

 

********************

 

In your next post, I will be waiting for:

  • Log from TDSSKiller.
  • Log from AdwCleaner.

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#9 maynardlu

maynardlu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 16 October 2014 - 12:56 AM

Hello again Stan

here is TDSSkiller log

 

01:38:51.0065 0x0b90  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
01:38:53.0343 0x0b90  ============================================================
01:38:53.0343 0x0b90  Current date / time: 2014/10/16 01:38:53.0343
01:38:53.0343 0x0b90  SystemInfo:
01:38:53.0343 0x0b90 
01:38:53.0343 0x0b90  OS Version: 6.1.7601 ServicePack: 1.0
01:38:53.0343 0x0b90  Product type: Workstation
01:38:53.0343 0x0b90  ComputerName: MAYNARDLU-PC
01:38:53.0343 0x0b90  UserName: Maynardlu
01:38:53.0343 0x0b90  Windows directory: C:\Windows
01:38:53.0343 0x0b90  System windows directory: C:\Windows
01:38:53.0343 0x0b90  Processor architecture: Intel x86
01:38:53.0343 0x0b90  Number of processors: 4
01:38:53.0343 0x0b90  Page size: 0x1000
01:38:53.0343 0x0b90  Boot type: Normal boot
01:38:53.0343 0x0b90  ============================================================
01:38:54.0232 0x0b90  KLMD registered as C:\Windows\system32\drivers\18434401.sys
01:38:54.0887 0x0b90  System UUID: {9FC4529D-CDF4-2B57-FC03-0F8232339679}
01:38:55.0620 0x0b90  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:38:55.0636 0x0b90  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:38:57.0477 0x0b90  ============================================================
01:38:57.0477 0x0b90  \Device\Harddisk1\DR1:
01:38:57.0477 0x0b90  MBR partitions:
01:38:57.0477 0x0b90  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xF90DB9
01:38:57.0477 0x0b90  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xF90E3D, BlocksNum 0x11A87C84
01:38:57.0477 0x0b90  \Device\Harddisk0\DR0:
01:38:57.0492 0x0b90  MBR partitions:
01:38:57.0492 0x0b90  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
01:38:57.0492 0x0b90  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBA4CFBF, BlocksNum 0xBA4CF41
01:38:57.0508 0x0b90  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x17499F3F, BlocksNum 0xBA4CF41
01:38:57.0523 0x0b90  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x22EE6EBF, BlocksNum 0xBA4CF41
01:38:57.0523 0x0b90  \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x2E933E3F, BlocksNum 0xBA4CF41
01:38:57.0523 0x0b90  ============================================================
01:38:57.0555 0x0b90  C: <-> \Device\Harddisk0\DR0\Partition1
01:38:57.0570 0x0b90  D: <-> \Device\Harddisk0\DR0\Partition2
01:38:58.0319 0x0b90  F: <-> \Device\Harddisk0\DR0\Partition4
01:38:58.0350 0x0b90  G: <-> \Device\Harddisk0\DR0\Partition5
01:38:58.0366 0x0b90  H: <-> \Device\Harddisk1\DR1\Partition1
01:38:58.0366 0x0b90  I: <-> \Device\Harddisk1\DR1\Partition2
01:38:58.0366 0x0b90  ============================================================
01:38:58.0366 0x0b90  Initialize success
01:38:58.0366 0x0b90  ============================================================
01:39:06.0119 0x0df4  ============================================================
01:39:06.0119 0x0df4  Scan started
01:39:06.0119 0x0df4  Mode: Manual; TDLFS;
01:39:06.0119 0x0df4  ============================================================
01:39:06.0119 0x0df4  KSN ping started
01:39:08.0631 0x0df4  KSN ping finished: true
01:39:09.0473 0x0df4  ================ Scan system memory ========================
01:39:09.0473 0x0df4  System memory - ok
01:39:09.0489 0x0df4  ================ Scan services =============================
01:39:09.0629 0x0df4  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:39:09.0629 0x0df4  1394ohci - ok
01:39:09.0676 0x0df4  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:39:09.0691 0x0df4  ACPI - ok
01:39:09.0691 0x0df4  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:39:09.0691 0x0df4  AcpiPmi - ok
01:39:09.0738 0x0df4  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
01:39:09.0754 0x0df4  AdobeARMservice - ok
01:39:09.0816 0x0df4  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:39:09.0816 0x0df4  AdobeFlashPlayerUpdateSvc - ok
01:39:09.0910 0x0df4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
01:39:09.0910 0x0df4  adp94xx - ok
01:39:09.0941 0x0df4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
01:39:09.0941 0x0df4  adpahci - ok
01:39:09.0957 0x0df4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
01:39:09.0957 0x0df4  adpu320 - ok
01:39:09.0972 0x0df4  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:39:09.0972 0x0df4  AeLookupSvc - ok
01:39:10.0003 0x0df4  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
01:39:10.0019 0x0df4  AFD - ok
01:39:10.0035 0x0df4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
01:39:10.0035 0x0df4  agp440 - ok
01:39:10.0066 0x0df4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
01:39:10.0066 0x0df4  aic78xx - ok
01:39:10.0097 0x0df4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
01:39:10.0097 0x0df4  ALG - ok
01:39:10.0128 0x0df4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:39:10.0128 0x0df4  aliide - ok
01:39:10.0144 0x0df4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
01:39:10.0144 0x0df4  amdagp - ok
01:39:10.0144 0x0df4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
01:39:10.0159 0x0df4  amdide - ok
01:39:10.0175 0x0df4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
01:39:10.0175 0x0df4  AmdK8 - ok
01:39:10.0191 0x0df4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:39:10.0191 0x0df4  AmdPPM - ok
01:39:10.0206 0x0df4  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:39:10.0206 0x0df4  amdsata - ok
01:39:10.0222 0x0df4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:39:10.0222 0x0df4  amdsbs - ok
01:39:10.0237 0x0df4  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:39:10.0237 0x0df4  amdxata - ok
01:39:10.0253 0x0df4  andnetadb - ok
01:39:10.0253 0x0df4  AndNetDiag - ok
01:39:10.0253 0x0df4  ANDNetModem - ok
01:39:10.0284 0x0df4  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
01:39:10.0284 0x0df4  AppID - ok
01:39:10.0315 0x0df4  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:39:10.0315 0x0df4  AppIDSvc - ok
01:39:10.0362 0x0df4  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
01:39:10.0362 0x0df4  Appinfo - ok
01:39:10.0409 0x0df4  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:39:10.0409 0x0df4  Apple Mobile Device - ok
01:39:10.0425 0x0df4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
01:39:10.0425 0x0df4  arc - ok
01:39:10.0440 0x0df4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:39:10.0440 0x0df4  arcsas - ok
01:39:10.0518 0x0df4  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:39:10.0518 0x0df4  aspnet_state - ok
01:39:10.0549 0x0df4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:39:10.0549 0x0df4  AsyncMac - ok
01:39:10.0565 0x0df4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
01:39:10.0565 0x0df4  atapi - ok
01:39:10.0596 0x0df4  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:39:10.0612 0x0df4  AudioEndpointBuilder - ok
01:39:10.0643 0x0df4  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
01:39:10.0643 0x0df4  Audiosrv - ok
01:39:10.0674 0x0df4  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:39:10.0674 0x0df4  AxInstSV - ok
01:39:10.0705 0x0df4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
01:39:10.0721 0x0df4  b06bdrv - ok
01:39:10.0752 0x0df4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
01:39:10.0752 0x0df4  b57nd60x - ok
01:39:10.0783 0x0df4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
01:39:10.0783 0x0df4  BDESVC - ok
01:39:10.0799 0x0df4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:39:10.0799 0x0df4  Beep - ok
01:39:10.0830 0x0df4  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
01:39:10.0846 0x0df4  BFE - ok
01:39:10.0877 0x0df4  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
01:39:10.0893 0x0df4  BITS - ok
01:39:10.0908 0x0df4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:39:10.0908 0x0df4  blbdrive - ok
01:39:10.0971 0x0df4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:39:10.0971 0x0df4  Bonjour Service - ok
01:39:10.0986 0x0df4  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:39:11.0002 0x0df4  bowser - ok
01:39:11.0017 0x0df4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:39:11.0017 0x0df4  BrFiltLo - ok
01:39:11.0017 0x0df4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:39:11.0017 0x0df4  BrFiltUp - ok
01:39:11.0033 0x0df4  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
01:39:11.0049 0x0df4  Browser - ok
01:39:11.0064 0x0df4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:39:11.0064 0x0df4  Brserid - ok
01:39:11.0080 0x0df4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:39:11.0080 0x0df4  BrSerWdm - ok
01:39:11.0095 0x0df4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:39:11.0095 0x0df4  BrUsbMdm - ok
01:39:11.0111 0x0df4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:39:11.0111 0x0df4  BrUsbSer - ok
01:39:11.0111 0x0df4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:39:11.0111 0x0df4  BTHMODEM - ok
01:39:11.0142 0x0df4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
01:39:11.0142 0x0df4  bthserv - ok
01:39:11.0158 0x0df4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:39:11.0158 0x0df4  cdfs - ok
01:39:11.0220 0x0df4  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
01:39:11.0220 0x0df4  cdrom - ok
01:39:11.0251 0x0df4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
01:39:11.0251 0x0df4  CertPropSvc - ok
01:39:11.0267 0x0df4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:39:11.0267 0x0df4  circlass - ok
01:39:11.0298 0x0df4  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
01:39:11.0298 0x0df4  CLFS - ok
01:39:11.0345 0x0df4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:39:11.0361 0x0df4  clr_optimization_v2.0.50727_32 - ok
01:39:11.0423 0x0df4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:39:11.0423 0x0df4  clr_optimization_v4.0.30319_32 - ok
01:39:11.0439 0x0df4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:39:11.0439 0x0df4  CmBatt - ok
01:39:11.0454 0x0df4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:39:11.0454 0x0df4  cmdide - ok
01:39:11.0485 0x0df4  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
01:39:11.0485 0x0df4  CNG - ok
01:39:11.0501 0x0df4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:39:11.0517 0x0df4  Compbatt - ok
01:39:11.0548 0x0df4  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:39:11.0548 0x0df4  CompositeBus - ok
01:39:11.0548 0x0df4  COMSysApp - ok
01:39:11.0626 0x0df4  [ 4FAB04AE709F4FA6E35127B9DC18D969, 0C6814D31D436D8BF6D4D4759EA519D76A477ED873A81EF36B3C370ADA15438F ] CouponPrinterService C:\Program Files\Coupons\CouponPrinterService.exe
01:39:11.0626 0x0df4  CouponPrinterService - ok
01:39:11.0641 0x0df4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
01:39:11.0641 0x0df4  crcdisk - ok
01:39:11.0673 0x0df4  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:39:11.0688 0x0df4  CryptSvc - ok
01:39:11.0719 0x0df4  [ 90F8539FA0DE4AAFE4FDBE7F95D6A512, 8F788EB5788CC04D53728FADF72114E0A12CC6F66B6A84EA7C7293722AC76137 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
01:39:11.0719 0x0df4  dc3d - ok
01:39:11.0766 0x0df4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:39:11.0766 0x0df4  DcomLaunch - ok
01:39:11.0797 0x0df4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
01:39:11.0797 0x0df4  defragsvc - ok
01:39:11.0829 0x0df4  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:39:11.0829 0x0df4  DfsC - ok
01:39:11.0860 0x0df4  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:39:11.0860 0x0df4  Dhcp - ok
01:39:11.0875 0x0df4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
01:39:11.0875 0x0df4  discache - ok
01:39:11.0907 0x0df4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:39:11.0907 0x0df4  Disk - ok
01:39:11.0938 0x0df4  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:39:11.0938 0x0df4  Dnscache - ok
01:39:11.0969 0x0df4  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:39:11.0969 0x0df4  dot3svc - ok
01:39:12.0000 0x0df4  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
01:39:12.0016 0x0df4  dot4 - ok
01:39:12.0031 0x0df4  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:39:12.0031 0x0df4  Dot4Print - ok
01:39:12.0031 0x0df4  [ 9F7DE667C505CE6500BECDD8E11644D7, AA9C589980684429DBAF882AB9A197A6894F23B0CB629C7AF3E27B34B61CB6C1 ] Dot4Scan        C:\Windows\system32\DRIVERS\Dot4Scan.sys
01:39:12.0031 0x0df4  Dot4Scan - ok
01:39:12.0063 0x0df4  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
01:39:12.0063 0x0df4  dot4usb - ok
01:39:12.0094 0x0df4  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
01:39:12.0109 0x0df4  DPS - ok
01:39:12.0141 0x0df4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:39:12.0141 0x0df4  drmkaud - ok
01:39:12.0187 0x0df4  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:39:12.0203 0x0df4  DXGKrnl - ok
01:39:12.0234 0x0df4  [ CF0A6015F437161698C5B2A0A12CF052, C23A777CF5D34C96B16A4A6197DA3F14CC2F8C56421E422BBD46617C941DBBCE ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
01:39:12.0234 0x0df4  e1express - ok
01:39:12.0265 0x0df4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
01:39:12.0265 0x0df4  EapHost - ok
01:39:12.0375 0x0df4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
01:39:12.0437 0x0df4  ebdrv - ok
01:39:12.0468 0x0df4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
01:39:12.0468 0x0df4  EFS - ok
01:39:12.0515 0x0df4  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:39:12.0531 0x0df4  ehRecvr - ok
01:39:12.0546 0x0df4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
01:39:12.0546 0x0df4  ehSched - ok
01:39:12.0577 0x0df4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
01:39:12.0593 0x0df4  elxstor - ok
01:39:12.0624 0x0df4  [ 539CA34FBC74EC366A0D751028C32A08, 5A52964970564D363B9D676A182892B3CE61B3A1BAA67BEF59DFA29F15ED5815 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
01:39:12.0624 0x0df4  epmntdrv - ok
01:39:12.0640 0x0df4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:39:12.0640 0x0df4  ErrDev - ok
01:39:12.0687 0x0df4  [ 1F2F4AB15CE03ECC257FEB2F6DC5A013, FB06406AD9CCD946155C4E8CA769E0430589A4E4BBBDA2C90A67C84E0D2F8EE0 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
01:39:12.0687 0x0df4  EuGdiDrv - ok
01:39:12.0718 0x0df4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
01:39:12.0718 0x0df4  EventSystem - ok
01:39:12.0733 0x0df4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
01:39:12.0733 0x0df4  exfat - ok
01:39:12.0749 0x0df4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:39:12.0749 0x0df4  fastfat - ok
01:39:12.0780 0x0df4  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
01:39:12.0796 0x0df4  Fax - ok
01:39:12.0811 0x0df4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:39:12.0811 0x0df4  fdc - ok
01:39:12.0827 0x0df4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
01:39:12.0827 0x0df4  fdPHost - ok
01:39:12.0843 0x0df4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:39:12.0843 0x0df4  FDResPub - ok
01:39:12.0858 0x0df4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:39:12.0858 0x0df4  FileInfo - ok
01:39:12.0858 0x0df4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:39:12.0858 0x0df4  Filetrace - ok
01:39:12.0874 0x0df4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:39:12.0874 0x0df4  flpydisk - ok
01:39:12.0889 0x0df4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:39:12.0905 0x0df4  FltMgr - ok
01:39:12.0952 0x0df4  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
01:39:12.0983 0x0df4  FontCache - ok
01:39:13.0030 0x0df4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:39:13.0030 0x0df4  FontCache3.0.0.0 - ok
01:39:13.0030 0x0df4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:39:13.0045 0x0df4  FsDepends - ok
01:39:13.0061 0x0df4  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:39:13.0061 0x0df4  Fs_Rec - ok
01:39:13.0092 0x0df4  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:39:13.0092 0x0df4  fvevol - ok
01:39:13.0123 0x0df4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:39:13.0123 0x0df4  gagp30kx - ok
01:39:13.0155 0x0df4  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:39:13.0155 0x0df4  GEARAspiWDM - ok
01:39:13.0186 0x0df4  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
01:39:13.0201 0x0df4  gpsvc - ok
01:39:13.0279 0x0df4  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
01:39:13.0279 0x0df4  gupdate - ok
01:39:13.0295 0x0df4  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
01:39:13.0295 0x0df4  gupdatem - ok
01:39:13.0295 0x0df4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:39:13.0295 0x0df4  hcw85cir - ok
01:39:13.0342 0x0df4  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:39:13.0342 0x0df4  HdAudAddService - ok
01:39:13.0373 0x0df4  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
01:39:13.0373 0x0df4  HDAudBus - ok
01:39:13.0389 0x0df4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
01:39:13.0389 0x0df4  HidBatt - ok
01:39:13.0404 0x0df4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:39:13.0404 0x0df4  HidBth - ok
01:39:13.0420 0x0df4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
01:39:13.0420 0x0df4  HidIr - ok
01:39:13.0435 0x0df4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
01:39:13.0435 0x0df4  hidserv - ok
01:39:13.0467 0x0df4  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:39:13.0467 0x0df4  HidUsb - ok
01:39:13.0498 0x0df4  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:39:13.0498 0x0df4  hkmsvc - ok
01:39:13.0513 0x0df4  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:39:13.0529 0x0df4  HomeGroupListener - ok
01:39:13.0545 0x0df4  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:39:13.0545 0x0df4  HomeGroupProvider - ok
01:39:13.0591 0x0df4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:39:13.0591 0x0df4  HpSAMD - ok
01:39:13.0623 0x0df4  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:39:13.0638 0x0df4  HTTP - ok
01:39:13.0654 0x0df4  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:39:13.0654 0x0df4  hwpolicy - ok
01:39:13.0685 0x0df4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:39:13.0685 0x0df4  i8042prt - ok
01:39:13.0716 0x0df4  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:39:13.0716 0x0df4  iaStorV - ok
01:39:13.0747 0x0df4  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
01:39:13.0747 0x0df4  IDriverT - ok
01:39:13.0810 0x0df4  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:39:13.0825 0x0df4  idsvc - ok
01:39:13.0841 0x0df4  IEEtwCollectorService - ok
01:39:13.0919 0x0df4  [ 3962F0BE2018A275DBE7510A80173759, 4144CC7B33B5CED4BCA25D41874EDF6CDB88BCA2EE63FAC71C3F32CECA4D3E6E ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
01:39:13.0919 0x0df4  IHA_MessageCenter - ok
01:39:13.0950 0x0df4  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
01:39:13.0950 0x0df4  iirsp - ok
01:39:13.0997 0x0df4  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:39:14.0013 0x0df4  IKEEXT - ok
01:39:14.0028 0x0df4  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
01:39:14.0028 0x0df4  intelide - ok
01:39:14.0044 0x0df4  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:39:14.0044 0x0df4  intelppm - ok
01:39:14.0059 0x0df4  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:39:14.0059 0x0df4  IPBusEnum - ok
01:39:14.0075 0x0df4  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:39:14.0075 0x0df4  IpFilterDriver - ok
01:39:14.0122 0x0df4  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:39:14.0122 0x0df4  iphlpsvc - ok
01:39:14.0137 0x0df4  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:39:14.0137 0x0df4  IPMIDRV - ok
01:39:14.0153 0x0df4  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:39:14.0169 0x0df4  IPNAT - ok
01:39:14.0200 0x0df4  [ 35828479CCB4EE3CFD7523AF63443D5B, CA582DB092DC049597268B8245F2EEFF5DB807CBE2CFABEA04EA00DD5ED9A2B6 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
01:39:14.0215 0x0df4  iPod Service - ok
01:39:14.0247 0x0df4  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:39:14.0247 0x0df4  IRENUM - ok
01:39:14.0262 0x0df4  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:39:14.0262 0x0df4  isapnp - ok
01:39:14.0278 0x0df4  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:39:14.0293 0x0df4  iScsiPrt - ok
01:39:14.0309 0x0df4  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:39:14.0309 0x0df4  kbdclass - ok
01:39:14.0325 0x0df4  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
01:39:14.0325 0x0df4  kbdhid - ok
01:39:14.0340 0x0df4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
01:39:14.0340 0x0df4  KeyIso - ok
01:39:14.0356 0x0df4  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:39:14.0371 0x0df4  KSecDD - ok
01:39:14.0371 0x0df4  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:39:14.0387 0x0df4  KSecPkg - ok
01:39:14.0418 0x0df4  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:39:14.0418 0x0df4  KtmRm - ok
01:39:14.0449 0x0df4  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:39:14.0449 0x0df4  LanmanServer - ok
01:39:14.0465 0x0df4  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:39:14.0465 0x0df4  LanmanWorkstation - ok
01:39:14.0496 0x0df4  [ 01CC7FB6E790EF044B411377F3A1FF41, A935C0C45F7A8EA7D6A462064928B6F982709FB33C21DE6424232297F3A1948B ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:39:14.0496 0x0df4  LHidFilt - ok
01:39:14.0527 0x0df4  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:39:14.0527 0x0df4  lltdio - ok
01:39:14.0543 0x0df4  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:39:14.0559 0x0df4  lltdsvc - ok
01:39:14.0559 0x0df4  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:39:14.0559 0x0df4  lmhosts - ok
01:39:14.0590 0x0df4  [ A2E7EAE8898D7B4B8C302B8F4E836BB5, 1F3C1228891C90B4567DE07AD8A9EF1F5005ED74A71EC5E814906FEF44D02ADC ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:39:14.0590 0x0df4  LMouFilt - ok
01:39:14.0605 0x0df4  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:39:14.0605 0x0df4  LSI_FC - ok
01:39:14.0621 0x0df4  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
01:39:14.0621 0x0df4  LSI_SAS - ok
01:39:14.0637 0x0df4  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:39:14.0652 0x0df4  LSI_SAS2 - ok
01:39:14.0652 0x0df4  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:39:14.0652 0x0df4  LSI_SCSI - ok
01:39:14.0683 0x0df4  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
01:39:14.0683 0x0df4  luafv - ok
01:39:14.0715 0x0df4  [ DDFA88E36D5F8DB5FBDBDDDC4969DB0A, BBC675F013B6EB9A5860ABCF16A0ACEC2D726B102DA3E4F294CD25383F6D3D1B ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
01:39:14.0715 0x0df4  LUsbFilt - ok
01:39:14.0746 0x0df4  lxct_device - ok
01:39:14.0761 0x0df4  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:39:14.0761 0x0df4  Mcx2Svc - ok
01:39:14.0777 0x0df4  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
01:39:14.0777 0x0df4  megasas - ok
01:39:14.0793 0x0df4  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:39:14.0808 0x0df4  MegaSR - ok
01:39:14.0824 0x0df4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
01:39:14.0824 0x0df4  MMCSS - ok
01:39:14.0839 0x0df4  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
01:39:14.0839 0x0df4  Modem - ok
01:39:14.0855 0x0df4  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:39:14.0855 0x0df4  monitor - ok
01:39:14.0886 0x0df4  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:39:14.0886 0x0df4  mouclass - ok
01:39:14.0902 0x0df4  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:39:14.0917 0x0df4  mouhid - ok
01:39:14.0933 0x0df4  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:39:14.0933 0x0df4  mountmgr - ok
01:39:14.0995 0x0df4  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:39:14.0995 0x0df4  MozillaMaintenance - ok
01:39:15.0027 0x0df4  [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
01:39:15.0027 0x0df4  MpFilter - ok
01:39:15.0058 0x0df4  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:39:15.0058 0x0df4  mpio - ok
01:39:15.0183 0x0df4  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsle29d29d0   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C472C7B6-D722-4089-A44B-27D5CC0643E0}\MpKsle29d29d0.sys
01:39:15.0183 0x0df4  MpKsle29d29d0 - ok
01:39:15.0214 0x0df4  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:39:15.0214 0x0df4  mpsdrv - ok
01:39:15.0261 0x0df4  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:39:15.0276 0x0df4  MpsSvc - ok
01:39:15.0292 0x0df4  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:39:15.0292 0x0df4  MRxDAV - ok
01:39:15.0323 0x0df4  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:39:15.0323 0x0df4  mrxsmb - ok
01:39:15.0354 0x0df4  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:39:15.0354 0x0df4  mrxsmb10 - ok
01:39:15.0385 0x0df4  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:39:15.0385 0x0df4  mrxsmb20 - ok
01:39:15.0401 0x0df4  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:39:15.0401 0x0df4  msahci - ok
01:39:15.0432 0x0df4  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:39:15.0432 0x0df4  msdsm - ok
01:39:15.0448 0x0df4  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
01:39:15.0448 0x0df4  MSDTC - ok
01:39:15.0463 0x0df4  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:39:15.0463 0x0df4  Msfs - ok
01:39:15.0479 0x0df4  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:39:15.0479 0x0df4  mshidkmdf - ok
01:39:15.0479 0x0df4  MSICDSetup - ok
01:39:15.0510 0x0df4  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:39:15.0510 0x0df4  msisadrv - ok
01:39:15.0526 0x0df4  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:39:15.0526 0x0df4  MSiSCSI - ok
01:39:15.0541 0x0df4  msiserver - ok
01:39:15.0557 0x0df4  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:39:15.0557 0x0df4  MSKSSRV - ok
01:39:15.0588 0x0df4  [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
01:39:15.0588 0x0df4  MsMpSvc - ok
01:39:15.0604 0x0df4  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:39:15.0604 0x0df4  MSPCLOCK - ok
01:39:15.0619 0x0df4  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:39:15.0619 0x0df4  MSPQM - ok
01:39:15.0635 0x0df4  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:39:15.0635 0x0df4  MsRPC - ok
01:39:15.0651 0x0df4  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:39:15.0651 0x0df4  mssmbios - ok
01:39:15.0651 0x0df4  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:39:15.0651 0x0df4  MSTEE - ok
01:39:15.0682 0x0df4  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:39:15.0682 0x0df4  MTConfig - ok
01:39:15.0682 0x0df4  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:39:15.0682 0x0df4  Mup - ok
01:39:15.0713 0x0df4  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
01:39:15.0729 0x0df4  napagent - ok
01:39:15.0760 0x0df4  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:39:15.0760 0x0df4  NativeWifiP - ok
01:39:15.0807 0x0df4  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:39:15.0822 0x0df4  NDIS - ok
01:39:15.0822 0x0df4  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:39:15.0822 0x0df4  NdisCap - ok
01:39:15.0853 0x0df4  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:39:15.0853 0x0df4  NdisTapi - ok
01:39:15.0885 0x0df4  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:39:15.0885 0x0df4  Ndisuio - ok
01:39:15.0885 0x0df4  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:39:15.0885 0x0df4  NdisWan - ok
01:39:15.0900 0x0df4  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:39:15.0916 0x0df4  NDProxy - ok
01:39:15.0916 0x0df4  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:39:15.0916 0x0df4  NetBIOS - ok
01:39:15.0947 0x0df4  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:39:15.0947 0x0df4  NetBT - ok
01:39:15.0963 0x0df4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
01:39:15.0978 0x0df4  Netlogon - ok
01:39:15.0994 0x0df4  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
01:39:16.0009 0x0df4  Netman - ok
01:39:16.0041 0x0df4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:39:16.0041 0x0df4  NetMsmqActivator - ok
01:39:16.0072 0x0df4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:39:16.0072 0x0df4  NetPipeActivator - ok
01:39:16.0103 0x0df4  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
01:39:16.0103 0x0df4  netprofm - ok
01:39:16.0119 0x0df4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:39:16.0119 0x0df4  NetTcpActivator - ok
01:39:16.0134 0x0df4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:39:16.0134 0x0df4  NetTcpPortSharing - ok
01:39:16.0150 0x0df4  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
01:39:16.0150 0x0df4  nfrd960 - ok
01:39:16.0197 0x0df4  [ 6A83B8AF342E61DEE353BAA81F67B7DA, F883A69DC57A203CEF4A264ADA3669EFA11149FE479A32FF38A37C86D24D7DE7 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:39:16.0197 0x0df4  NisDrv - ok
01:39:16.0243 0x0df4  [ 877C975D6FED8B12C445312D1286771E, 2FD5F2FE0414D00B8E4EF389E1AD11356C14F700A906770B0AB88B464D963948 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
01:39:16.0243 0x0df4  NisSrv - ok
01:39:16.0275 0x0df4  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:39:16.0275 0x0df4  NlaSvc - ok
01:39:16.0353 0x0df4  [ 9B664C0186EC16EA8812831CECC80BC8, 6DE6C1AA3500F26BA757A1ED37DB9FD9B85B206D11F10A6803CBA584F175FCD1 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
01:39:16.0353 0x0df4  NMIndexingService - ok
01:39:16.0399 0x0df4  [ B9730495E0CF674680121E34BD95A73B, 1A3DD943B0EEA19A676175825CB135825ECF41404B59349AC9B1E6D137FA9B46 ] NPF             C:\Windows\system32\drivers\npf.sys
01:39:16.0399 0x0df4  NPF - ok
01:39:16.0415 0x0df4  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:39:16.0415 0x0df4  Npfs - ok
01:39:16.0446 0x0df4  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
01:39:16.0446 0x0df4  nsi - ok
01:39:16.0462 0x0df4  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:39:16.0462 0x0df4  nsiproxy - ok
01:39:16.0524 0x0df4  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:39:16.0540 0x0df4  Ntfs - ok
01:39:16.0571 0x0df4  NTIOLib_1_0_4 - ok
01:39:16.0587 0x0df4  [ 9620A1D8160A550F064BBAF48D0F97CC, 812625770EB81A35A18AB077813E205A2F547BE1705D9A6D5B064DDDE5D1719F ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
01:39:16.0587 0x0df4  NuidFltr - ok
01:39:16.0602 0x0df4  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
01:39:16.0602 0x0df4  Null - ok
01:39:16.0633 0x0df4  [ FBEC0FD36ED61EFEE1E3063281EAB984, AE4BC81897FDDE6EBEE7A9A3C9252A8E454B80831A853F9D1DCC0C2F8FA7DAAC ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
01:39:16.0649 0x0df4  NVHDA - ok
01:39:16.0992 0x0df4  [ FD5A76AF84FC210CD15548C701243A3F, F960CEF9EE09E32E9838EDF2332D50DC72570669EE6737377312EEB4E57BDE19 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:39:17.0148 0x0df4  nvlddmkm - ok
01:39:17.0195 0x0df4  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:39:17.0211 0x0df4  nvraid - ok
01:39:17.0226 0x0df4  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:39:17.0242 0x0df4  nvstor - ok
01:39:17.0772 0x0df4  [ 1CFA39D040682BCB8A5E8617E5743A80, E15FE6CFEAE0F15E4B57C62CAC1B33442B28EBCFA84BB1541D82DC6C526D23CE ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
01:39:18.0037 0x0df4  NvStreamSvc - ok
01:39:18.0115 0x0df4  [ 6004D55C0434E15CE98A4CF2A6A4BE94, 572D5B497CF76135B5F5AE85FFD479ED366D66981A571FAFE9B28797B4F667AF ] nvsvc           C:\Windows\system32\nvvsvc.exe
01:39:18.0115 0x0df4  nvsvc - ok
01:39:18.0240 0x0df4  [ BC120F98DCA622BE48D16B4A5714CA71, 5C6F29F1723F8361B69812CBE202248A1E9FB55EA03446A5BB558C48032E8AB4 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:39:18.0271 0x0df4  nvUpdatusService - ok
01:39:18.0303 0x0df4  [ 9C6266C4A78D48A4000F658AD187E9E5, F8776C287AFCDB0F07A387D10048DE8F38702FFF49DE5D531C0A1C332AC59279 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad32v.sys
01:39:18.0318 0x0df4  nvvad_WaveExtensible - ok
01:39:18.0334 0x0df4  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:39:18.0334 0x0df4  nv_agp - ok
01:39:18.0349 0x0df4  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:39:18.0349 0x0df4  ohci1394 - ok
01:39:18.0381 0x0df4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:39:18.0381 0x0df4  p2pimsvc - ok
01:39:18.0396 0x0df4  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:39:18.0412 0x0df4  p2psvc - ok
01:39:18.0427 0x0df4  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
01:39:18.0427 0x0df4  Parport - ok
01:39:18.0443 0x0df4  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:39:18.0459 0x0df4  partmgr - ok
01:39:18.0459 0x0df4  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
01:39:18.0459 0x0df4  Parvdm - ok
01:39:18.0474 0x0df4  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:39:18.0474 0x0df4  PcaSvc - ok
01:39:18.0505 0x0df4  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
01:39:18.0505 0x0df4  pci - ok
01:39:18.0521 0x0df4  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
01:39:18.0521 0x0df4  pciide - ok
01:39:18.0537 0x0df4  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:39:18.0537 0x0df4  pcmcia - ok
01:39:18.0552 0x0df4  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:39:18.0552 0x0df4  pcw - ok
01:39:18.0599 0x0df4  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:39:18.0615 0x0df4  PEAUTH - ok
01:39:18.0693 0x0df4  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
01:39:18.0708 0x0df4  pla - ok
01:39:18.0755 0x0df4  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:39:18.0755 0x0df4  PlugPlay - ok
01:39:18.0771 0x0df4  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:39:18.0771 0x0df4  PNRPAutoReg - ok
01:39:18.0786 0x0df4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:39:18.0802 0x0df4  PNRPsvc - ok
01:39:18.0817 0x0df4  [ 896D916DE06F5502D301E8C4DC442AE8, 7B5C5FA075BA680B990A0A78A690CF2DE04EF7EB1457781E38D0EE4A95CEFDCA ] Point32         C:\Windows\system32\DRIVERS\point32.sys
01:39:18.0817 0x0df4  Point32 - ok
01:39:18.0849 0x0df4  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:39:18.0849 0x0df4  PolicyAgent - ok
01:39:18.0880 0x0df4  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
01:39:18.0880 0x0df4  Power - ok
01:39:18.0911 0x0df4  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:39:18.0911 0x0df4  PptpMiniport - ok
01:39:18.0927 0x0df4  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
01:39:18.0927 0x0df4  Processor - ok
01:39:18.0958 0x0df4  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:39:18.0958 0x0df4  ProfSvc - ok
01:39:18.0973 0x0df4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:39:18.0973 0x0df4  ProtectedStorage - ok
01:39:18.0989 0x0df4  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:39:18.0989 0x0df4  Psched - ok
01:39:19.0036 0x0df4  [ D24DFD16A1E2A76034DF5AA18125C35D, BB1F2BB3EB69DE742AA8ED33DCB572888BC473182E0F7DA860CB57903C9924A6 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
01:39:19.0036 0x0df4  PSI - ok
01:39:19.0098 0x0df4  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:39:19.0114 0x0df4  ql2300 - ok
01:39:19.0145 0x0df4  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:39:19.0145 0x0df4  ql40xx - ok
01:39:19.0176 0x0df4  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
01:39:19.0176 0x0df4  QWAVE - ok
01:39:19.0192 0x0df4  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:39:19.0192 0x0df4  QWAVEdrv - ok
01:39:19.0192 0x0df4  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:39:19.0192 0x0df4  RasAcd - ok
01:39:19.0223 0x0df4  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:39:19.0223 0x0df4  RasAgileVpn - ok
01:39:19.0239 0x0df4  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
01:39:19.0239 0x0df4  RasAuto - ok
01:39:19.0254 0x0df4  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:39:19.0254 0x0df4  Rasl2tp - ok
01:39:19.0285 0x0df4  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
01:39:19.0285 0x0df4  RasMan - ok
01:39:19.0301 0x0df4  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:39:19.0317 0x0df4  RasPppoe - ok
01:39:19.0332 0x0df4  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:39:19.0332 0x0df4  RasSstp - ok
01:39:19.0348 0x0df4  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:39:19.0363 0x0df4  rdbss - ok
01:39:19.0363 0x0df4  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:39:19.0363 0x0df4  rdpbus - ok
01:39:19.0379 0x0df4  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:39:19.0379 0x0df4  RDPCDD - ok
01:39:19.0410 0x0df4  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:39:19.0410 0x0df4  RDPENCDD - ok
01:39:19.0426 0x0df4  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:39:19.0426 0x0df4  RDPREFMP - ok
01:39:19.0488 0x0df4  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:39:19.0488 0x0df4  RdpVideoMiniport - ok
01:39:19.0551 0x0df4  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:39:19.0551 0x0df4  RDPWD - ok
01:39:19.0629 0x0df4  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:39:19.0644 0x0df4  rdyboost - ok
01:39:19.0660 0x0df4  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:39:19.0660 0x0df4  RemoteAccess - ok
01:39:19.0691 0x0df4  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:39:19.0691 0x0df4  RemoteRegistry - ok
01:39:19.0738 0x0df4  [ A780D3EAA74582EA1DEB6BD9C7A3D9C9, 9F66C47D49AADDC946C20945685C1B8BDFAF011D9CD840AC9F3130B5BA09946C ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
01:39:19.0738 0x0df4  rpcapd - ok
01:39:19.0769 0x0df4  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:39:19.0769 0x0df4  RpcEptMapper - ok
01:39:19.0785 0x0df4  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
01:39:19.0785 0x0df4  RpcLocator - ok
01:39:19.0800 0x0df4  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
01:39:19.0816 0x0df4  RpcSs - ok
01:39:19.0831 0x0df4  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:39:19.0847 0x0df4  rspndr - ok
01:39:19.0847 0x0df4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
01:39:19.0847 0x0df4  SamSs - ok
01:39:19.0894 0x0df4  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:39:19.0894 0x0df4  sbp2port - ok
01:39:19.0925 0x0df4  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:39:19.0925 0x0df4  SCardSvr - ok
01:39:19.0956 0x0df4  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:39:19.0956 0x0df4  scfilter - ok
01:39:20.0003 0x0df4  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
01:39:20.0019 0x0df4  Schedule - ok
01:39:20.0065 0x0df4  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:39:20.0065 0x0df4  SCPolicySvc - ok
01:39:20.0081 0x0df4  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:39:20.0081 0x0df4  SDRSVC - ok
01:39:20.0112 0x0df4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:39:20.0112 0x0df4  secdrv - ok
01:39:20.0128 0x0df4  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
01:39:20.0128 0x0df4  seclogon - ok
01:39:20.0206 0x0df4  [ 7198BBFBE46C0070257278C536386687, 8670549D1C26F5924B3FADC35AD526C56728A51D377369B1C74397496497BE5D ] Secunia PSI Agent D:\program files\PSI\PSIA.exe
01:39:20.0221 0x0df4  Secunia PSI Agent - ok
01:39:20.0268 0x0df4  [ D2FCA567F9BE87E29B9A9FA32FFE79CA, 2DEFC814B5979A80FFC74242871C9ECB09FBCA994BF9069D6B1E94A5F7588F17 ] Secunia Update Agent D:\program files\PSI\sua.exe
01:39:20.0268 0x0df4  Secunia Update Agent - ok
01:39:20.0299 0x0df4  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
01:39:20.0299 0x0df4  SENS - ok
01:39:20.0315 0x0df4  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:39:20.0331 0x0df4  SensrSvc - ok
01:39:20.0331 0x0df4  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
01:39:20.0331 0x0df4  Serenum - ok
01:39:20.0362 0x0df4  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:39:20.0362 0x0df4  Serial - ok
01:39:20.0377 0x0df4  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:39:20.0377 0x0df4  sermouse - ok
01:39:20.0409 0x0df4  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:39:20.0424 0x0df4  SessionEnv - ok
01:39:20.0440 0x0df4  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:39:20.0440 0x0df4  sffdisk - ok
01:39:20.0440 0x0df4  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:39:20.0455 0x0df4  sffp_mmc - ok
01:39:20.0455 0x0df4  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:39:20.0455 0x0df4  sffp_sd - ok
01:39:20.0471 0x0df4  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
01:39:20.0471 0x0df4  sfloppy - ok
01:39:20.0502 0x0df4  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:39:20.0518 0x0df4  SharedAccess - ok
01:39:20.0549 0x0df4  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:39:20.0549 0x0df4  ShellHWDetection - ok
01:39:20.0565 0x0df4  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
01:39:20.0565 0x0df4  sisagp - ok
01:39:20.0596 0x0df4  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:39:20.0596 0x0df4  SiSRaid2 - ok
01:39:20.0611 0x0df4  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:39:20.0611 0x0df4  SiSRaid4 - ok
01:39:20.0627 0x0df4  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:39:20.0627 0x0df4  Smb - ok
01:39:20.0643 0x0df4  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:39:20.0643 0x0df4  SNMPTRAP - ok
01:39:20.0658 0x0df4  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:39:20.0658 0x0df4  spldr - ok
01:39:20.0689 0x0df4  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
01:39:20.0689 0x0df4  Spooler - ok
01:39:20.0799 0x0df4  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
01:39:20.0861 0x0df4  sppsvc - ok
01:39:20.0892 0x0df4  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:39:20.0892 0x0df4  sppuinotify - ok
01:39:20.0923 0x0df4  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:39:20.0923 0x0df4  srv - ok
01:39:20.0939 0x0df4  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:39:20.0955 0x0df4  srv2 - ok
01:39:20.0955 0x0df4  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:39:20.0955 0x0df4  srvnet - ok
01:39:20.0986 0x0df4  [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B, CBB57877DF2F4D5CCF39D65E863F4C3EC30E6EBBD95132667908BF6E638E27FA ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
01:39:20.0986 0x0df4  sscdbus - ok
01:39:21.0017 0x0df4  [ 8A1BE0C347814F482F493AEA619D57F6, 868AA830CC581FDB66F065938F8AC69621FD2E1767D5A29BAD1B9DB154C46F4A ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
01:39:21.0017 0x0df4  sscdmdfl - ok
01:39:21.0033 0x0df4  [ 5AB0B1987F682A59B15B78F84C6AD7D0, 1A7FD72E82884D16525F36C0394F2F6845FE9F3580D9A01E6066605E5B72AB8D ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
01:39:21.0033 0x0df4  sscdmdm - ok
01:39:21.0064 0x0df4  [ 751E66EB32EFA80633B80F5D7FF0A1D8, 0826F4E707D27F633CB3B0D2B3EE6B8A9FBB6E00A91A26A33D0223CCBFF4799B ] sscdserd        C:\Windows\system32\DRIVERS\sscdserd.sys
01:39:21.0064 0x0df4  sscdserd - ok
01:39:21.0079 0x0df4  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:39:21.0095 0x0df4  SSDPSRV - ok
01:39:21.0111 0x0df4  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:39:21.0111 0x0df4  SstpSvc - ok
01:39:21.0142 0x0df4  [ B218068EBA6F46F102B4218BDB81BE0B, 1E9732AF444B3A3B511B100AC2DB0CDFE1600AA5DB0B13FE3E7A2B70BB704856 ] STacSV          C:\Windows\system32\STacSV.exe
01:39:21.0142 0x0df4  STacSV - ok
01:39:21.0204 0x0df4  [ 4F08BE2C2AC568EE9867A9B0F4F09540, 2EACD391B66D649BA458955257912B302270AB883B13FD4034B069B7CECE75FD ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:39:21.0220 0x0df4  Stereo Service - ok
01:39:21.0235 0x0df4  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:39:21.0235 0x0df4  stexstor - ok
01:39:21.0267 0x0df4  [ 167909A1C36AA3E8F2582962F0CCC748, 8E6AAA22BAB77C08F4189A407E8E332C33C31EF5691630F7A8176D6848A77105 ] STHDA           C:\Windows\system32\drivers\stwrt.sys
01:39:21.0267 0x0df4  STHDA - ok
01:39:21.0313 0x0df4  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
01:39:21.0313 0x0df4  StiSvc - ok
01:39:21.0345 0x0df4  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:39:21.0345 0x0df4  swenum - ok
01:39:21.0360 0x0df4  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
01:39:21.0360 0x0df4  swprv - ok
01:39:21.0423 0x0df4  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
01:39:21.0438 0x0df4  SysMain - ok
01:39:21.0454 0x0df4  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
01:39:21.0469 0x0df4  TabletInputService - ok
01:39:21.0485 0x0df4  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:39:21.0501 0x0df4  TapiSrv - ok
01:39:21.0516 0x0df4  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
01:39:21.0532 0x0df4  TBS - ok
01:39:21.0594 0x0df4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:39:21.0625 0x0df4  Tcpip - ok
01:39:21.0672 0x0df4  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:39:21.0703 0x0df4  TCPIP6 - ok
01:39:21.0735 0x0df4  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:39:21.0735 0x0df4  tcpipreg - ok
01:39:21.0766 0x0df4  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:39:21.0766 0x0df4  TDPIPE - ok
01:39:21.0781 0x0df4  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:39:21.0781 0x0df4  TDTCP - ok
01:39:21.0813 0x0df4  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:39:21.0813 0x0df4  tdx - ok
01:39:21.0828 0x0df4  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:39:21.0828 0x0df4  TermDD - ok
01:39:21.0859 0x0df4  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
01:39:21.0875 0x0df4  TermService - ok
01:39:21.0891 0x0df4  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
01:39:21.0906 0x0df4  Themes - ok
01:39:21.0906 0x0df4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
01:39:21.0906 0x0df4  THREADORDER - ok
01:39:21.0937 0x0df4  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
01:39:21.0937 0x0df4  TrkWks - ok
01:39:21.0969 0x0df4  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:39:21.0969 0x0df4  TrustedInstaller - ok
01:39:22.0000 0x0df4  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:39:22.0000 0x0df4  tssecsrv - ok
01:39:22.0031 0x0df4  [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:39:22.0031 0x0df4  TsUsbFlt - ok
01:39:22.0047 0x0df4  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:39:22.0062 0x0df4  tunnel - ok
01:39:22.0078 0x0df4  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:39:22.0078 0x0df4  uagp35 - ok
01:39:22.0109 0x0df4  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:39:22.0109 0x0df4  udfs - ok
01:39:22.0125 0x0df4  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:39:22.0125 0x0df4  UI0Detect - ok
01:39:22.0156 0x0df4  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:39:22.0156 0x0df4  uliagpkx - ok
01:39:22.0187 0x0df4  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
01:39:22.0187 0x0df4  umbus - ok
01:39:22.0203 0x0df4  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:39:22.0203 0x0df4  UmPass - ok
01:39:22.0218 0x0df4  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
01:39:22.0234 0x0df4  upnphost - ok
01:39:22.0249 0x0df4  [ D4FB6ECC60A428564BA8768B0E23C0FC, 4170FB6D0D593B5C22F5B4F664F6253435208C8948AFB66C0D12E2B818BA6DD5 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
01:39:22.0249 0x0df4  USBAAPL - ok
01:39:22.0265 0x0df4  usbbus - ok
01:39:22.0296 0x0df4  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:39:22.0296 0x0df4  usbccgp - ok
01:39:22.0312 0x0df4  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:39:22.0312 0x0df4  usbcir - ok
01:39:22.0312 0x0df4  UsbDiag - ok
01:39:22.0327 0x0df4  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:39:22.0327 0x0df4  usbehci - ok
01:39:22.0359 0x0df4  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:39:22.0374 0x0df4  usbhub - ok
01:39:22.0390 0x0df4  USBModem - ok
01:39:22.0405 0x0df4  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:39:22.0405 0x0df4  usbohci - ok
01:39:22.0437 0x0df4  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:39:22.0437 0x0df4  usbprint - ok
01:39:22.0468 0x0df4  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
01:39:22.0468 0x0df4  usbscan - ok
01:39:22.0483 0x0df4  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:39:22.0483 0x0df4  USBSTOR - ok
01:39:22.0499 0x0df4  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
01:39:22.0499 0x0df4  usbuhci - ok
01:39:22.0530 0x0df4  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
01:39:22.0530 0x0df4  UxSms - ok
01:39:22.0530 0x0df4  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
01:39:22.0530 0x0df4  VaultSvc - ok
01:39:22.0561 0x0df4  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:39:22.0561 0x0df4  vdrvroot - ok
01:39:22.0593 0x0df4  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
01:39:22.0608 0x0df4  vds - ok
01:39:22.0624 0x0df4  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:39:22.0624 0x0df4  vga - ok
01:39:22.0639 0x0df4  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:39:22.0639 0x0df4  VgaSave - ok
01:39:22.0655 0x0df4  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:39:22.0655 0x0df4  vhdmp - ok
01:39:22.0671 0x0df4  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
01:39:22.0671 0x0df4  viaagp - ok
01:39:22.0686 0x0df4  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
01:39:22.0686 0x0df4  ViaC7 - ok
01:39:22.0702 0x0df4  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:39:22.0702 0x0df4  viaide - ok
01:39:22.0717 0x0df4  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:39:22.0717 0x0df4  volmgr - ok
01:39:22.0749 0x0df4  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:39:22.0749 0x0df4  volmgrx - ok
01:39:22.0764 0x0df4  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:39:22.0780 0x0df4  volsnap - ok
01:39:22.0795 0x0df4  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
01:39:22.0795 0x0df4  vsmraid - ok
01:39:22.0842 0x0df4  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
01:39:22.0873 0x0df4  VSS - ok
01:39:22.0873 0x0df4  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
01:39:22.0873 0x0df4  vwifibus - ok
01:39:22.0920 0x0df4  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
01:39:22.0920 0x0df4  W32Time - ok
01:39:22.0936 0x0df4  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:39:22.0936 0x0df4  WacomPen - ok
01:39:22.0951 0x0df4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:39:22.0951 0x0df4  WANARP - ok
01:39:22.0951 0x0df4  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:39:22.0951 0x0df4  Wanarpv6 - ok
01:39:23.0029 0x0df4  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
01:39:23.0045 0x0df4  WatAdminSvc - ok
01:39:23.0107 0x0df4  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
01:39:23.0139 0x0df4  wbengine - ok
01:39:23.0154 0x0df4  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:39:23.0170 0x0df4  WbioSrvc - ok
01:39:23.0185 0x0df4  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:39:23.0201 0x0df4  wcncsvc - ok
01:39:23.0217 0x0df4  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:39:23.0217 0x0df4  WcsPlugInService - ok
01:39:23.0232 0x0df4  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:39:23.0232 0x0df4  Wd - ok
01:39:23.0279 0x0df4  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:39:23.0295 0x0df4  Wdf01000 - ok
01:39:23.0310 0x0df4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:39:23.0310 0x0df4  WdiServiceHost - ok
01:39:23.0326 0x0df4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:39:23.0326 0x0df4  WdiSystemHost - ok
01:39:23.0357 0x0df4  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
01:39:23.0357 0x0df4  WebClient - ok
01:39:23.0373 0x0df4  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:39:23.0373 0x0df4  Wecsvc - ok
01:39:23.0388 0x0df4  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:39:23.0388 0x0df4  wercplsupport - ok
01:39:23.0404 0x0df4  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
01:39:23.0419 0x0df4  WerSvc - ok
01:39:23.0435 0x0df4  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:39:23.0435 0x0df4  WfpLwf - ok
01:39:23.0435 0x0df4  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:39:23.0435 0x0df4  WIMMount - ok
01:39:23.0482 0x0df4  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
01:39:23.0497 0x0df4  WinDefend - ok
01:39:23.0513 0x0df4  WinHttpAutoProxySvc - ok
01:39:23.0560 0x0df4  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:39:23.0560 0x0df4  Winmgmt - ok
01:39:23.0607 0x0df4  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
01:39:23.0638 0x0df4  WinRM - ok
01:39:23.0685 0x0df4  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:39:23.0685 0x0df4  WinUsb - ok
01:39:23.0716 0x0df4  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:39:23.0747 0x0df4  Wlansvc - ok
01:39:23.0856 0x0df4  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:39:23.0887 0x0df4  wlidsvc - ok
01:39:23.0919 0x0df4  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:39:23.0919 0x0df4  WmiAcpi - ok
01:39:23.0934 0x0df4  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:39:23.0934 0x0df4  wmiApSrv - ok
01:39:24.0012 0x0df4  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
01:39:24.0028 0x0df4  WMPNetworkSvc - ok
01:39:24.0043 0x0df4  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:39:24.0059 0x0df4  WPCSvc - ok
01:39:24.0075 0x0df4  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:39:24.0075 0x0df4  WPDBusEnum - ok
01:39:24.0090 0x0df4  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:39:24.0090 0x0df4  ws2ifsl - ok
01:39:24.0106 0x0df4  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
01:39:24.0106 0x0df4  wscsvc - ok
01:39:24.0121 0x0df4  WSearch - ok
01:39:24.0215 0x0df4  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
01:39:24.0262 0x0df4  wuauserv - ok
01:39:24.0293 0x0df4  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:39:24.0293 0x0df4  WudfPf - ok
01:39:24.0309 0x0df4  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:39:24.0324 0x0df4  WUDFRd - ok
01:39:24.0340 0x0df4  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:39:24.0340 0x0df4  wudfsvc - ok
01:39:24.0371 0x0df4  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:39:24.0371 0x0df4  WwanSvc - ok
01:39:24.0387 0x0df4  XDva402 - ok
01:39:24.0418 0x0df4  XDva405 - ok
01:39:24.0433 0x0df4  XDva406 - ok
01:39:24.0449 0x0df4  XDva407 - ok
01:39:24.0449 0x0df4  ================ Scan global ===============================
01:39:24.0480 0x0df4  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
01:39:24.0496 0x0df4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
01:39:24.0511 0x0df4  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
01:39:24.0527 0x0df4  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
01:39:24.0558 0x0df4  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
01:39:24.0558 0x0df4  [ Global ] - ok
01:39:24.0558 0x0df4  ================ Scan MBR ==================================
01:39:24.0558 0x0df4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
01:39:24.0714 0x0df4  \Device\Harddisk1\DR1 - ok
01:39:24.0730 0x0df4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:39:25.0962 0x0df4  \Device\Harddisk0\DR0 - ok
01:39:25.0962 0x0df4  ================ Scan VBR ==================================
01:39:25.0962 0x0df4  [ E09F42012C43A0B39974DBE43AB1FA1C ] \Device\Harddisk1\DR1\Partition1
01:39:25.0962 0x0df4  \Device\Harddisk1\DR1\Partition1 - ok
01:39:25.0962 0x0df4  [ DE674264376BCCD176A14357AA76767D ] \Device\Harddisk1\DR1\Partition2
01:39:25.0962 0x0df4  \Device\Harddisk1\DR1\Partition2 - ok
01:39:25.0962 0x0df4  [ A7D39B83E81350EC46C3D6E12FA09984 ] \Device\Harddisk0\DR0\Partition1
01:39:25.0978 0x0df4  \Device\Harddisk0\DR0\Partition1 - ok
01:39:25.0978 0x0df4  [ 90B9E2E715B8956103F678B16109947A ] \Device\Harddisk0\DR0\Partition2
01:39:26.0025 0x0df4  \Device\Harddisk0\DR0\Partition2 - ok
01:39:26.0025 0x0df4  [ 9CF3EB524BBC3FC5F3EB4F2171A0FEA8 ] \Device\Harddisk0\DR0\Partition3
01:39:26.0056 0x0df4  \Device\Harddisk0\DR0\Partition3 - ok
01:39:26.0056 0x0df4  [ 56FD019746892115451BA7191C5FB2C4 ] \Device\Harddisk0\DR0\Partition4
01:39:26.0071 0x0df4  \Device\Harddisk0\DR0\Partition4 - ok
01:39:26.0071 0x0df4  [ 4AAF266C021FD0D5592DE397F8913A57 ] \Device\Harddisk0\DR0\Partition5
01:39:26.0087 0x0df4  \Device\Harddisk0\DR0\Partition5 - ok
01:39:26.0087 0x0df4  ================ Scan generic autorun ======================
01:39:26.0181 0x0df4  [ E774F875819DEE4A312A921A88F779FE, 793AE0F4C6173EAABC6A0B533735984ECFAFF7715D5BA8F0CF3F467660DFFC1B ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
01:39:26.0212 0x0df4  IntelliPoint - ok
01:39:26.0290 0x0df4  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
01:39:26.0305 0x0df4  Adobe ARM - ok
01:39:26.0337 0x0df4  [ 3B5045DDD039FAB9782851BC486FD92B, 12C59F9E79EB37F26FE0805585EA6B0DAFB41FB8A4FAE972774BC8E3815A1673 ] C:\Program Files\iTunes\iTunesHelper.exe
01:39:26.0337 0x0df4  iTunesHelper - ok
01:39:26.0383 0x0df4  [ E279E55C0D5F5DA2E1FD268EBD12F268, 06C40AF999881699DD9B73440D2ED48F404864C3FB8FF7B36560759892CAAA12 ] C:\Program Files\Microsoft Security Client\msseces.exe
01:39:26.0399 0x0df4  MSC - ok
01:39:26.0461 0x0df4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
01:39:26.0493 0x0df4  Sidebar - ok
01:39:26.0508 0x0df4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
01:39:26.0508 0x0df4  mctadmin - ok
01:39:26.0555 0x0df4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
01:39:26.0571 0x0df4  Sidebar - ok
01:39:26.0602 0x0df4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
01:39:26.0602 0x0df4  mctadmin - ok
01:39:26.0773 0x0df4  [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] D:\program files\CCleaner\CCleaner.exe
01:39:26.0851 0x0df4  CCleaner Monitoring - ok
01:39:26.0883 0x0df4  [ BDC28D69C3AB3AD7C3188CF2843F6927, EC7D422E4BCE106047AAAA81E5F965061EEA9F3FD52FC645E241F1E24690D3FC ] D:\program files\RoboTaskBarIcon.exe
01:39:26.0883 0x0df4  RoboForm - ok
01:39:26.0898 0x0df4  [ BDC28D69C3AB3AD7C3188CF2843F6927, EC7D422E4BCE106047AAAA81E5F965061EEA9F3FD52FC645E241F1E24690D3FC ] D:\program files\RoboTaskBarIcon.exe
01:39:26.0898 0x0df4  RoboForm - ok
01:39:26.0976 0x0df4  [ 2A3FB4C98F139038E23330D2439DB8A4, DE9253AD362B03FA5D3D4912662398E5C4AC76F7274B83E51C251A6921A5B838 ] C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe
01:39:26.0976 0x0df4  Facebook Update - ok
01:39:26.0992 0x0df4  [ 4FD2C311A7878C5B9BCBD878CB0C2826, 16D143123CA3C1922CAC5BEE975317F1E01929146B2598375EAD19A5B61375C9 ] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
01:39:26.0992 0x0df4  BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
01:39:27.0179 0x0df4  [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] D:\program files\CCleaner\CCleaner.exe
01:39:27.0257 0x0df4  CCleaner Monitoring - ok
01:39:27.0273 0x0df4  [ BDC28D69C3AB3AD7C3188CF2843F6927, EC7D422E4BCE106047AAAA81E5F965061EEA9F3FD52FC645E241F1E24690D3FC ] D:\program files\RoboTaskBarIcon.exe
01:39:27.0273 0x0df4  RoboForm - ok
01:39:27.0444 0x0df4  [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] D:\program files\CCleaner\CCleaner.exe
01:39:27.0522 0x0df4  CCleaner Monitoring - ok
01:39:27.0538 0x0df4  [ BDC28D69C3AB3AD7C3188CF2843F6927, EC7D422E4BCE106047AAAA81E5F965061EEA9F3FD52FC645E241F1E24690D3FC ] D:\program files\RoboTaskBarIcon.exe
01:39:27.0538 0x0df4  RoboForm - ok
01:39:27.0600 0x0df4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Users\Administrator 1\AppData\Local\Google\Update\GoogleUpdate.exe
01:39:27.0600 0x0df4  Google Update - ok
01:39:27.0647 0x0df4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
01:39:27.0663 0x0df4  Sidebar - ok
01:39:27.0678 0x0df4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
01:39:27.0694 0x0df4  mctadmin - ok
01:39:27.0725 0x0df4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
01:39:27.0756 0x0df4  Sidebar - ok
01:39:27.0756 0x0df4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
01:39:27.0756 0x0df4  mctadmin - ok
01:39:27.0803 0x0df4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
01:39:27.0819 0x0df4  Sidebar - ok
01:39:27.0850 0x0df4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
01:39:27.0850 0x0df4  mctadmin - ok
01:39:27.0850 0x0df4  [ BDC28D69C3AB3AD7C3188CF2843F6927, EC7D422E4BCE106047AAAA81E5F965061EEA9F3FD52FC645E241F1E24690D3FC ] D:\program files\RoboTaskBarIcon.exe
01:39:27.0850 0x0df4  RoboForm - ok
01:39:28.0021 0x0df4  [ F308D7378BF60B91DA495FCAA1C216E7, 7D67B6D1CE11685F87B3CF9689AF0B089D3340A72C7A0B9633C826AEE49B405E ] D:\program files\CCleaner\CCleaner.exe
01:39:28.0115 0x0df4  CCleaner Monitoring - ok
01:39:28.0115 0x0df4  Waiting for KSN requests completion. In queue: 28
01:39:29.0129 0x0df4  Waiting for KSN requests completion. In queue: 28
01:39:30.0143 0x0df4  Waiting for KSN requests completion. In queue: 28
01:39:31.0157 0x0df4  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
01:39:31.0157 0x0df4  Win FW state via NFP2: enabled
01:39:33.0684 0x0df4  ============================================================
01:39:33.0684 0x0df4  Scan finished
01:39:33.0684 0x0df4  ============================================================
01:39:33.0684 0x0d70  Detected object count: 0
01:39:33.0684 0x0d70  Actual detected object count: 0

 

At least three times while the scan was running MSE popped  up with it's usual warning about Trojan!

 

AdwCleaner log follows

 

# AdwCleaner v4.000 - Report created 16/10/2014 at 01:45:47
# Updated 12/10/2014 by Xplode
# Database : 2014-10-15.7
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Maynardlu - MAYNARDLU-PC
# Running from : C:\Users\Maynardlu\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Maynardlu\AppData\LocalLow\Toolbar4

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.2

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v28.0 (en-US)

-\\ Google Chrome v37.0.2062.124

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [17604 octets] - [21/09/2014 03:32:40]
AdwCleaner[R1].txt - [2137 octets] - [23/09/2014 22:55:42]
AdwCleaner[R2].txt - [2197 octets] - [23/09/2014 22:59:01]
AdwCleaner[R3].txt - [3387 octets] - [16/10/2014 01:45:47]
AdwCleaner[S0].txt - [18080 octets] - [21/09/2014 03:37:58]
AdwCleaner[S1].txt - [2270 octets] - [23/09/2014 22:59:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [3568 octets] ##########

 

 

besides coupon printer  I see nothing  that I know about?

toolbar4 I don't know what that is !

Have a good one Stan

Later
 



#10 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 16 October 2014 - 03:48 PM

Hello maynardly,
 

Do you still experience warnings from MSE? I see you have mentioned that there were warnings during the scan with TDSSKiller, but do you experience the initial popups when you start the system?

 

********************

Please, scan again the system with AdwCleaner. This time, after the scan has finished, uncheck the following entries under the Registry tab:

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
  • After you have done that, please, push the Clean button.
  • Press OK when the tool prompt you to close all running programs.
  • When asked to restart the system so AdwCleaner can complete the removal process, please, press OK.
  • After the reboot, a log will automatically open. The report should be named AdwCleaner[S#].txt

Please, copy the content of the log in your next reply.

********************

Please, download the latest version of FRST on your desktop. When you start the tool, please, check the checkbox in front of Addition.txt in the Optional Scan section. Then run a new scan with the tool as explained in post number 4.

********************
 

In your next post, I will be waiting for:

  • Answer to my question above.
  • Log from AdwCleaner.
  • FRST.txt and Addition.txt

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#11 maynardlu

maynardlu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 17 October 2014 - 12:59 AM

Hello again Stan,
Yes I receive the warning from MSE every time I boot comp or run an A/V related program
AdwCleaner log follows


# AdwCleaner v4.000 - Report created 17/10/2014 at 01:44:30
# DB v2014-10-16.8
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Maynardlu - MAYNARDLU-PC
# Running from : C:\Users\Maynardlu\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Maynardlu\AppData\LocalLow\Toolbar4

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.2

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v28.0 (en-US)


-\\ Google Chrome v37.0.2062.124


*************************

AdwCleaner[R0].txt - [17604 octets] - [21/09/2014 03:32:40]
AdwCleaner[R1].txt - [2137 octets] - [23/09/2014 22:55:42]
AdwCleaner[R2].txt - [2197 octets] - [23/09/2014 22:59:01]
AdwCleaner[R3].txt - [3648 octets] - [16/10/2014 01:45:47]
AdwCleaner[R4].txt - [3708 octets] - [17/10/2014 01:40:44]
AdwCleaner[S0].txt - [18080 octets] - [21/09/2014 03:37:58]
AdwCleaner[S1].txt - [2270 octets] - [23/09/2014 22:59:59]
AdwCleaner[S2].txt - [3624 octets] - [17/10/2014 01:44:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3684 octets] ##########

I don't know if I messed up or what but I didn't run AdwCleaner as administrator?

FRST I ran as administrator
logs follow


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2014
Ran by Maynardlu (administrator) on MAYNARDLU-PC on 17-10-2014 01:55:10
Running from C:\Users\Maynardlu\Desktop
Loaded Profile: Maynardlu (Available profiles: Maynardlu & Carolyn & maribel & Administrator 1 & UpdatusUser & Liz)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Siber Systems) D:\program files\robotaskbaricon.exe
(Piriform Ltd) D:\program files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\Run: [CCleaner Monitoring] => D:\program files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\Run: [RoboForm] => D:\program files\RoboTaskBarIcon.exe [111320 2014-10-14] (Siber Systems)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {0bfa8687-cc14-11df-88a4-806e6f6e6963} - I:\EIVCD.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {14159878-938c-11e2-8973-001cc02bf97d} - K:\LGAutoRun.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {60913ee8-923b-11e0-beba-001cc02bf97d} - R:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {b60341ed-8f92-11e2-897d-001cc02bf97d} - H:\LGAutoRun.exe
Startup: C:\Users\Administrator 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Carolyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\maribel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
GroupPolicyUsers\S-1-5-21-1681582941-3042821878-2095393726-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x577EFF3EA4E4CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://www.yahoo.com/?fr=befhp&type=iehp-3.14-1305
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
URLSearchHook: HKCU - (No Name) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - No File
SearchScopes: HKLM - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^0D^xdm260^YY^us&ptb=2F789605-9A9E-45F5-965E-6AC922FC0587&ind=2013051723&n=77fcbb4b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm070^YY^us&si=59605&ptb=69F6E57C-9555-4300-A0DB-B717D2812FEE&ind=2012090220&n=77ee0f6c&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^man000^YYA^&ptb=90CB7B3D-D6A5-4183-AAD7-83CAFE36B9FE&psa=&ind=2014041219&st=sb&n=780bd483&searchfor={searchTerms}
SearchScopes: HKCU - {091F9848-312A-45F5-B67F-EFF6CC84ADBA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3231939&CUI=UN10125167982720828&UM=2
SearchScopes: HKCU - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL =
SearchScopes: HKCU - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL =
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^man000^YYA^&ptb=90CB7B3D-D6A5-4183-AAD7-83CAFE36B9FE&psa=&ind=2014041219&st=sb&n=780bd483&searchfor={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> D:\program files\roboform.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\program files\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - D:\program files\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Maynardlu\AppData\Roaming\Mozilla\Firefox\Profiles\ihx5kcxh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - D:\program files\Firefox
FF Extension: RoboForm Toolbar for Firefox - D:\program files\Firefox [2010-10-12]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - D:\program files\Firefox

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (RoboForm) - C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-10-15]
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM\...\Chrome\Extension: [dmgonlhnmmomeoojpibabenofffojbll] - C:\Users\Maynardlu\AppData\Local\CRE\dmgonlhnmmomeoojpibabenofffojbll.crx []
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - D:\program files\Chrome\rf-chrome.crx [2014-10-14]
CHR HKCU\...\Chrome\Extension: [dmgonlhnmmomeoojpibabenofffojbll] - C:\Users\Maynardlu\AppData\Local\CRE\dmgonlhnmmomeoojpibabenofffojbll.crx [2014-10-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon) [File not signed]
S4 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14573856 2013-08-27] (NVIDIA Corporation)
S4 Secunia PSI Agent; D:\program files\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
S4 Secunia Update Agent; D:\program files\PSI\sua.exe [399416 2011-01-10] (Secunia)
S4 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-25] (SigmaTel, Inc.) [File not signed]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-13] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-03-24] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-03-24] () [File not signed]
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21792 2011-04-13] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-08-20] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-25] (SigmaTel, Inc.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 MSICDSetup; \??\M:\CDriver.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 XDva402; \??\C:\Windows\system32\XDva402.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva406; \??\C:\Windows\system32\XDva406.sys [X]
S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 01:55 - 2014-10-17 01:56 - 00017535 ____C () C:\Users\Maynardlu\Desktop\FRST.txt
2014-10-17 01:53 - 2014-10-17 01:53 - 01102848 ____C (Farbar) C:\Users\Maynardlu\Desktop\FRST.exe
2014-10-17 01:45 - 2014-10-17 01:45 - 00000314 ____C () C:\Windows\PFRO.log
2014-10-17 01:17 - 2014-10-17 01:45 - 00000112 ____C () C:\Windows\setupact.log
2014-10-17 01:17 - 2014-10-17 01:17 - 00000000 ____C () C:\Windows\setuperr.log
2014-10-16 01:44 - 2014-10-16 01:44 - 01976320 ____C () C:\Users\Maynardlu\Desktop\AdwCleaner.exe
2014-10-15 04:37 - 2014-10-15 04:38 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Local\Windows Live
2014-10-15 04:36 - 2014-10-15 04:37 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Local\{1F38A5C3-9C00-4DD7-8C0B-F9E38F1171AB}
2014-10-14 21:22 - 2014-10-14 21:22 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-10-14 17:54 - 2014-10-14 17:54 - 04181856 ____C (Kaspersky Lab ZAO) C:\Users\Maynardlu\Desktop\tdsskiller.exe
2014-10-13 21:51 - 2014-10-13 21:51 - 00016394 ____C () C:\Users\Liz\Documents\written report chemistry.odt
2014-10-13 21:27 - 2014-10-13 21:27 - 00000000 ___DC () C:\Users\Liz\AppData\Roaming\OpenOffice.org
2014-10-13 20:43 - 2014-10-13 20:43 - 00000000 ___DC () C:\Users\Liz\AppData\Local\Adobe
2014-10-13 02:38 - 2014-10-13 02:38 - 00003521 ____C () C:\Users\Maynardlu\Desktop\aswMBR.txt
2014-10-13 02:38 - 2014-10-13 02:38 - 00000512 ____C () C:\Users\Maynardlu\Desktop\MBR.dat
2014-10-13 01:36 - 2014-10-17 01:55 - 00000000 ___DC () C:\FRST
2014-10-09 07:18 - 2014-10-09 07:18 - 00065160 ____C () C:\Users\Carolyn\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-07 01:59 - 2014-10-07 01:59 - 00002498 ____C () C:\Users\Maynardlu\Desktop\attach.zip
2014-10-07 01:40 - 2014-10-07 01:40 - 00007951 ____C () C:\Users\Maynardlu\Desktop\attach.txt
2014-10-07 01:40 - 2014-10-07 01:39 - 00016310 ____C () C:\Users\Maynardlu\Desktop\dds.txt
2014-10-07 01:38 - 2014-10-07 01:38 - 00688992 ___RC (Swearware) C:\Users\Maynardlu\Desktop\dds.com
2014-10-01 19:39 - 2014-10-01 19:39 - 09317168 ____C (ESET, spol. s r.o.) C:\Users\Maynardlu\Downloads\eset_sysrescue_live_creator_enu.exe
2014-10-01 16:13 - 2014-10-01 16:13 - 142546944 ____C () C:\Users\Maynardlu\Downloads\rescue-cd-3.16-63801.iso
2014-10-01 15:46 - 2014-10-01 15:53 - 00000000 ___DC () C:\Users\Maynardlu\Documents\My ISO Files
2014-10-01 15:45 - 2014-10-01 15:45 - 04384520 ____C (EZB Systems, Inc. ) C:\Users\Maynardlu\Downloads\uiso9_pe.exe
2014-10-01 14:59 - 2014-10-01 15:01 - 303190016 ____C () C:\Users\Maynardlu\Downloads\kav_rescue_10.iso
2014-10-01 11:25 - 2014-10-01 11:25 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 02:24 - 2014-10-01 02:24 - 00002124 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-01 02:24 - 2014-10-01 02:24 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2014-10-01 02:14 - 2014-10-01 02:14 - 01944824 ____C (Bleeping Computer, LLC) C:\Users\Maynardlu\Desktop\rkill.exe
2014-10-01 02:11 - 2014-10-01 02:15 - 00002038 ____C () C:\Users\Maynardlu\Desktop\Rkill.txt
2014-09-28 18:27 - 2014-09-28 18:27 - 00000000 ____C () C:\Users\Maynardlu\Downloads\3ursnk3b.reg
2014-09-28 18:27 - 2014-09-28 18:27 - 00000000 ____C () C:\Users\Maynardlu\Downloads\3ursnk3b.bat
2014-09-28 18:11 - 2014-09-28 18:11 - 00002361 ____C () C:\Users\Maynardlu\Documents\gmer 9.28.14.log
2014-09-28 17:39 - 2014-09-28 17:39 - 00380416 ____C () C:\Users\Maynardlu\Downloads\3ursnk3b.exe
2014-09-28 16:07 - 2014-09-28 16:09 - 158692152 ____C () C:\Users\Maynardlu\Downloads\setup_11.0.3.7.x01_2014_09_28_22_27.exe
2014-09-28 15:30 - 2014-09-28 15:30 - 00179600 ____C (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.a2d9.deleteme
2014-09-28 15:26 - 2014-09-28 15:39 - 00000000 ___DC () C:\Program Files\stinger
2014-09-25 16:36 - 2014-09-25 16:36 - 00002212 ____C () C:\Users\Administrator 1\Desktop\Google Chrome.lnk
2014-09-25 07:56 - 2014-09-25 07:56 - 02079600 ____C (Coupons.com Incorporated) C:\Users\Carolyn\Downloads\CouponPrinter (2).exe
2014-09-23 23:03 - 2014-09-23 23:03 - 00000069 ____C () C:\Windows\NeroDigital.ini
2014-09-22 02:35 - 2014-09-22 02:35 - 00000000 ___DC () C:\LGMobileUpgrade
2014-09-22 02:23 - 2014-09-22 02:30 - 00000838 ____C () C:\Users\Administrator 1\Desktop\LGMobile Support Tool.lnk
2014-09-22 02:23 - 2014-09-22 02:30 - 00000838 _____ () C:\Users\UpdatusUser.Maynardlu-PC\Desktop\LGMobile Support Tool.lnk
2014-09-21 11:04 - 2014-09-21 11:04 - 02079600 ____C (Coupons.com Incorporated) C:\Users\Carolyn\Downloads\CouponPrinter (1).exe
2014-09-21 03:33 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-21 03:32 - 2014-10-17 01:44 - 00000000 ___DC () C:\AdwCleaner
2014-09-21 03:03 - 2014-09-23 22:08 - 00006075 ____C () C:\Users\Maynardlu\Documents\aswMBR.txt
2014-09-21 03:03 - 2014-09-23 22:08 - 00000512 ____C () C:\Users\Maynardlu\Documents\MBR.dat
2014-09-21 01:54 - 2014-09-28 16:10 - 00000000 ___DC () C:\ProgramData\Kaspersky Lab
2014-09-21 01:54 - 2014-09-21 01:54 - 00000000 ___DC () C:\Program Files\Kaspersky Lab

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 01:56 - 2014-08-17 21:19 - 00000356 ____C () C:\Windows\Tasks\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000.job
2014-10-17 01:53 - 2009-07-14 00:34 - 00022592 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 01:53 - 2009-07-14 00:34 - 00022592 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 01:49 - 2013-10-20 13:18 - 01250626 ____C () C:\Windows\WindowsUpdate.log
2014-10-17 01:46 - 2011-08-16 18:38 - 00000882 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 01:45 - 2009-07-14 00:53 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-10-17 01:43 - 2010-11-30 19:13 - 00000948 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003UA.job
2014-10-17 01:26 - 2011-08-16 18:38 - 00000886 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 01:19 - 2013-03-20 03:34 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 20:46 - 2012-07-27 20:41 - 00000936 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001UA.job
2014-10-16 20:46 - 2012-07-27 20:41 - 00000914 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001Core.job
2014-10-16 16:43 - 2010-11-30 19:12 - 00000896 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003Core.job
2014-10-16 13:50 - 2014-08-26 01:35 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Local\Adobe
2014-10-16 13:50 - 2012-07-19 13:01 - 00701104 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-16 13:50 - 2011-06-02 02:30 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-16 01:30 - 2014-05-05 03:51 - 00110296 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 20:43 - 2014-09-09 17:29 - 00000000 ___DC () C:\Users\Liz\AppData\Roaming\Adobe
2014-10-09 03:05 - 2013-03-18 02:55 - 00000000 ___DC () C:\Program Files\LG Electronics
2014-10-02 17:16 - 2011-09-21 14:25 - 00065160 ____C () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-10-02 07:00 - 2011-08-16 18:38 - 00000000 ___DC () C:\Program Files\Google
2014-10-02 07:00 - 2010-09-29 21:13 - 00000000 __HDC () C:\Program Files\InstallShield Installation Information
2014-10-01 22:22 - 2011-08-16 18:38 - 00000000 ___DC () C:\ProgramData\Google
2014-10-01 22:22 - 2010-09-29 21:59 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Local\Google
2014-10-01 22:21 - 2010-09-29 21:26 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Roaming\Skype
2014-10-01 22:21 - 2010-09-29 21:26 - 00000000 ___DC () C:\ProgramData\Skype
2014-10-01 02:46 - 2010-09-29 15:36 - 00778834 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-10-01 02:24 - 2011-01-30 14:31 - 00001945 ____C () C:\Windows\epplauncher.mif
2014-09-30 13:13 - 2010-11-11 03:06 - 00000695 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-30 07:19 - 2013-10-26 18:06 - 00000000 ___DC () C:\Program Files\Coupons
2014-09-30 07:19 - 2012-08-15 12:04 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-09-25 16:36 - 2010-11-24 13:06 - 00000632 _RSHC () C:\Users\Administrator 1\ntuser.pol
2014-09-25 16:36 - 2010-11-24 13:06 - 00000000 __HDC () C:\Users\Administrator 1
2014-09-23 23:03 - 2013-01-02 23:39 - 00000086 ____C () C:\Users\Maynardlu\AppData\default.pls
2014-09-23 21:28 - 2010-09-29 15:34 - 00000000 ___DC () C:\Users\Maynardlu
2014-09-22 02:46 - 2013-03-18 02:52 - 00000000 ___DC () C:\ProgramData\LGMOBILEAX
2014-09-22 02:41 - 2010-09-29 16:08 - 00231568 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 02:31 - 2013-03-18 02:53 - 00000000 ___DC () C:\LGMS770
2014-09-22 02:30 - 2013-03-18 02:52 - 00002411 ____C () C:\Windows\system32\lgAxconfig.ini
2014-09-21 06:18 - 2014-09-09 17:29 - 00000000 ___DC () C:\Users\Liz
2014-09-21 06:18 - 2013-08-30 18:42 - 00000000 ___DC () C:\Users\UpdatusUser.Maynardlu-PC
2014-09-21 06:18 - 2010-09-29 17:43 - 00000000 ___DC () C:\Users\Carolyn
2014-09-21 06:18 - 2010-09-29 16:41 - 00000000 ___DC () C:\Users\maribel
2014-09-21 06:18 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\system32\wfp
2014-09-21 06:18 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\registration
2014-09-19 12:29 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\AppCompat
2014-09-19 12:29 - 2009-07-13 22:37 - 00000000 ___DC () C:\Program Files\Common Files\microsoft shared
2014-09-19 12:28 - 2014-05-15 14:25 - 00000000 __SDC () C:\Windows\system32\CompatTel
2014-09-19 12:28 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\system32\NDF
2014-09-19 12:28 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\schemas
2014-09-19 12:28 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-19 03:12 - 2009-07-14 00:56 - 00000000 ___DC () C:\Windows\DigitalLocker
2014-09-18 23:03 - 2014-09-09 17:29 - 00002212 ____C () C:\Users\Liz\Desktop\Google Chrome.lnk
2014-09-17 05:29 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\Microsoft.NET

Some content of TEMP:
====================
C:\Users\Maynardlu\AppData\Local\Temp\Quarantine.exe
C:\Users\Maynardlu\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 08:41

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2014
Ran by Maynardlu at 2014-10-17 01:56:34
Running from C:\Users\Maynardlu\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Catalina Savings Printer (HKLM\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
EASEUS Partition Master 8.0.1 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
IHA_MessageCenter (HKLM\...\{3EECDAD2-50D8-41B2-A8BA-359ED85D2D5F}) (Version: 1.9.1 - Verizon)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{8C6CB33A-AA86-446C-8C4D-304A7FA51033}) (Version: 8.10.380 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.6.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Update 8.3.14 (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 8.3.14 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)
OpenOffice.org 3.4 (HKLM\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
Redist (HKLM\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
RoboForm 7-9-10-1 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems)
Secunia PSI (2.0.0.3001) (HKLM\...\Secunia PSI) (Version: - )
SecurDisc Viewer (HKLM\...\{B941B1C3-40AF-4E1E-AA5F-ED99EDEA1033}) (Version: 1.2.8 - Nero AG)
SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden
ShopAtHome.com Helper (HKLM\...\ShopAtHome.com Helper) (Version: 7.0.6.8 - ShopAtHome.com) <==== ATTENTION
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5205.0 - SigmaTel)
Speccy (HKLM\...\Speccy) (Version: 1.07 - Piriform)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Verizon Media Manager (HKLM\...\Verizon Media Manager) (Version: 9.6.12 - Verizon)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
Wrapper (HKLM\...\{394E7D98-28C7-4CD8-B503-7E43BC43A0F2}) (Version: 1.00.0000 - Verizon)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1681582941-3042821878-2095393726-1000_Classes\CLSID\{0067DBFC-A752-458C-AE6E-B9C7E63D4824}\InprocServer32 -> C:\Users\Maynardlu\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection32.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-1681582941-3042821878-2095393726-1000_Classes\CLSID\{33DDB83C-9959-4AC1-990C-00D28FFBB37F}\InprocServer32 -> C:\Users\Maynardlu\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection32.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-1681582941-3042821878-2095393726-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\MAYNAR~1\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe (the data entry has 7 more characters).

==================== Restore Points =========================

12-10-2014 19:02:49 Microsoft Antimalware Checkpoint
12-10-2014 23:00:31 Windows Backup
13-10-2014 13:25:01 Windows Update
14-10-2014 15:38:05 Microsoft Antimalware Checkpoint
15-10-2014 16:11:17 Microsoft Antimalware Checkpoint
17-10-2014 05:18:35 Microsoft Antimalware Checkpoint
17-10-2014 05:28:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {020E7EC4-107A-4D88-AC6F-9D3825FDBE05} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001UA => C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-27] (Facebook Inc.)
Task: {03CDBD10-F109-4B72-BFC0-9FEDD9D857BF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {0B3BDBB1-C279-4569-A158-98E502872C29} - System32\Tasks\CCleanerSkipUAC => D:\program files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {0E911284-29F5-42D9-9EFE-F0B2F43A27E6} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-01] (Microsoft Corporation)
Task: {1DDC83BE-C334-4838-9AE3-7D07F0DD24B3} - System32\Tasks\Security Center Update - 1014852971 => C:\Users\Carolyn\AppData\Roaming\Ryefqit\tyixf.exe <==== ATTENTION
Task: {1E17C717-ADBC-4903-9DB9-F3314880B971} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1EBD945D-9B67-4370-80D6-8A0311876C19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-16] (Adobe Systems Incorporated)
Task: {24A45CD7-645D-4BB9-886B-C5BBFCDC3611} - System32\Tasks\Security Center Update - 2902965781 => C:\Users\Carolyn\AppData\Roaming\Tuykezry\vydeav.exe <==== ATTENTION
Task: {4D2DD5F1-0788-4C64-80E7-EA601012D7C3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {4DE3D4F7-5D19-4945-A99B-0212FE5F6D08} - System32\Tasks\Run RoboForm TaskBar Icon => D:\program files\RoboTaskBarIcon.exe [2014-10-14] (Siber Systems)
Task: {5916D56E-8F00-41A4-A82E-75EFAF4069ED} - System32\Tasks\{CEFDB6A3-2ADB-44A4-BF19-0BB0AD57F792} => C:\Program Files\Skype\Phone\Skype.exe
Task: {6D293744-B747-4728-9A81-6E0A2BB7DFF0} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMKMJJPMHMKMKJJMCNPMMMOJJMCNLMNMOMKMCNNJLJHMLJCNGMOMLJNJLMJJNMNMGMMMLJMJJNJICMJMCNOMPMCNOMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMMJBJKJLIMJFMPMJNHICMMJBJKJLIMJJNBJCMCLOJGIBJOJNILJDJKIJNKJCMJNNICMJNDJCMKJBJ"
Task: {6DB90204-F93E-4AF5-9D0B-2D3A1AE87327} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {7220306E-EEC3-42DD-B70D-3655DB1FCC15} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {885D60D2-1BA6-4173-A1E7-B86476E613CD} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMKMJJPMHMKMKJJMCNPMMMOJJMCNLMNMOMKMCNNJLJHMLJCNGMOMLJNJLMJJNMNMGMMMLJMJJNJICMIMCNGMCNOMPMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMIJAJAJIJDJFMPMJNHICMMJBJKJLIMJJNBJCMLLKJBJBJGJMIPNDLKILJIIGJIJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMOMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {B8C3C664-C8FC-4399-86C3-9E66EBB16519} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003UA => C:\Users\Administrator 1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-30] (Google Inc.)
Task: {C0989217-FCA3-4A14-8C9B-53CA734A0EC4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001Core => C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-27] (Facebook Inc.)
Task: {C7CBBB50-87F4-4706-B711-4377479AE95B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {D3A30FC5-7126-481C-A119-6FFEFDB08FFA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DC9DBFC8-F751-4F2D-BD8C-65DFB0A0AF21} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003Core => C:\Users\Administrator 1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-30] (Google Inc.)
Task: {DE92EF7C-D16F-4649-8787-171A9DCDA7B8} - System32\Tasks\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
Task: {EE8EE900-ED9C-4B5F-A9AC-765AC535B4ED} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {F3126423-EDA0-4CD3-A402-723258012F12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001Core.job => C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001UA.job => C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003Core.job => C:\Users\Administrator 1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003UA.job => C:\Users\Administrator 1\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-10-30 19:09 - 2006-10-18 06:36 - 00045056 _____ () C:\Windows\System32\lxctpmon.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\08839049.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25342297.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08839049.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25342297.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CouponXplorer_5zService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: lxct_device => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: RUBotSrv => 2
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^What's my computer doing.lnk => C:\Windows\pss\What's my computer doing.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Maynardlu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BackgroundContainer => "C:\Windows\system32\Rundll32.exe" "C:\Users\Maynardlu\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: ccleaner => "D:\program files\CCleaner\CCleaner.exe" /AUTO
MSCONFIG\startupreg: CouponAlert_2p Browser Plugin Loader => C:\PROGRA~1\COUPON~2\bar\1.bin\2pbrmon.exe
MSCONFIG\startupreg: CouponXplorer Search Scope Monitor => "C:\PROGRA~1\COUPON~2\bar\5.bin\5zsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: CouponXplorer_5z Browser Plugin Loader => C:\PROGRA~1\COUPON~2\bar\3.bin\5zbrmon.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Maynardlu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "D:\program files\iTunesHelper.exe"
MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: Lexmark 5400 Series Fax Server => "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
MSCONFIG\startupreg: lxctmon.exe => "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "D:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: Nvtmru => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Price Finder => C:\Program Files\Price Finder\PriceFinderHelper.exe /check
MSCONFIG\startupreg: QuickTime Task => "D:\program files\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoboForm => "D:\program files\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: SelectRebates => C:\Program Files\SelectRebates\SelectRebates.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Carolyn\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: SigmatelSysTrayApp => sttray.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TelevisionFanatic Browser Plugin Loader => C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe
MSCONFIG\startupreg: TelevisionFanatic Search Scope Monitor => "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: TotalRecipeSearch_14 Browser Plugin Loader => C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe
MSCONFIG\startupreg: Trend Micro RUBotted V2.0 Beta => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
MSCONFIG\startupreg: Verizon Media Manager => C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe 0

========================= Accounts: ==========================

Administrator (S-1-5-21-1681582941-3042821878-2095393726-500 - Administrator - Disabled)
Administrator 1 (S-1-5-21-1681582941-3042821878-2095393726-1003 - Administrator - Enabled) => C:\Users\Administrator 1
Carolyn (S-1-5-21-1681582941-3042821878-2095393726-1001 - Limited - Enabled) => C:\Users\Carolyn
Guest (S-1-5-21-1681582941-3042821878-2095393726-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1681582941-3042821878-2095393726-1005 - Limited - Enabled)
Liz (S-1-5-21-1681582941-3042821878-2095393726-1009 - Limited - Enabled) => C:\Users\Liz
maribel (S-1-5-21-1681582941-3042821878-2095393726-1002 - Limited - Enabled) => C:\Users\maribel
Maynardlu (S-1-5-21-1681582941-3042821878-2095393726-1000 - Administrator - Enabled) => C:\Users\Maynardlu
UpdatusUser (S-1-5-21-1681582941-3042821878-2095393726-1008 - Limited - Enabled) => C:\Users\UpdatusUser.Maynardlu-PC

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2014 01:18:32 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {56a6eaf7-b765-4fed-8c3a-2e5771faea35}

Error: (10/17/2014 01:17:50 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 01:17:50 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 01:17:50 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 01:17:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (10/17/2014 01:17:47 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 01:17:47 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/17/2014 01:17:47 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 01:17:47 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 01:17:47 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))


System errors:
=============
Error: (10/17/2014 01:18:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (10/17/2014 01:18:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (10/17/2014 01:18:07 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/17/2014 01:17:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/17/2014 01:17:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (10/15/2014 00:10:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/15/2014 00:10:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (10/14/2014 11:37:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/14/2014 11:37:20 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (10/12/2014 03:49:56 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (10/17/2014 01:18:32 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {56a6eaf7-b765-4fed-8c3a-2e5771faea35}

Error: (10/17/2014 01:17:50 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 01:17:50 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 01:17:50 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/17/2014 01:17:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (10/17/2014 01:17:47 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (10/17/2014 01:17:47 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/17/2014 01:17:47 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (10/17/2014 01:17:47 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (10/17/2014 01:17:47 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 3578.68 MB
Available physical RAM: 2312.83 MB
Total Pagefile: 9998.97 MB
Available Pagefile: 8755.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.32 MB

==================== Drives ================================

Drive c: (windows) (Fixed) (Total:93.15 GB) (Free:47.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (AOL downloads) (Fixed) (Total:93.15 GB) (Free:92.56 GB) NTFS
Drive e: () (Fixed) (Total:93.15 GB) (Free:54.59 GB) NTFS
Drive f: () (Fixed) (Total:93.15 GB) (Free:87.75 GB) NTFS
Drive g: () (Fixed) (Total:93.15 GB) (Free:81.3 GB) NTFS
Drive h: () (Fixed) (Total:7.78 GB) (Free:7.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: () (Fixed) (Total:141.27 GB) (Free:74.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3E893E89)
Partition 2: (Active) - (Size=93.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=372.6 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D540D540)
Partition 1: (Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=141.3 GB) - (Type=OF Extended)

==================== End Of Log ============================

#12 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 17 October 2014 - 03:04 PM

Hello maynardlu,

I don't know if I messed up or what but I didn't run AdwCleaner as administrator?

 

It wasn't a problem. The tool was able to remove the entries that were checked. I want to note you that an entry related to Coupon Printer for Windows has been removed. The registry key is related to the listing of the program in Uninstall a program section of Control Panel so after the removal, you won't be able to see the software in it. The functionality of the program hasn't changed and this won't affect its performance. You will still be able to uninstall the app by accessing the uninstaller present in the software's Program Files folder.

*******************

Please, can you type here what the actual detection is or make a screenshot of the popup from MSE at boot time? I want to see where does MSE detect the infection. To be clearer enough, here is what I'm referring to:

 

initial location for infection was MBR boot:\device\Harddisk1\DR1 now it has changed to boot\device\Harddisk0\DR0

 

*******************

 

This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached fixlist.txt file and save it to the same location as FRST - Attached File  fixlist.txt   3.24KB   1 downloads

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Desktop.

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.

 

*******************

How is your computer running now? Don't worry if the popups of MSE are still present. I have limited the reasons for this behavior which, looking to the logs, is not related to active infection on the system.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#13 maynardlu

maynardlu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 19 October 2014 - 01:00 AM

Hello again Stan,

 

Sorry to take  so long getting back to you !

 

MSE isn't giving me anymore popups now!!! Yea! lol

 

Last report was on 10/17/2014 @ 1:18am

 

here's  the last one from MSE as to it's location

 

boot:\Device\Harddisk0\DR0

 

Fixlog.txt below

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-10-2014 01
Ran by Maynardlu at 2014-10-19 01:45:22 Run:1
Running from C:\Users\Maynardlu\Desktop
Loaded Profile: Maynardlu (Available profiles: Maynardlu & Carolyn & maribel & Administrator 1 & UpdatusUser & Liz)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-1681582941-3042821878-2095393726-1002\User: Group Policy restriction detected <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - No File
SearchScopes: HKLM - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^0D^xdm260^YY^us&ptb=2F789605-9A9E-45F5-965E-6AC922FC0587&ind=2013051723&n=77fcbb4b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm070^YY^us&si=59605&ptb=69F6E57C-9555-4300-A0DB-B717D2812FEE&ind=2012090220&n=77ee0f6c&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^man000^YYA^&ptb=90CB7B3D-D6A5-4183-AAD7-83CAFE36B9FE&psa=&ind=2014041219&st=sb&n=780bd483&searchfor={searchTerms}
SearchScopes: HKCU - {091F9848-312A-45F5-B67F-EFF6CC84ADBA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3231939&CUI=UN10125167982720828&UM=2
SearchScopes: HKCU - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL =
SearchScopes: HKCU - {5a1d0d31-749c-4186-a295-4106e6e7b26a} URL =
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^man000^YYA^&ptb=90CB7B3D-D6A5-4183-AAD7-83CAFE36B9FE&psa=&ind=2014041219&st=sb&n=780bd483&searchfor={searchTerms}
Toolbar: HKLM - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
Toolbar: HKCU - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
Toolbar: HKCU - No Name - {1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
CHR HKLM\...\Chrome\Extension: [dmgonlhnmmomeoojpibabenofffojbll] - C:\Users\Maynardlu\AppData\Local\CRE\dmgonlhnmmomeoojpibabenofffojbll.crx []
CHR HKCU\...\Chrome\Extension: [dmgonlhnmmomeoojpibabenofffojbll] - C:\Users\Maynardlu\AppData\Local\CRE\dmgonlhnmmomeoojpibabenofffojbll.crx [2014-10-14]
Task: {1DDC83BE-C334-4838-9AE3-7D07F0DD24B3} - System32\Tasks\Security Center Update - 1014852971 => C:\Users\Carolyn\AppData\Roaming\Ryefqit\tyixf.exe <==== ATTENTION
Task: {24A45CD7-645D-4BB9-886B-C5BBFCDC3611} - System32\Tasks\Security Center Update - 2902965781 => C:\Users\Carolyn\AppData\Roaming\Tuykezry\vydeav.exe <==== ATTENTION
Task: {DE92EF7C-D16F-4649-8787-171A9DCDA7B8} - System32\Tasks\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\Windows\Tasks\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
C:\Users\Carolyn\AppData\Roaming\Tuykezry
C:\Users\Carolyn\AppData\Roaming\Ryefqit
C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
C:\Users\Maynardlu\AppData\Local\Temp\Quarantine.exe
C:\Users\Maynardlu\AppData\Local\Temp\sqlite3.dll

 

*****************

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1681582941-3042821878-2095393726-1002\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{274daec0-c4e8-4f30-9e5c-9424990769b9}" => Key deleted successfully.
"HKCR\CLSID\{274daec0-c4e8-4f30-9e5c-9424990769b9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}" => Key deleted successfully.
"HKCR\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key deleted successfully.
"HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{091F9848-312A-45F5-B67F-EFF6CC84ADBA}" => Key deleted successfully.
"HKCR\CLSID\{091F9848-312A-45F5-B67F-EFF6CC84ADBA}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{274daec0-c4e8-4f30-9e5c-9424990769b9}" => Key deleted successfully.
"HKCR\CLSID\{274daec0-c4e8-4f30-9e5c-9424990769b9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}" => Key deleted successfully.
"HKCR\CLSID\{5a1d0d31-749c-4186-a295-4106e6e7b26a}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key deleted successfully.
"HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} => value deleted successfully.
"HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} => value deleted successfully.
"HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} => value deleted successfully.
"HKCR\CLSID\{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dmgonlhnmmomeoojpibabenofffojbll" => Key deleted successfully.
"C:\Users\Maynardlu\AppData\Local\CRE\dmgonlhnmmomeoojpibabenofffojbll.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\dmgonlhnmmomeoojpibabenofffojbll" => Key deleted successfully.
"C:\Users\Maynardlu\AppData\Local\CRE\dmgonlhnmmomeoojpibabenofffojbll.crx" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DDC83BE-C334-4838-9AE3-7D07F0DD24B3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DDC83BE-C334-4838-9AE3-7D07F0DD24B3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1014852971 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1014852971" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24A45CD7-645D-4BB9-886B-C5BBFCDC3611}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24A45CD7-645D-4BB9-886B-C5BBFCDC3611}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2902965781 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2902965781" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE92EF7C-D16F-4649-8787-171A9DCDA7B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE92EF7C-D16F-4649-8787-171A9DCDA7B8}" => Key deleted successfully.
C:\Windows\System32\Tasks\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000" => Key deleted successfully.
C:\Windows\Tasks\CIMT_S-1-5-21-1681582941-3042821878-2095393726-1000.job => Moved successfully.
"C:\Users\Carolyn\AppData\Roaming\Tuykezry" => File/Directory not found.
"C:\Users\Carolyn\AppData\Roaming\Ryefqit" => File/Directory not found.
"C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe" => File/Directory not found.
"C:\Users\Maynardlu\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Maynardlu\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog ====

 

System is running good now

 

I haven't applied any pending MS updates yet waiting for your ok

 

hope we got this thing finally put to rest?

 

Talk to you later Stan

 

Time for me to get something to eat and get to bed



#14 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 19 October 2014 - 09:36 AM

Hello maynardlu,

 

Sorry to take so long getting back to you !

 

It is not a problem at all. In fact, I was travelling yesterday to another city so I didn't have much time to be on my laptop.

 

MSE isn't giving me anymore popups now!!! Yea! lol
Last report was on 10/17/2014 @ 1:18am

 

I'm really glad to hear that. I guess that popups are not appearing at boot time anymore or after a certain tool reboots the system?

 

here's the last one from MSE as to it's location
boot:\Device\Harddisk0\DR0

 

Thank you for the information. I was expecting this to be the answer.

Farbar Recovery Scan Tool was able to handle the lines that I included in the fix, so we are doing great job so far. I want to run two additional scans on the system to see if everything is ok and if so, I will then give you an overview of the situation you were experiencing.

I haven't applied any pending MS updates yet waiting for your ok

 

Excellent. Hold them little more, we will install them at the end. :)

 

Time for me to get something to eat and get to bed

 

Get your rest, there is nothing more important than that.

********************

 

Please, start Malwarebytes' Anti-Malware.

  • When started, please, press the Scan Now >> button.
  • You will be automatically prompted to update the software.
  • Push the Update Now button so the definitions can be downloaded.

Note: If you are prompted that there is new version of the software ready to install, please, choose OK. Install the latest version of Malwarebytes' Anti-Malware and repeat the steps above.

  • The Threat Scan should automatically start.
  • When the scanning process has completed, the results will be displayed.
  • Click on Quarantine All and then choose Apply Actions.

If any malicious entries were detected, Malwarebytes should prompt you that a system reboot is required. Please choose Yes. Otherwise, the detected objects may not be removed.
 

After the reboot:

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom and paste the content of the file in your next reply.

Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

 

Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

 

********************

 

Note: You can use either Internet Explorer or Mozilla Firefox for this scan. You will need to right-click on either the Internet Explorer of Mozilla Firefox icon and choose Run as Administrator.

Please, go to this link to run the scan.

Note: If you are using Mozilla Firefox, you will need to download esetsmartinstaller_enu.exe when prompted. Double-click on the executable to install it.

Note: The below instructions can be used with either Internet Explorer or Mozilla Firefox.

  • When executed, select the option Yes, I accept the Terms of Use and push the Start button.
  • When prompted, allow the Add-on/Active-X control to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Click on Advanced Settings and select the following options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button. The virus signature database will begin to download. Please, note that this may take a while, depending on your network connection.
  • When completed, the Online Scan will start automatically.

Note: Do not use the computer during the scanning process.

  • When completed, select Uninstall application on close, if you want to, but make sure that you copy the logfile first.
  • Push the Finish button.
  • Open the logfile located in C:\Program Files\ESET\EsetOnlineScanner\log.txt via Notepad.

Please, copy and paste the content of the log file in your next reply.

********************

Please, run a new scan with FRST. This step is required so I can inspect the final condition of the system.

********************
 

In your next post, I will be waiting for:

  • Log from Malwarebytes' Anti-Malware.
  • Log from ESET Online Scanner.
  • Log from FRST.

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#15 maynardlu

maynardlu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 21 October 2014 - 03:36 PM

Hello again Stan,

 

No popups at all from MSE and Malwarebytes has a clean scan too!  :)

log follows

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/20/2014
Scan Time: 2:20:13 AM
Logfile: scan log Malwarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.20.02
Rootkit Database: v2014.10.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Maynardlu

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 535904
Time Elapsed: 13 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

I ran ESET and saved log to desktop don't know if I messed up ! No log in location on C:

This is what was saved

 

C:\Users\Administrator 1\Downloads\ccsetup310.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Windows.old\Program Files\COMODO\COMODO Internet Security\s1.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

 

FRST log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014
Ran by Maynardlu (administrator) on MAYNARDLU-PC on 21-10-2014 16:29:13
Running from C:\Users\Maynardlu\Desktop
Loaded Profiles: Maynardlu & Carolyn (Available profiles: Maynardlu & Carolyn & maribel & Administrator 1 & UpdatusUser & Liz)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Piriform Ltd) D:\program files\CCleaner\CCleaner.exe
(Siber Systems) D:\program files\robotaskbaricon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Siber Systems) D:\program files\robotaskbaricon.exe
(Piriform Ltd) D:\program files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\Run: [CCleaner Monitoring] => D:\program files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\Run: [RoboForm] => D:\program files\RoboTaskBarIcon.exe [111320 2014-10-14] (Siber Systems)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {0bfa8687-cc14-11df-88a4-806e6f6e6963} - I:\EIVCD.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {14159878-938c-11e2-8973-001cc02bf97d} - K:\LGAutoRun.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {60913ee8-923b-11e0-beba-001cc02bf97d} - R:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1000\...\MountPoints2: {b60341ed-8f92-11e2-897d-001cc02bf97d} - H:\LGAutoRun.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1001\...\Run: [RoboForm] => D:\program files\RoboTaskBarIcon.exe [111320 2014-10-14] (Siber Systems)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1001\...\Run: [Facebook Update] => C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-27] (Facebook Inc.)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2008-01-04] (Nero AG)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1001\...\Run: [CCleaner Monitoring] => D:\program files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1681582941-3042821878-2095393726-1001\...\MountPoints2: {14159878-938c-11e2-8973-001cc02bf97d} - K:\LGAutoRun.exe
HKU\S-1-5-21-1681582941-3042821878-2095393726-1001\...\MountPoints2: {60913ee8-923b-11e0-beba-001cc02bf97d} - R:\TLBootstrap_WPP.exe
Startup: C:\Users\Administrator 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Carolyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\maribel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x32D158EC92EACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Old Start Page = https://www.yahoo.com/?fr=befhp&type=iehp-3.14-1305
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> D:\program files\roboform.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\program files\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - D:\program files\roboform.dll (Siber Systems Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Maynardlu\AppData\Roaming\Mozilla\Firefox\Profiles\ihx5kcxh.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - D:\program files\Firefox
FF Extension: RoboForm Toolbar for Firefox - D:\program files\Firefox [2010-10-12]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - D:\program files\Firefox

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (RoboForm) - C:\Users\Maynardlu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-10-15]
CHR HKLM\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - D:\program files\Chrome\rf-chrome.crx [2014-10-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-09-05] (Coupons.com Inc.)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S4 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon) [File not signed]
S4 lxct_device; C:\Windows\system32\lxctcoms.exe [537520 2006-11-22] ( )
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14573856 2013-08-27] (NVIDIA Corporation)
S4 Secunia PSI Agent; D:\program files\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
S4 Secunia Update Agent; D:\program files\PSI\sua.exe [399416 2011-01-10] (Secunia)
S4 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-25] (SigmaTel, Inc.) [File not signed]
S4 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-13] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-03-24] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-03-24] () [File not signed]
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30360 2011-09-02] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21792 2011-04-13] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [33568 2013-08-20] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-25] (SigmaTel, Inc.)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 MSICDSetup; \??\M:\CDriver.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 XDva402; \??\C:\Windows\system32\XDva402.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva406; \??\C:\Windows\system32\XDva406.sys [X]
S3 XDva407; \??\C:\Windows\system32\XDva407.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 16:29 - 2014-10-21 16:29 - 00016776 ____C () C:\Users\Maynardlu\Desktop\FRST.txt
2014-10-21 16:22 - 2014-10-21 16:22 - 00000254 ____C () C:\Users\Maynardlu\Desktop\ESET Online.txt
2014-10-19 11:56 - 2014-10-21 01:12 - 00000224 ____C () C:\Windows\setupact.log
2014-10-19 11:56 - 2014-10-19 11:56 - 00000000 ____C () C:\Windows\setuperr.log
2014-10-19 01:43 - 2014-10-21 16:29 - 00000000 ___DC () C:\Users\Maynardlu\Desktop\FRST-OlderVersion
2014-10-17 01:56 - 2014-10-17 01:57 - 00037693 ____C () C:\Users\Maynardlu\Desktop\Addition.txt
2014-10-17 01:53 - 2014-10-21 16:29 - 01102336 ____C (Farbar) C:\Users\Maynardlu\Desktop\FRST.exe
2014-10-16 01:44 - 2014-10-16 01:44 - 01976320 ____C () C:\Users\Maynardlu\Desktop\AdwCleaner.exe
2014-10-15 04:37 - 2014-10-15 04:38 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Local\Windows Live
2014-10-15 04:36 - 2014-10-15 04:37 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Local\{1F38A5C3-9C00-4DD7-8C0B-F9E38F1171AB}
2014-10-14 21:22 - 2014-10-14 21:22 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-10-14 17:54 - 2014-10-14 17:54 - 04181856 ____C (Kaspersky Lab ZAO) C:\Users\Maynardlu\Desktop\tdsskiller.exe
2014-10-13 21:51 - 2014-10-13 21:51 - 00016394 ____C () C:\Users\Liz\Documents\written report chemistry.odt
2014-10-13 21:27 - 2014-10-13 21:27 - 00000000 ___DC () C:\Users\Liz\AppData\Roaming\OpenOffice.org
2014-10-13 20:43 - 2014-10-13 20:43 - 00000000 ___DC () C:\Users\Liz\AppData\Local\Adobe
2014-10-13 02:38 - 2014-10-13 02:38 - 00003521 ____C () C:\Users\Maynardlu\Desktop\aswMBR.txt
2014-10-13 02:38 - 2014-10-13 02:38 - 00000512 ____C () C:\Users\Maynardlu\Desktop\MBR.dat
2014-10-13 01:36 - 2014-10-21 16:29 - 00000000 ___DC () C:\FRST
2014-10-09 07:18 - 2014-10-09 07:18 - 00065160 ____C () C:\Users\Carolyn\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-07 01:59 - 2014-10-07 01:59 - 00002498 ____C () C:\Users\Maynardlu\Desktop\attach.zip
2014-10-07 01:40 - 2014-10-07 01:40 - 00007951 ____C () C:\Users\Maynardlu\Desktop\attach.txt
2014-10-07 01:40 - 2014-10-07 01:39 - 00016310 ____C () C:\Users\Maynardlu\Desktop\dds.txt
2014-10-07 01:38 - 2014-10-07 01:38 - 00688992 ___RC (Swearware) C:\Users\Maynardlu\Desktop\dds.com
2014-10-01 19:39 - 2014-10-01 19:39 - 09317168 ____C (ESET, spol. s r.o.) C:\Users\Maynardlu\Downloads\eset_sysrescue_live_creator_enu.exe
2014-10-01 16:13 - 2014-10-01 16:13 - 142546944 ____C () C:\Users\Maynardlu\Downloads\rescue-cd-3.16-63801.iso
2014-10-01 15:46 - 2014-10-01 15:53 - 00000000 ___DC () C:\Users\Maynardlu\Documents\My ISO Files
2014-10-01 15:45 - 2014-10-01 15:45 - 04384520 ____C (EZB Systems, Inc. ) C:\Users\Maynardlu\Downloads\uiso9_pe.exe
2014-10-01 14:59 - 2014-10-01 15:01 - 303190016 ____C () C:\Users\Maynardlu\Downloads\kav_rescue_10.iso
2014-10-01 11:25 - 2014-10-01 11:25 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 02:24 - 2014-10-01 02:24 - 00002124 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-01 02:24 - 2014-10-01 02:24 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2014-10-01 02:14 - 2014-10-01 02:14 - 01944824 ____C (Bleeping Computer, LLC) C:\Users\Maynardlu\Desktop\rkill.exe
2014-10-01 02:11 - 2014-10-01 02:15 - 00002038 ____C () C:\Users\Maynardlu\Desktop\Rkill.txt
2014-09-28 18:27 - 2014-09-28 18:27 - 00000000 ____C () C:\Users\Maynardlu\Downloads\3ursnk3b.reg
2014-09-28 18:27 - 2014-09-28 18:27 - 00000000 ____C () C:\Users\Maynardlu\Downloads\3ursnk3b.bat
2014-09-28 18:11 - 2014-09-28 18:11 - 00002361 ____C () C:\Users\Maynardlu\Documents\gmer 9.28.14.log
2014-09-28 17:39 - 2014-09-28 17:39 - 00380416 ____C () C:\Users\Maynardlu\Downloads\3ursnk3b.exe
2014-09-28 16:07 - 2014-09-28 16:09 - 158692152 ____C () C:\Users\Maynardlu\Downloads\setup_11.0.3.7.x01_2014_09_28_22_27.exe
2014-09-28 15:30 - 2014-09-28 15:30 - 00179600 ____C (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.a2d9.deleteme
2014-09-28 15:26 - 2014-09-28 15:39 - 00000000 ___DC () C:\Program Files\stinger
2014-09-25 16:36 - 2014-09-25 16:36 - 00002212 ____C () C:\Users\Administrator 1\Desktop\Google Chrome.lnk
2014-09-25 07:56 - 2014-09-25 07:56 - 02079600 ____C (Coupons.com Incorporated) C:\Users\Carolyn\Downloads\CouponPrinter (2).exe
2014-09-23 23:03 - 2014-09-23 23:03 - 00000069 ____C () C:\Windows\NeroDigital.ini
2014-09-22 02:35 - 2014-09-22 02:35 - 00000000 ___DC () C:\LGMobileUpgrade
2014-09-22 02:23 - 2014-09-22 02:30 - 00000838 ____C () C:\Users\Administrator 1\Desktop\LGMobile Support Tool.lnk
2014-09-22 02:23 - 2014-09-22 02:30 - 00000838 _____ () C:\Users\UpdatusUser.Maynardlu-PC\Desktop\LGMobile Support Tool.lnk
2014-09-21 11:04 - 2014-09-21 11:04 - 02079600 ____C (Coupons.com Incorporated) C:\Users\Carolyn\Downloads\CouponPrinter (1).exe
2014-09-21 03:33 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-21 03:32 - 2014-10-17 01:44 - 00000000 ___DC () C:\AdwCleaner
2014-09-21 03:03 - 2014-09-23 22:08 - 00006075 ____C () C:\Users\Maynardlu\Documents\aswMBR.txt
2014-09-21 03:03 - 2014-09-23 22:08 - 00000512 ____C () C:\Users\Maynardlu\Documents\MBR.dat
2014-09-21 01:54 - 2014-09-28 16:10 - 00000000 ___DC () C:\ProgramData\Kaspersky Lab
2014-09-21 01:54 - 2014-09-21 01:54 - 00000000 ___DC () C:\Program Files\Kaspersky Lab

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 16:26 - 2011-08-16 18:38 - 00000886 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 16:19 - 2013-03-20 03:34 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 16:17 - 2013-10-20 13:18 - 01491374 ____C () C:\Windows\WindowsUpdate.log
2014-10-21 15:43 - 2010-11-30 19:13 - 00000948 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003UA.job
2014-10-21 14:46 - 2012-07-27 20:41 - 00000936 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001UA.job
2014-10-21 12:07 - 2011-08-16 18:38 - 00000882 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 01:20 - 2009-07-14 00:34 - 00022592 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 01:20 - 2009-07-14 00:34 - 00022592 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 01:12 - 2009-07-14 00:53 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-10-20 20:46 - 2012-07-27 20:41 - 00000914 ____C () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1001Core.job
2014-10-20 16:43 - 2010-11-30 19:12 - 00000896 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681582941-3042821878-2095393726-1003Core.job
2014-10-20 02:20 - 2014-05-05 03:51 - 00110296 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 18:38 - 2014-09-09 17:29 - 00000008 _RSHC () C:\Users\Liz\ntuser.pol
2014-10-19 18:38 - 2014-09-09 17:29 - 00000000 ___DC () C:\Users\Liz
2014-10-19 13:52 - 2010-09-29 17:43 - 00000008 _RSHC () C:\Users\Carolyn\ntuser.pol
2014-10-19 13:52 - 2010-09-29 17:43 - 00000000 ___DC () C:\Users\Carolyn
2014-10-19 01:50 - 2010-09-29 15:57 - 00000008 _RSHC () C:\Users\Maynardlu\ntuser.pol
2014-10-19 01:50 - 2010-09-29 15:34 - 00000000 ___DC () C:\Users\Maynardlu
2014-10-19 01:45 - 2009-07-13 22:37 - 00000000 __HDC () C:\Windows\system32\GroupPolicy
2014-10-18 21:43 - 2014-06-14 18:53 - 00012426 ____C () C:\Users\Carolyn\Documents\BUDGET 2014W CAR.ods
2014-10-16 13:50 - 2014-08-26 01:35 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Local\Adobe
2014-10-16 13:50 - 2012-07-19 13:01 - 00701104 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-16 13:50 - 2011-06-02 02:30 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-13 20:43 - 2014-09-09 17:29 - 00000000 ___DC () C:\Users\Liz\AppData\Roaming\Adobe
2014-10-09 03:05 - 2013-03-18 02:55 - 00000000 ___DC () C:\Program Files\LG Electronics
2014-10-02 17:16 - 2011-09-21 14:25 - 00065160 ____C () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-10-02 07:00 - 2011-08-16 18:38 - 00000000 ___DC () C:\Program Files\Google
2014-10-02 07:00 - 2010-09-29 21:13 - 00000000 __HDC () C:\Program Files\InstallShield Installation Information
2014-10-01 22:22 - 2011-08-16 18:38 - 00000000 ___DC () C:\ProgramData\Google
2014-10-01 22:22 - 2010-09-29 21:59 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Local\Google
2014-10-01 22:21 - 2010-09-29 21:26 - 00000000 ___DC () C:\Users\Maynardlu\AppData\Roaming\Skype
2014-10-01 22:21 - 2010-09-29 21:26 - 00000000 ___DC () C:\ProgramData\Skype
2014-10-01 02:46 - 2010-09-29 15:36 - 00778834 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-10-01 02:24 - 2011-01-30 14:31 - 00001945 ____C () C:\Windows\epplauncher.mif
2014-09-30 13:13 - 2010-11-11 03:06 - 00000695 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-30 07:19 - 2013-10-26 18:06 - 00000000 ___DC () C:\Program Files\Coupons
2014-09-30 07:19 - 2012-08-15 12:04 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-09-25 16:36 - 2010-11-24 13:06 - 00000632 _RSHC () C:\Users\Administrator 1\ntuser.pol
2014-09-25 16:36 - 2010-11-24 13:06 - 00000000 __HDC () C:\Users\Administrator 1
2014-09-23 23:03 - 2013-01-02 23:39 - 00000086 ____C () C:\Users\Maynardlu\AppData\default.pls
2014-09-22 02:46 - 2013-03-18 02:52 - 00000000 ___DC () C:\ProgramData\LGMOBILEAX
2014-09-22 02:41 - 2010-09-29 16:08 - 00231568 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-22 02:31 - 2013-03-18 02:53 - 00000000 ___DC () C:\LGMS770
2014-09-22 02:30 - 2013-03-18 02:52 - 00002411 ____C () C:\Windows\system32\lgAxconfig.ini
2014-09-21 06:18 - 2013-08-30 18:42 - 00000000 ___DC () C:\Users\UpdatusUser.Maynardlu-PC
2014-09-21 06:18 - 2010-09-29 16:41 - 00000000 ___DC () C:\Users\maribel
2014-09-21 06:18 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\system32\wfp
2014-09-21 06:18 - 2009-07-13 22:37 - 00000000 ___DC () C:\Windows\registration

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 08:41

==================== End Of Log ============================

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users