Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chrome hijacked -- Avast blocking constant harmful webpages/files [Clo


  • This topic is locked This topic is locked

#1
Twins_1997

Twins_1997

    Member

  • Member
  • PipPip
  • 58 posts

Hi -- I'm helping a friend with her infected computer.  She started having issues a few weeks ago -- search engine redirects, pop-ups, etc.  Yourfiledownloader was one infection, also "calcitapp".  I ran Malwarebytes, Adwcleaner, installed Avast, and though things are a bit better, it's clear that something is still lurking because Avast is preventing Chrome from frequent harmful webpages or files.  There are many, many different names, but a few are "sunfuun.com"; "ukusaepicsoftware.net" "toolkitcoupon.us" and "firstblue.eu" among many others .  I've considered uninstalling and reinstalling Chrome, but my gut says that that won't fix the problem. The Avast warnings are occurring several times per minute.  I ran the instructions in the Chrome hijack thread to no avail.  She is running Windows Vista.  Since she lives about a 15 mile round-trip from me and our work schedules differ, I will not be able to perform instructions quite as quickly as a typical home user; if there is going to be any significant delay, I will post to let you know.  Thanks in advance for any assistance.  Here is the OTL log:

====

 

OTL logfile created on: 9/3/2014 1:01:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jared\Desktop\Tools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 27.94% Memory free
4.22 Gb Paging File | 2.26 Gb Available in Paging File | 53.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.85 Gb Total Space | 151.13 Gb Free Space | 67.82% Space Free | Partition Type: NTFS
Drive D: | 10.03 Gb Total Space | 1.34 Gb Free Space | 13.40% Space Free | Partition Type: NTFS
 
Computer Name: JARED-PC | User Name: Jared | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/28 14:41:49 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/08/28 14:41:08 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/08/28 10:28:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jared\Desktop\Tools\OTL.exe
PRC - [2014/05/12 08:18:02 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 08:18:00 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 08:17:54 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/09 09:13:04 | 000,279,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
PRC - [2014/03/26 13:58:59 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2012/01/17 16:09:40 | 001,884,576 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2012/01/17 16:09:38 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2009/09/09 15:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/29 17:27:30 | 000,143,360 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2008/07/03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/04/07 05:56:47 | 000,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2007/04/07 05:56:45 | 000,272,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
PRC - [2007/01/30 12:02:28 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewerS\QuickDCF2.exe
PRC - [2006/08/24 11:45:50 | 000,376,832 | ---- | M] () -- C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/28 14:41:14 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/08/28 14:41:09 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2012/01/17 16:09:50 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2012/01/17 15:27:56 | 000,669,696 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2007/03/05 09:22:02 | 000,081,920 | ---- | M] () -- C:\Program Files\FinePixViewerS\wia_register_event.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006/08/24 11:46:32 | 000,315,392 | ---- | M] () -- C:\Program Files\DigitalPeers\CamTrack\resources.dll
MOD - [2006/08/24 11:45:50 | 000,376,832 | ---- | M] () -- C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2014/08/28 14:41:08 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/07/08 20:28:19 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 08:18:02 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 08:18:00 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/17 16:09:42 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\KmxFilter.sys -- (KmxFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2014/09/03 11:54:57 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/08/28 14:41:47 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/08/28 14:41:16 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/08/28 14:41:16 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/08/28 14:41:16 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/08/28 14:41:16 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/08/28 14:41:16 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/08/28 14:41:16 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/08/28 14:41:16 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/05/12 08:19:22 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 08:19:14 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/05/25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/14 10:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/10/18 11:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/11 15:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2006/08/24 11:47:56 | 000,110,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dptrackerd.sys -- (dptrackerd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{146B2238-BBEC-471C-BC30-5DC5DB2BC879}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKLM\..\SearchScopes\{3643E908-98E6-4AB7-A81E-FA03A71BEB00}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{146B2238-BBEC-471C-BC30-5DC5DB2BC879}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\..\SearchScopes\{3643E908-98E6-4AB7-A81E-FA03A71BEB00}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Program Files\Adanak\bin\Pac9064.js
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/28 14:41:18 | 000,000,000 | ---D | M]
 
[2009/05/28 19:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions
[2009/05/28 19:58:48 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Jared\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: avast! Online Security = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: Ultimate Football Results = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnpobggldcjebejmndignliobeifocj\131\
CHR - Extension: Blipshot  one click screenshots = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf\100\
CHR - Extension: Google Wallet = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Whiskey Militia Countdown Timer = C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemfnmdbgcehmkfbgpcimghoopojjchp\102\
 
O1 HOSTS File: ([2014/09/03 09:13:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.playfreeg...treet-sesh.html" File not found
O4 - Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe ()
O4 - Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DD5F61A-6FDC-489D-9478-9CBC97F3D192}: DhcpNameServer = 71.243.0.12 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E607C5-F7FD-499E-A7E2-AEE6906D3E44}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jared\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jared\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/14 19:58:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/03 09:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/09/03 09:13:08 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/09/03 09:09:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/09/03 09:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/09/03 09:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/09/03 08:52:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/08/28 14:42:23 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Roaming\AVAST Software
[2014/08/28 14:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/08/28 14:41:24 | 000,779,536 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/08/28 14:41:24 | 000,057,800 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/08/28 14:41:23 | 000,414,520 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/08/28 14:41:22 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/08/28 14:41:22 | 000,055,112 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/08/28 14:41:18 | 000,276,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/08/28 14:41:15 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/08/28 14:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/08/28 14:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/08/28 12:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/28 12:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/28 12:37:52 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/08/28 12:36:35 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/28 12:35:43 | 000,000,000 | ---D | C] -- C:\Users\Jared\Desktop\Tools
[2014/08/08 22:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\841eedee619a4b34
[2014/08/08 22:12:25 | 000,000,000 | ---D | C] -- C:\Users\Jared\AppData\Local\Comodo
[2014/08/08 22:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Adanak
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/03 12:41:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/03 12:28:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/03 12:13:33 | 000,015,058 | ---- | M] () -- C:\Users\Jared\Documents\bookmarks_9_3_14.html
[2014/09/03 12:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/03 11:54:57 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/09/03 11:15:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/03 11:15:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/03 09:15:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/03 09:15:03 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/03 09:13:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/09/03 09:08:53 | 000,000,739 | ---- | M] () -- C:\Users\Jared\Desktop\NTREGOPT.lnk
[2014/09/03 08:59:32 | 000,659,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/03 08:59:32 | 000,126,272 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/31 19:02:55 | 000,005,216 | ---- | M] () -- C:\Users\Jared\AppData\Local\d3d9caps.dat
[2014/08/28 19:28:40 | 000,149,024 | ---- | M] () -- C:\Windows\hpoins19.dat
[2014/08/28 17:06:33 | 000,330,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/28 14:41:58 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/08/28 14:41:47 | 000,414,520 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/08/28 14:41:16 | 000,779,536 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/08/28 14:41:16 | 000,192,352 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/08/28 14:41:16 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/08/28 14:41:16 | 000,057,800 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/08/28 14:41:16 | 000,055,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/08/28 14:41:16 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/08/28 14:41:16 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/08/28 14:41:15 | 000,276,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/08/28 14:41:15 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/08/28 14:26:17 | 000,281,796 | ---- | M] () -- C:\Users\Jared\Documents\cc_20140828_142605.reg
[2014/08/28 13:00:45 | 000,000,219 | ---- | M] () -- C:\Windows\SYSTEM.UNV
[2014/08/27 09:38:52 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/08 22:12:28 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
 
========== Files Created - No Company Name ==========
 
[2014/09/03 12:13:33 | 000,015,058 | ---- | C] () -- C:\Users\Jared\Documents\bookmarks_9_3_14.html
[2014/09/03 09:08:53 | 000,000,739 | ---- | C] () -- C:\Users\Jared\Desktop\NTREGOPT.lnk
[2014/08/28 14:41:58 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/08/28 14:41:24 | 000,192,352 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/08/28 14:41:23 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/08/28 14:41:22 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/08/28 14:26:07 | 000,281,796 | ---- | C] () -- C:\Users\Jared\Documents\cc_20140828_142605.reg
[2014/08/28 13:10:11 | 2136,137,728 | -HS- | C] () -- C:\hiberfil.sys
[2014/08/08 22:12:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/06 16:35:30 | 000,000,016 | ---- | C] () -- C:\Users\Jared\AppData\Roaming\reg.dat
[2014/03/30 21:29:39 | 000,002,763 | ---- | C] () -- C:\ProgramData\connector.swf
[2011/01/12 10:48:42 | 002,594,586 | ---- | C] () -- C:\Users\Jared\Nordic Team-2010-2011.mht
[2011/01/12 10:34:41 | 001,895,106 | ---- | C] () -- C:\Users\Jared\Nordic Team 2011.JPG
[2010/07/21 19:27:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/05 09:58:31 | 000,007,257 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/09/01 18:32:27 | 000,006,144 | ---- | C] () -- C:\Users\Jared\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/01 14:55:41 | 000,000,280 | ---- | C] () -- C:\Users\Jared\AppData\Roaming\wklnhst.dat
[2008/09/01 12:57:03 | 000,005,216 | ---- | C] () -- C:\Users\Jared\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/08/28 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\AVAST Software
[2010/07/22 13:41:34 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\CamTrack
[2014/08/15 18:19:53 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\FUJIFILM
[2008/09/01 18:13:51 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Image Zone Express
[2008/09/01 17:55:01 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Printer Info Cache
[2011/05/28 00:24:19 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Snapfish
[2008/09/01 14:55:42 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\Template
[2008/09/01 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\Jared\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >

 

 

 


  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello Twins_1997, welcome to Geeks to Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log

  • 0

#3
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello, 

 

Do you still require assistance?


  • 0

#4
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Hi -- yes, thank you.  Unfortunately, I believe that the soonest that our schedules will allow me to have access to her computer is Wednesday morning.  I'll run these instructions then, unless we're able to find an earlier time.


  • 0

#5
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts
Okay, not a problem. I will look out for your response.
  • 0

#6
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Hi Adam,

 

I've printed your instructions and I'll be heading over to my friend's place first thing tomorrow morning, but I just wanted to ask before I run anything:  should I turn off Avast prior to running Farbar and TDSSKiller? 

 

Thanks,

 

Julie (oops -- I forgot to tell you my name earlier as you requested)

 


  • 0

#7
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Julie, 

 

You need only temporarily disable avast! if the programme blocks the downloading or running of the tools. Otherwise, you can leave it enabled. :)

 

There are some tools that always require the disabling of the resident Anti-Virus, but you will be specifically instructed to do so in these cases.


  • 0

#8
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Hi Adam,

 

I did opt to disable Avast because when I ran FRST the first time, it seemed to hang on "Backing up Registry".  I wasn't sure what was causing that, but rebooting (which I had to do via <ctrl> <alt> <del>), disabling Avast and trying it again was successful, so I'll take it.  I should also mention that when my friend's computer first started exhibiting symptoms, and before she mentioned it to me, she did sign up for the paid version of Malwarebytes, which I believe is still active and running. 

 

Here is the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014
Ran by Jared (administrator) on JARED-PC on 10-09-2014 09:14:45
Running from C:\Users\Jared\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Vimicro Corporation) C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(FUJIFILM Corporation) C:\Program Files\FinePixViewerS\QuickDCF2.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6266880 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [DVDAgent] => c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-09-09] (CyberLink Corp.)
HKLM\...\Run: [VMonitorVMUVC] => C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation)
HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884576 2012-01-17] (Affinegy, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-28] (AVAST Software)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [AdobeUpdater] => C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2321600 2007-03-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1903400887-3625771325-1800999696-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe [460216 2009-01-16] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
ShortcutTarget: Exif Launcher S.lnk -> C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CamTrack.lnk
ShortcutTarget: CamTrack.lnk -> C:\Program Files\DigitalPeers\CamTrack\camtrack.exe ()
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
SearchScopes: HKLM - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo....ing}&fr=hp-psdt
SearchScopes: HKLM - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKCU - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo....ing}&fr=hp-psdt
SearchScopes: HKCU - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/w...}&l=dis&o=uscqd
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-28]

Chrome:
=======
CHR HomePage: Default ->
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (avast! Online Security) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-28]
CHR Extension: (Ultimate Football Results) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnpobggldcjebejmndignliobeifocj [2014-08-16]
CHR Extension: (Blipshot  one click screenshots) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf [2014-08-24]
CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Whiskey Militia Countdown Timer) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemfnmdbgcehmkfbgpcimghoopojjchp [2014-08-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-28]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-01-17] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-28] (AVAST Software)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-28] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-28] ()
S3 dptrackerd; C:\Windows\System32\drivers\dptrackerd.sys [110080 2006-08-24] (Windows ® 2000 DDK provider) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 netr73; C:\Windows\System32\DRIVERS\WUSB54GCx86.sys [256000 2007-03-11] (Ralink Technology Inc.)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [252416 2009-05-25] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [398720 2008-07-01] (Vimicro Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 KmxFilter; system32\DRIVERS\KmxFilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 09:14 - 2014-09-10 09:15 - 00017596 _____ () C:\Users\Jared\Desktop\FRST.txt
2014-09-10 09:03 - 2014-09-10 09:14 - 00000000 ____D () C:\FRST
2014-09-10 09:00 - 2014-09-10 08:57 - 01097728 _____ (Farbar) C:\Users\Jared\Desktop\FRST.exe
2014-09-03 12:13 - 2014-09-03 12:13 - 00015058 _____ () C:\Users\Jared\Documents\bookmarks_9_3_14.html
2014-09-03 09:33 - 2014-09-03 09:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-03 09:29 - 2014-09-03 09:31 - 159428216 _____ () C:\Users\Jared\Downloads\setup_11.0.3.7.x01_2014_08_28_05_43.exe
2014-09-03 09:13 - 2014-09-03 09:13 - 00000000 ____D () C:\_OTM
2014-09-03 09:09 - 2014-09-03 09:09 - 00000000 ____D () C:\Windows\ERDNT
2014-09-03 09:08 - 2014-09-03 09:09 - 00000000 ____D () C:\Program Files\ERUNT
2014-09-03 09:08 - 2014-09-03 09:08 - 00000739 _____ () C:\Users\Jared\Desktop\NTREGOPT.lnk
2014-09-03 09:08 - 2014-09-03 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-09-03 08:52 - 2014-09-03 08:52 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 08:51 - 2014-09-03 08:52 - 01016261 _____ (Thisisu) C:\Users\Jared\Downloads\JRT.exe
2014-08-28 14:42 - 2014-09-10 08:34 - 00000795 _____ () C:\Windows\setupact.log
2014-08-28 14:42 - 2014-08-28 14:42 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\AVAST Software
2014-08-28 14:42 - 2014-08-28 14:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-28 14:41 - 2014-08-28 14:41 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-28 14:41 - 2014-08-28 14:41 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-28 14:41 - 2014-08-28 14:41 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00001879 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-28 14:41 - 2014-08-28 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-28 14:38 - 2014-08-28 14:38 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-28 14:37 - 2014-08-28 14:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-28 14:37 - 2014-08-28 14:37 - 04862664 _____ (AVAST Software) C:\Users\Jared\Downloads\avast_free_antivirus_setup_online.exe
2014-08-28 14:30 - 2014-08-28 14:30 - 00000951 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 14:26 - 2014-08-28 14:26 - 00281796 _____ () C:\Users\Jared\Documents\cc_20140828_142605.reg
2014-08-28 12:58 - 2014-08-28 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 12:52 - 2014-08-28 12:58 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 12:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-28 12:36 - 2014-09-03 09:00 - 00000000 ____D () C:\AdwCleaner
2014-08-28 12:35 - 2014-09-03 13:18 - 00000000 ____D () C:\Users\Jared\Desktop\Tools
2014-08-27 09:36 - 2014-08-27 09:37 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Jared\Downloads\mbam_premium.exe
2014-08-19 20:35 - 2014-08-11 11:36 - 00770384 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 09:15 - 2014-09-10 09:14 - 00017596 _____ () C:\Users\Jared\Desktop\FRST.txt
2014-09-10 09:14 - 2014-09-10 09:03 - 00000000 ____D () C:\FRST
2014-09-10 09:12 - 2010-03-04 20:54 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 09:12 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 09:12 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 09:12 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 08:57 - 2014-09-10 09:00 - 01097728 _____ (Farbar) C:\Users\Jared\Desktop\FRST.exe
2014-09-10 08:57 - 2014-04-06 16:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 08:41 - 2010-03-04 20:54 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 08:36 - 2006-11-02 06:33 - 00783502 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 08:34 - 2014-08-28 14:42 - 00000795 _____ () C:\Windows\setupact.log
2014-09-10 08:28 - 2013-05-21 19:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-07 21:15 - 2006-11-02 09:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-04 21:28 - 2011-07-03 18:29 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\HpUpdate
2014-09-04 20:15 - 2008-09-01 17:24 - 00149024 _____ () C:\Windows\hpoins19.dat
2014-09-04 20:15 - 2008-09-01 17:24 - 00024962 _____ () C:\ProgramData\hpzinstall.log
2014-09-04 20:14 - 2006-11-02 06:23 - 00000676 _____ () C:\Windows\win.ini
2014-09-03 13:18 - 2014-08-28 12:35 - 00000000 ____D () C:\Users\Jared\Desktop\Tools
2014-09-03 12:13 - 2014-09-03 12:13 - 00015058 _____ () C:\Users\Jared\Documents\bookmarks_9_3_14.html
2014-09-03 09:33 - 2014-09-03 09:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-03 09:31 - 2014-09-03 09:29 - 159428216 _____ () C:\Users\Jared\Downloads\setup_11.0.3.7.x01_2014_08_28_05_43.exe
2014-09-03 09:13 - 2014-09-03 09:13 - 00000000 ____D () C:\_OTM
2014-09-03 09:13 - 2014-05-16 17:09 - 00000000 ____D () C:\Users\Jared\AppData\Temp
2014-09-03 09:09 - 2014-09-03 09:09 - 00000000 ____D () C:\Windows\ERDNT
2014-09-03 09:09 - 2014-09-03 09:08 - 00000000 ____D () C:\Program Files\ERUNT
2014-09-03 09:08 - 2014-09-03 09:08 - 00000739 _____ () C:\Users\Jared\Desktop\NTREGOPT.lnk
2014-09-03 09:08 - 2014-09-03 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-09-03 09:00 - 2014-08-28 12:36 - 00000000 ____D () C:\AdwCleaner
2014-09-03 08:52 - 2014-09-03 08:52 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 08:52 - 2014-09-03 08:51 - 01016261 _____ (Thisisu) C:\Users\Jared\Downloads\JRT.exe
2014-09-03 08:46 - 2008-05-14 20:07 - 00000000 ____D () C:\Program Files\PC-Doctor 5 for Windows
2014-08-31 19:02 - 2008-09-01 12:57 - 00005216 _____ () C:\Users\Jared\AppData\Local\d3d9caps.dat
2014-08-28 17:06 - 2006-11-02 08:47 - 00330968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 14:42 - 2014-08-28 14:42 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\AVAST Software
2014-08-28 14:42 - 2014-08-28 14:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-28 14:41 - 2014-08-28 14:41 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-28 14:41 - 2014-08-28 14:41 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-28 14:41 - 2014-08-28 14:41 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-28 14:41 - 2014-08-28 14:41 - 00001879 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-28 14:41 - 2014-08-28 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-28 14:38 - 2014-08-28 14:38 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-28 14:38 - 2014-08-28 14:37 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-28 14:37 - 2014-08-28 14:37 - 04862664 _____ (AVAST Software) C:\Users\Jared\Downloads\avast_free_antivirus_setup_online.exe
2014-08-28 14:37 - 2008-09-01 10:24 - 00079296 _____ () C:\Users\Jared\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-28 14:30 - 2014-08-28 14:30 - 00000951 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 14:26 - 2014-08-28 14:26 - 00281796 _____ () C:\Users\Jared\Documents\cc_20140828_142605.reg
2014-08-28 13:40 - 2009-10-03 17:47 - 00000000 ____D () C:\Windows\Minidump
2014-08-28 13:40 - 2008-05-14 20:27 - 00000000 ____D () C:\Windows\Panther
2014-08-28 13:09 - 2006-11-02 06:23 - 00000219 _____ () C:\Windows\SYSTEM.INI
2014-08-28 13:00 - 2009-09-05 10:14 - 00000000 ____D () C:\Program Files\CA
2014-08-28 13:00 - 2006-11-02 06:23 - 00000219 _____ () C:\Windows\SYSTEM.UNV
2014-08-28 12:58 - 2014-08-28 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-28 12:58 - 2014-08-28 12:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 12:34 - 2014-08-08 22:12 - 00000000 ____D () C:\Program Files\Adanak
2014-08-27 09:38 - 2014-04-06 16:39 - 00000905 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-27 09:38 - 2014-04-06 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 09:38 - 2014-04-06 16:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 09:37 - 2014-08-27 09:36 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Jared\Downloads\mbam_premium.exe
2014-08-27 09:19 - 2009-02-11 18:22 - 00000000 ____D () C:\Program Files\Google
2014-08-24 13:59 - 2014-08-08 22:12 - 00000000 ____D () C:\ProgramData\841eedee619a4b34
2014-08-15 18:19 - 2014-05-15 15:22 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\FUJIFILM
2014-08-11 11:36 - 2014-08-19 20:35 - 00770384 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll

Some content of TEMP:
====================
C:\Users\Jared\AppData\Local\Temp\qpowusj3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-10 08:27

==================== End Of Log ============================

 

 

 

Here is the Addition.txt file:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-09-2014
Ran by Jared at 2014-09-10 09:15:48
Running from C:\Users\Jared\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
AIO_CDB_ProductContext (HKLM\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version:  - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

02-03-2014 19:42:17 Windows Update
04-03-2014 01:07:57 Scheduled Checkpoint
05-03-2014 13:50:03 Scheduled Checkpoint
07-03-2014 01:35:07 Scheduled Checkpoint
07-03-2014 13:50:42 Scheduled Checkpoint
08-03-2014 00:03:28 Windows Update
12-03-2014 20:05:46 Scheduled Checkpoint
13-03-2014 12:48:50 Windows Update
14-03-2014 11:45:31 Windows Update
18-03-2014 19:39:14 Windows Update
19-03-2014 11:27:55 Windows Update
20-03-2014 19:59:13 Scheduled Checkpoint
22-03-2014 11:37:12 Windows Update
23-03-2014 22:55:41 Scheduled Checkpoint
24-03-2014 22:23:19 Scheduled Checkpoint
26-03-2014 00:51:11 Windows Update
26-03-2014 18:26:04 Scheduled Checkpoint
28-03-2014 19:39:22 Scheduled Checkpoint
30-03-2014 11:45:13 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2014-09-03 09:13 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2CA3C4F3-28DD-4D45-99EC-560F5C6129C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3EF222FA-4BCC-4821-B9F5-4AE1E0DE097B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4633DF8A-C143-441B-B983-115236910C3D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-28] (AVAST Software)
Task: {5017837D-3188-4688-9F8B-7448A15F0A00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {85E81A6B-818A-47AD-9E2C-9E17ED3327E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {896A3BC1-1814-473B-A5CD-B631C9BA01C5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A1BB6C56-7AE3-4F5D-B879-2E0F3315DAD0} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {A4B7A9E3-5EF7-42E8-AF9B-C0FCD9A9A763} - System32\Tasks\Microsoft\Windows\RestartManager\{79F825F3-6C25-43e4-A140-8F7F34274CDD} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {D070AD3B-6A4C-4757-B3E9-8A7AA65A8F4D} - System32\Tasks\{81EA3D94-29B1-48AB-84B5-BA113939A8DF} => Iexplore.exe http://www.skype.com...LastError=12002
Task: {D4C8DD1D-FFF7-4EE1-A7DB-3F23F51D10E3} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {E0917328-6F0D-4524-B6FC-3DD92C166584} - System32\Tasks\{34367977-7C60-429D-B659-8D0E625635B8} => Iexplore.exe http://www.skype.com...LastError=12002
Task: {E0CD51B7-C269-4878-889D-C8AB4E93F754} - System32\Tasks\{A3BABEF3-078C-4C33-B52B-58FA632D0648} => C:\Program Files\Skype\Phone\Skype.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-28 14:41 - 2014-08-28 14:41 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-10 08:21 - 2014-09-10 08:21 - 02847744 _____ () C:\Program Files\AVAST Software\Avast\defs\14091000\algo.dll
2014-01-09 19:36 - 2012-01-17 16:09 - 00022944 _____ () C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-01-09 19:36 - 2010-08-22 21:01 - 00325632 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
2014-01-09 19:36 - 2010-08-22 21:01 - 01954304 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
2014-01-09 19:36 - 2010-08-22 21:01 - 07187456 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
2014-01-09 19:36 - 2010-08-22 21:01 - 00847360 _____ () C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
2014-01-09 19:36 - 2010-08-22 20:32 - 00119808 _____ () C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2014-08-28 14:41 - 2014-08-28 14:41 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-15 15:23 - 2007-03-05 09:22 - 00081920 _____ () C:\Program Files\FinePixViewerS\wia_register_event.dll
2010-07-21 18:33 - 2006-08-24 11:45 - 00376832 _____ () C:\Program Files\DigitalPeers\CamTrack\camtrack.exe
2010-07-21 18:33 - 2006-08-24 11:46 - 00315392 _____ () C:\Program Files\DigitalPeers\CamTrack\resources.dll
2014-01-09 19:36 - 2012-01-17 15:27 - 00669696 _____ () C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2006-12-10 21:51 - 2006-12-10 21:51 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
2006-12-10 21:51 - 2006-12-10 21:51 - 00077824 ____R () C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HPAdvisor => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #7
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft 6to4 Adapter #9
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #10
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #11
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter #12
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2014 09:13:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 08:20:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 08:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 02:51:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 07:16:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 09:16:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 08:55:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 08:45:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 08:35:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 09:21:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/31/2010 06:06:00 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (01/31/2010 06:05:48 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:53:30 AM on 1/31/2010 was unexpected.

Error: (01/31/2010 05:29:12 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (01/31/2010 05:29:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:16:52 AM on 1/31/2010 was unexpected.

Error: (01/31/2010 04:51:28 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (01/31/2010 03:20:50 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Wlansvc

Error: (01/31/2010 01:29:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (01/30/2010 06:02:50 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: 0xc000000e34\Device\HarddiskVolumeShadowCopy20

Error: (01/30/2010 06:02:49 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: 0xc000000e34\Device\HarddiskVolumeShadowCopy19

Error: (01/30/2010 06:02:47 PM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT AUTHORITY)
Description: 0xc000000e34\Device\HarddiskVolumeShadowCopy18

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-10 09:13:22.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-10 08:57:47.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-10 08:57:46.844
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-10 08:57:46.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-10 08:57:45.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-10 08:39:49.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-10 08:39:48.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-10 08:39:47.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-10 08:39:47.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-10 08:26:01.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 52%
Total physical RAM: 2036.45 MB
Available physical RAM: 970.7 MB
Total Pagefile: 4322.18 MB
Available Pagefile: 3130.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.05 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:222.85 GB) (Free:151.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.03 GB) (Free:1.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Here is the TDSSKiller log:

 

09:24:46.0197 0x02b4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
09:24:55.0448 0x02b4  ============================================================
09:24:55.0448 0x02b4  Current date / time: 2014/09/10 09:24:55.0448
09:24:55.0448 0x02b4  SystemInfo:
09:24:55.0448 0x02b4 
09:24:55.0448 0x02b4  OS Version: 6.0.6002 ServicePack: 2.0
09:24:55.0448 0x02b4  Product type: Workstation
09:24:55.0448 0x02b4  ComputerName: JARED-PC
09:24:55.0448 0x02b4  UserName: Jared
09:24:55.0448 0x02b4  Windows directory: C:\Windows
09:24:55.0448 0x02b4  System windows directory: C:\Windows
09:24:55.0448 0x02b4  Processor architecture: Intel x86
09:24:55.0448 0x02b4  Number of processors: 2
09:24:55.0448 0x02b4  Page size: 0x1000
09:24:55.0448 0x02b4  Boot type: Normal boot
09:24:55.0448 0x02b4  ============================================================
09:24:56.0977 0x02b4  KLMD registered as C:\Windows\system32\drivers\10634987.sys
09:24:57.0180 0x02b4  System UUID: {78FF9524-C05C-B20C-2ED9-909001B804F7}
09:24:57.0882 0x02b4  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:24:57.0882 0x02b4  ============================================================
09:24:57.0882 0x02b4  \Device\Harddisk0\DR0:
09:24:57.0882 0x02b4  MBR partitions:
09:24:57.0882 0x02b4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BDB55A1
09:24:57.0882 0x02b4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BDB55E0, BlocksNum 0x140EBF0
09:24:57.0882 0x02b4  ============================================================
09:24:57.0897 0x02b4  C: <-> \Device\Harddisk0\DR0\Partition1
09:24:58.0131 0x02b4  D: <-> \Device\Harddisk0\DR0\Partition2
09:24:58.0131 0x02b4  ============================================================
09:24:58.0131 0x02b4  Initialize success
09:24:58.0131 0x02b4  ============================================================
09:25:16.0914 0x16fc  ============================================================
09:25:16.0914 0x16fc  Scan started
09:25:16.0914 0x16fc  Mode: Manual; TDLFS;
09:25:16.0914 0x16fc  ============================================================
09:25:16.0914 0x16fc  KSN ping started
09:25:30.0829 0x16fc  KSN ping finished: true
09:25:31.0843 0x16fc  ================ Scan system memory ========================
09:25:31.0843 0x16fc  System memory - ok
09:25:31.0843 0x16fc  ================ Scan services =============================
09:25:31.0999 0x16fc  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:25:32.0015 0x16fc  ACPI - ok
09:25:32.0124 0x16fc  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:25:32.0139 0x16fc  AdobeFlashPlayerUpdateSvc - ok
09:25:32.0186 0x16fc  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:25:32.0202 0x16fc  adp94xx - ok
09:25:32.0233 0x16fc  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:25:32.0233 0x16fc  adpahci - ok
09:25:32.0264 0x16fc  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:25:32.0264 0x16fc  adpu160m - ok
09:25:32.0280 0x16fc  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:25:32.0295 0x16fc  adpu320 - ok
09:25:32.0327 0x16fc  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:25:32.0327 0x16fc  AeLookupSvc - ok
09:25:32.0373 0x16fc  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
09:25:32.0373 0x16fc  AFD - ok
09:25:32.0483 0x16fc  [ 4F2688F7399DC9A8C3078887E359095E, 773F851D26855689AB43F6D4ACC5F832321C45BDA3A1B321F390DDF41B99590C ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
09:25:32.0498 0x16fc  AffinegyService - ok
09:25:32.0545 0x16fc  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:25:32.0545 0x16fc  agp440 - ok
09:25:32.0576 0x16fc  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
09:25:32.0576 0x16fc  aic78xx - ok
09:25:32.0607 0x16fc  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
09:25:32.0607 0x16fc  ALG - ok
09:25:32.0623 0x16fc  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
09:25:32.0623 0x16fc  aliide - ok
09:25:32.0639 0x16fc  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:25:32.0639 0x16fc  amdagp - ok
09:25:32.0654 0x16fc  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
09:25:32.0654 0x16fc  amdide - ok
09:25:32.0670 0x16fc  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
09:25:32.0685 0x16fc  AmdK7 - ok
09:25:32.0701 0x16fc  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:25:32.0701 0x16fc  AmdK8 - ok
09:25:32.0732 0x16fc  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
09:25:32.0732 0x16fc  Appinfo - ok
09:25:32.0763 0x16fc  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
09:25:32.0763 0x16fc  arc - ok
09:25:32.0779 0x16fc  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:25:32.0779 0x16fc  arcsas - ok
09:25:32.0873 0x16fc  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:25:32.0904 0x16fc  aspnet_state - ok
09:25:32.0951 0x16fc  [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
09:25:32.0951 0x16fc  aswHwid - ok
09:25:32.0966 0x16fc  [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
09:25:32.0982 0x16fc  aswMonFlt - ok
09:25:32.0997 0x16fc  [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
09:25:33.0013 0x16fc  aswRdr - ok
09:25:33.0013 0x16fc  [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
09:25:33.0029 0x16fc  aswRvrt - ok
09:25:33.0075 0x16fc  [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
09:25:33.0107 0x16fc  aswSnx - ok
09:25:33.0153 0x16fc  [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
09:25:33.0169 0x16fc  aswSP - ok
09:25:33.0185 0x16fc  [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
09:25:33.0200 0x16fc  aswTdi - ok
09:25:33.0216 0x16fc  [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
09:25:33.0216 0x16fc  aswVmm - ok
09:25:33.0247 0x16fc  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:25:33.0247 0x16fc  AsyncMac - ok
09:25:33.0294 0x16fc  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
09:25:33.0294 0x16fc  atapi - ok
09:25:33.0341 0x16fc  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:25:33.0356 0x16fc  AudioEndpointBuilder - ok
09:25:33.0372 0x16fc  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:25:33.0387 0x16fc  Audiosrv - ok
09:25:33.0434 0x16fc  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:25:33.0434 0x16fc  avast! Antivirus - ok
09:25:33.0465 0x16fc  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:25:33.0481 0x16fc  Beep - ok
09:25:33.0543 0x16fc  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
09:25:33.0559 0x16fc  BFE - ok
09:25:33.0653 0x16fc  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
09:25:33.0684 0x16fc  BITS - ok
09:25:33.0699 0x16fc  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:25:33.0715 0x16fc  blbdrive - ok
09:25:33.0746 0x16fc  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:25:33.0746 0x16fc  bowser - ok
09:25:33.0777 0x16fc  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:25:33.0777 0x16fc  BrFiltLo - ok
09:25:33.0793 0x16fc  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:25:33.0793 0x16fc  BrFiltUp - ok
09:25:33.0809 0x16fc  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
09:25:33.0824 0x16fc  Browser - ok
09:25:33.0840 0x16fc  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
09:25:33.0840 0x16fc  Brserid - ok
09:25:33.0855 0x16fc  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:25:33.0871 0x16fc  BrSerWdm - ok
09:25:33.0887 0x16fc  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:25:33.0887 0x16fc  BrUsbMdm - ok
09:25:33.0902 0x16fc  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
09:25:33.0902 0x16fc  BrUsbSer - ok
09:25:33.0918 0x16fc  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:25:33.0933 0x16fc  BTHMODEM - ok
09:25:33.0949 0x16fc  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:25:33.0965 0x16fc  cdfs - ok
09:25:34.0011 0x16fc  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:25:34.0011 0x16fc  cdrom - ok
09:25:34.0058 0x16fc  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
09:25:34.0074 0x16fc  CertPropSvc - ok
09:25:34.0105 0x16fc  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:25:34.0105 0x16fc  circlass - ok
09:25:34.0167 0x16fc  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
09:25:34.0167 0x16fc  CLFS - ok
09:25:34.0230 0x16fc  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:25:34.0230 0x16fc  clr_optimization_v2.0.50727_32 - ok
09:25:34.0292 0x16fc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:25:34.0370 0x16fc  clr_optimization_v4.0.30319_32 - ok
09:25:34.0386 0x16fc  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:25:34.0386 0x16fc  cmdide - ok
09:25:34.0401 0x16fc  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:25:34.0401 0x16fc  Compbatt - ok
09:25:34.0417 0x16fc  COMSysApp - ok
09:25:34.0433 0x16fc  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:25:34.0433 0x16fc  crcdisk - ok
09:25:34.0448 0x16fc  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
09:25:34.0448 0x16fc  Crusoe - ok
09:25:34.0495 0x16fc  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:25:34.0495 0x16fc  CryptSvc - ok
09:25:34.0573 0x16fc  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:25:34.0589 0x16fc  DcomLaunch - ok
09:25:34.0620 0x16fc  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:25:34.0620 0x16fc  DfsC - ok
09:25:34.0791 0x16fc  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
09:25:34.0885 0x16fc  DFSR - ok
09:25:34.0963 0x16fc  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:25:34.0963 0x16fc  Dhcp - ok
09:25:35.0010 0x16fc  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
09:25:35.0010 0x16fc  disk - ok
09:25:35.0057 0x16fc  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:25:35.0057 0x16fc  Dnscache - ok
09:25:35.0119 0x16fc  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
09:25:35.0119 0x16fc  dot3svc - ok
09:25:35.0181 0x16fc  [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
09:25:35.0181 0x16fc  Dot4 - ok
09:25:35.0197 0x16fc  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:25:35.0197 0x16fc  Dot4Print - ok
09:25:35.0213 0x16fc  [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
09:25:35.0228 0x16fc  dot4usb - ok
09:25:35.0259 0x16fc  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
09:25:35.0259 0x16fc  DPS - ok
09:25:35.0306 0x16fc  [ B625D3CC8B586ECC83215E9E5E031AD8, F231BC8A5E7782F5583CBD854A023DD4983B6CA9970D0CB2B8712F2455C21220 ] dptrackerd      C:\Windows\system32\drivers\dptrackerd.sys
09:25:35.0306 0x16fc  dptrackerd - ok
09:25:35.0353 0x16fc  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:25:35.0353 0x16fc  drmkaud - ok
09:25:35.0400 0x16fc  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:25:35.0447 0x16fc  DXGKrnl - ok
09:25:35.0478 0x16fc  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
09:25:35.0478 0x16fc  E1G60 - ok
09:25:35.0509 0x16fc  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
09:25:35.0509 0x16fc  EapHost - ok
09:25:35.0571 0x16fc  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:25:35.0587 0x16fc  Ecache - ok
09:25:35.0634 0x16fc  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:25:35.0649 0x16fc  ehRecvr - ok
09:25:35.0665 0x16fc  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
09:25:35.0665 0x16fc  ehSched - ok
09:25:35.0681 0x16fc  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
09:25:35.0681 0x16fc  ehstart - ok
09:25:35.0743 0x16fc  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:25:35.0759 0x16fc  elxstor - ok
09:25:35.0852 0x16fc  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
09:25:35.0883 0x16fc  EMDMgmt - ok
09:25:35.0915 0x16fc  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:25:35.0915 0x16fc  ErrDev - ok
09:25:36.0024 0x16fc  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
09:25:36.0024 0x16fc  EventSystem - ok
09:25:36.0117 0x16fc  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:25:36.0149 0x16fc  exfat - ok
09:25:36.0164 0x16fc  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:25:36.0180 0x16fc  fastfat - ok
09:25:36.0211 0x16fc  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:25:36.0227 0x16fc  fdc - ok
09:25:36.0258 0x16fc  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
09:25:36.0258 0x16fc  fdPHost - ok
09:25:36.0320 0x16fc  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:25:36.0336 0x16fc  FDResPub - ok
09:25:36.0367 0x16fc  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:25:36.0383 0x16fc  FileInfo - ok
09:25:36.0398 0x16fc  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:25:36.0414 0x16fc  Filetrace - ok
09:25:36.0445 0x16fc  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:25:36.0461 0x16fc  flpydisk - ok
09:25:36.0539 0x16fc  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:25:36.0570 0x16fc  FltMgr - ok
09:25:36.0819 0x16fc  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
09:25:36.0913 0x16fc  FontCache - ok
09:25:37.0022 0x16fc  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:25:37.0022 0x16fc  FontCache3.0.0.0 - ok
09:25:37.0053 0x16fc  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:25:37.0069 0x16fc  Fs_Rec - ok
09:25:37.0147 0x16fc  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:25:37.0147 0x16fc  gagp30kx - ok
09:25:37.0209 0x16fc  [ 6139AE70E943B2A57AD04B70A316C0A0, D062AE2E7BABE70BDF28AFDF860F5D3AE4C16D042919CB5A4E935A765495D6A5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
09:25:37.0225 0x16fc  GameConsoleService - ok
09:25:37.0256 0x16fc  [ AB8A6A87D9D7255C3884D5B9541A6E80, D073B5D8A06EFA6415E8F22DFE486DE913113AE23F59CFC5EEF1B3E694CE86F3 ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:25:37.0256 0x16fc  GEARAspiWDM - ok
09:25:37.0334 0x16fc  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
09:25:37.0350 0x16fc  gpsvc - ok
09:25:37.0443 0x16fc  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:25:37.0443 0x16fc  gusvc - ok
09:25:37.0521 0x16fc  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:25:37.0553 0x16fc  HDAudBus - ok
09:25:37.0584 0x16fc  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:25:37.0599 0x16fc  HidBth - ok
09:25:37.0615 0x16fc  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:25:37.0615 0x16fc  HidIr - ok
09:25:37.0662 0x16fc  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
09:25:37.0662 0x16fc  hidserv - ok
09:25:37.0693 0x16fc  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:25:37.0693 0x16fc  HidUsb - ok
09:25:37.0724 0x16fc  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:25:37.0724 0x16fc  hkmsvc - ok
09:25:37.0787 0x16fc  [ CB383AB0B8BA871D893B86D3C9A3ED9F, 0DFFA243CE59871556149A4C9C41BDE41280E755139EC5F199A755FC9DDE0F31 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
09:25:37.0787 0x16fc  HP Health Check Service - ok
09:25:37.0818 0x16fc  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
09:25:37.0833 0x16fc  HpCISSs - ok
09:25:37.0927 0x16fc  [ FCB563B0A23643E5F80B6FF1E60F610F, C1FCECF406E154065BF3FD93C4853ED96F5300E0E218FF0AA20B34D614710735 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:25:37.0943 0x16fc  hpqcxs08 - ok
09:25:37.0958 0x16fc  [ 25E443E27165C652723A92D9BDFD4649, 58528E888176D236C683F5135BE0B35F43F9F521022ED0E66D5B688F3BAF7D0F ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:25:37.0958 0x16fc  hpqddsvc - ok
09:25:38.0052 0x16fc  [ 88749FBF8BEB18C90E7D6626C8C1910B, 8CCCCF75EE8D7C8F052DE48DCE7099BFA9D29E9D94E9EEB8C84F0EEE73CC2EDD ] HSF_DP          C:\Windows\system32\DRIVERS\HSX_DP.sys
09:25:38.0099 0x16fc  HSF_DP - ok
09:25:38.0114 0x16fc  [ FE440536BD98AF772130DC3A6FE1915F, F890A4336E6BC11A5D0A7D49CFD0626FFC2131E81260AE3E2501BCD29434C131 ] HSXHWBS2        C:\Windows\system32\DRIVERS\HSXHWBS2.sys
09:25:38.0130 0x16fc  HSXHWBS2 - ok
09:25:38.0192 0x16fc  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:25:38.0208 0x16fc  HTTP - ok
09:25:38.0223 0x16fc  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
09:25:38.0223 0x16fc  i2omp - ok
09:25:38.0255 0x16fc  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:25:38.0255 0x16fc  i8042prt - ok
09:25:38.0301 0x16fc  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
09:25:38.0301 0x16fc  iaStorV - ok
09:25:38.0395 0x16fc  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:25:38.0426 0x16fc  idsvc - ok
09:25:38.0551 0x16fc  [ 62F534791AE488A475A3E508D92AF4CC, 63F0BCA271EAB73A73ED9908B49332957343CAB00AB39BBBBB8F983C1086DDA9 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
09:25:38.0645 0x16fc  igfx - ok
09:25:38.0676 0x16fc  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:25:38.0676 0x16fc  iirsp - ok
09:25:38.0723 0x16fc  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:25:38.0738 0x16fc  IKEEXT - ok
09:25:38.0879 0x16fc  [ 5D26CCB06E1F3B5C26E863DF3F4F2611, E6253E00F4EA2A57F270594A47879AA4B58053ABEFBC98A3DCC92289F67F26CB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:25:38.0972 0x16fc  IntcAzAudAddService - ok
09:25:39.0003 0x16fc  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
09:25:39.0003 0x16fc  intelide - ok
09:25:39.0019 0x16fc  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:25:39.0019 0x16fc  intelppm - ok
09:25:39.0035 0x16fc  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:25:39.0050 0x16fc  IPBusEnum - ok
09:25:39.0066 0x16fc  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:25:39.0066 0x16fc  IpFilterDriver - ok
09:25:39.0113 0x16fc  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:25:39.0113 0x16fc  iphlpsvc - ok
09:25:39.0128 0x16fc  IpInIp - ok
09:25:39.0144 0x16fc  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
09:25:39.0144 0x16fc  IPMIDRV - ok
09:25:39.0175 0x16fc  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
09:25:39.0175 0x16fc  IPNAT - ok
09:25:39.0191 0x16fc  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:25:39.0191 0x16fc  IRENUM - ok
09:25:39.0206 0x16fc  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:25:39.0222 0x16fc  isapnp - ok
09:25:39.0284 0x16fc  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:25:39.0284 0x16fc  iScsiPrt - ok
09:25:39.0300 0x16fc  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:25:39.0300 0x16fc  iteatapi - ok
09:25:39.0315 0x16fc  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
09:25:39.0315 0x16fc  iteraid - ok
09:25:39.0331 0x16fc  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:25:39.0331 0x16fc  kbdclass - ok
09:25:39.0347 0x16fc  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:25:39.0362 0x16fc  kbdhid - ok
09:25:39.0393 0x16fc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
09:25:39.0393 0x16fc  KeyIso - ok
09:25:39.0409 0x16fc  KmxFilter - ok
09:25:39.0456 0x16fc  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:25:39.0471 0x16fc  KSecDD - ok
09:25:39.0518 0x16fc  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:25:39.0534 0x16fc  KtmRm - ok
09:25:39.0565 0x16fc  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:25:39.0581 0x16fc  LanmanServer - ok
09:25:39.0612 0x16fc  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:25:39.0627 0x16fc  LanmanWorkstation - ok
09:25:39.0674 0x16fc  [ DFEFF67508D3A9AEB1A85D7B0F513B24, 34A02E6BEAFB22B1527C72E0E2D65FA1DBCFB022672116BFF4A903FBBEA8419D ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:25:39.0674 0x16fc  LightScribeService - ok
09:25:39.0705 0x16fc  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:25:39.0705 0x16fc  lltdio - ok
09:25:39.0752 0x16fc  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:25:39.0768 0x16fc  lltdsvc - ok
09:25:39.0783 0x16fc  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:25:39.0783 0x16fc  lmhosts - ok
09:25:39.0799 0x16fc  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:25:39.0815 0x16fc  LSI_FC - ok
09:25:39.0815 0x16fc  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:25:39.0830 0x16fc  LSI_SAS - ok
09:25:39.0846 0x16fc  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:25:39.0846 0x16fc  LSI_SCSI - ok
09:25:39.0861 0x16fc  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:25:39.0861 0x16fc  luafv - ok
09:25:39.0893 0x16fc  [ EE7444334BCE24AC3464D538F1F78633, 1C57E08D777DB25AB306D5D0D3D7D5F07E8DAA6889309EE3D1DE461DBBC1CB33 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:25:39.0908 0x16fc  MBAMProtector - ok
09:25:40.0049 0x16fc  [ 27AE89868F121E1410576208E701FF3F, 2B1DB57C132AAAE6E7B72D4A00D28F7F4DF2F6356090F5A33DFB43A43A344F50 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
09:25:40.0095 0x16fc  MBAMScheduler - ok
09:25:40.0142 0x16fc  [ ECFB4F401FF8EEFC4FD0142A71F2449D, AE975B07FE69C7F598D4EFE4C575DEC6277D47D17001EDCF7D2216F559C78454 ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
09:25:40.0189 0x16fc  MBAMService - ok
09:25:40.0267 0x16fc  [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
09:25:40.0267 0x16fc  MBAMSwissArmy - ok
09:25:40.0314 0x16fc  [ A48B3F66CBAAE8A6990FAC916FD5BFE6, 36C018CBFF6CA94690BD9103D1DF6F8AA0B10199314740141C9F72BECB9FFA72 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:25:40.0314 0x16fc  MBAMWebAccessControl - ok
09:25:40.0361 0x16fc  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:25:40.0361 0x16fc  Mcx2Svc - ok
09:25:40.0392 0x16fc  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:25:40.0392 0x16fc  mdmxsdk - ok
09:25:40.0423 0x16fc  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
09:25:40.0423 0x16fc  megasas - ok
09:25:40.0439 0x16fc  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
09:25:40.0454 0x16fc  MegaSR - ok
09:25:40.0470 0x16fc  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
09:25:40.0470 0x16fc  MMCSS - ok
09:25:40.0485 0x16fc  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
09:25:40.0485 0x16fc  Modem - ok
09:25:40.0517 0x16fc  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:25:40.0517 0x16fc  monitor - ok
09:25:40.0563 0x16fc  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:25:40.0563 0x16fc  mouclass - ok
09:25:40.0579 0x16fc  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:25:40.0579 0x16fc  mouhid - ok
09:25:40.0595 0x16fc  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:25:40.0610 0x16fc  MountMgr - ok
09:25:40.0626 0x16fc  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:25:40.0626 0x16fc  mpio - ok
09:25:40.0641 0x16fc  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:25:40.0657 0x16fc  mpsdrv - ok
09:25:40.0719 0x16fc  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:25:40.0797 0x16fc  MpsSvc - ok
09:25:40.0829 0x16fc  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:25:40.0829 0x16fc  Mraid35x - ok
09:25:41.0047 0x16fc  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:25:41.0047 0x16fc  MRxDAV - ok
09:25:41.0078 0x16fc  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:25:41.0078 0x16fc  mrxsmb - ok
09:25:41.0109 0x16fc  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:25:41.0109 0x16fc  mrxsmb10 - ok
09:25:41.0125 0x16fc  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:25:41.0125 0x16fc  mrxsmb20 - ok
09:25:41.0156 0x16fc  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:25:41.0156 0x16fc  msahci - ok
09:25:41.0172 0x16fc  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:25:41.0172 0x16fc  msdsm - ok
09:25:41.0219 0x16fc  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
09:25:41.0219 0x16fc  MSDTC - ok
09:25:41.0234 0x16fc  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:25:41.0234 0x16fc  Msfs - ok
09:25:41.0265 0x16fc  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:25:41.0265 0x16fc  msisadrv - ok
09:25:41.0297 0x16fc  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:25:41.0297 0x16fc  MSiSCSI - ok
09:25:41.0312 0x16fc  msiserver - ok
09:25:41.0328 0x16fc  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:25:41.0328 0x16fc  MSKSSRV - ok
09:25:41.0343 0x16fc  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:25:41.0343 0x16fc  MSPCLOCK - ok
09:25:41.0359 0x16fc  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:25:41.0359 0x16fc  MSPQM - ok
09:25:41.0406 0x16fc  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:25:41.0406 0x16fc  MsRPC - ok
09:25:41.0437 0x16fc  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:25:41.0437 0x16fc  mssmbios - ok
09:25:41.0453 0x16fc  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:25:41.0453 0x16fc  MSTEE - ok
09:25:41.0499 0x16fc  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:25:41.0499 0x16fc  Mup - ok
09:25:41.0562 0x16fc  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
09:25:41.0562 0x16fc  napagent - ok
09:25:41.0624 0x16fc  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:25:41.0624 0x16fc  NativeWifiP - ok
09:25:41.0671 0x16fc  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:25:41.0687 0x16fc  NDIS - ok
09:25:41.0718 0x16fc  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:25:41.0718 0x16fc  NdisTapi - ok
09:25:41.0733 0x16fc  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:25:41.0733 0x16fc  Ndisuio - ok
09:25:41.0796 0x16fc  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:25:41.0796 0x16fc  NdisWan - ok
09:25:41.0811 0x16fc  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:25:41.0811 0x16fc  NDProxy - ok
09:25:41.0858 0x16fc  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:25:41.0858 0x16fc  Net Driver HPZ12 - ok
09:25:41.0874 0x16fc  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:25:41.0874 0x16fc  NetBIOS - ok
09:25:41.0921 0x16fc  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
09:25:41.0936 0x16fc  netbt - ok
09:25:41.0936 0x16fc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
09:25:41.0952 0x16fc  Netlogon - ok
09:25:41.0967 0x16fc  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
09:25:41.0999 0x16fc  Netman - ok
09:25:42.0045 0x16fc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:25:42.0061 0x16fc  NetMsmqActivator - ok
09:25:42.0077 0x16fc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:25:42.0077 0x16fc  NetPipeActivator - ok
09:25:42.0108 0x16fc  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
09:25:42.0123 0x16fc  netprofm - ok
09:25:42.0170 0x16fc  [ 757F999AA72B55780EE810D4CD1BDD47, 42E1D218B23620B9CC07F9D565FB1A270248A098C057423D4618F5E4458F37F6 ] netr73          C:\Windows\system32\DRIVERS\WUSB54GCx86.sys
09:25:42.0170 0x16fc  netr73 - ok
09:25:42.0186 0x16fc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:25:42.0201 0x16fc  NetTcpActivator - ok
09:25:42.0201 0x16fc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:25:42.0201 0x16fc  NetTcpPortSharing - ok
09:25:42.0248 0x16fc  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:25:42.0248 0x16fc  nfrd960 - ok
09:25:42.0264 0x16fc  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:25:42.0279 0x16fc  NlaSvc - ok
09:25:42.0326 0x16fc  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:25:42.0326 0x16fc  Npfs - ok
09:25:42.0357 0x16fc  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
09:25:42.0357 0x16fc  nsi - ok
09:25:42.0373 0x16fc  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:25:42.0373 0x16fc  nsiproxy - ok
09:25:42.0435 0x16fc  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:25:42.0498 0x16fc  Ntfs - ok
09:25:42.0529 0x16fc  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
09:25:42.0529 0x16fc  ntrigdigi - ok
09:25:42.0545 0x16fc  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
09:25:42.0545 0x16fc  Null - ok
09:25:42.0560 0x16fc  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:25:42.0576 0x16fc  nvraid - ok
09:25:42.0591 0x16fc  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:25:42.0591 0x16fc  nvstor - ok
09:25:42.0607 0x16fc  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:25:42.0607 0x16fc  nv_agp - ok
09:25:42.0623 0x16fc  NwlnkFlt - ok
09:25:42.0638 0x16fc  NwlnkFwd - ok
09:25:42.0716 0x16fc  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:25:42.0732 0x16fc  odserv - ok
09:25:42.0747 0x16fc  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:25:42.0763 0x16fc  ohci1394 - ok
09:25:42.0794 0x16fc  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:25:42.0794 0x16fc  ose - ok
09:25:42.0857 0x16fc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:25:42.0903 0x16fc  p2pimsvc - ok
09:25:42.0950 0x16fc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:25:42.0966 0x16fc  p2psvc - ok
09:25:42.0997 0x16fc  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
09:25:42.0997 0x16fc  Parport - ok
09:25:43.0028 0x16fc  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:25:43.0028 0x16fc  partmgr - ok
09:25:43.0059 0x16fc  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
09:25:43.0059 0x16fc  Parvdm - ok
09:25:43.0091 0x16fc  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:25:43.0091 0x16fc  PcaSvc - ok
09:25:43.0153 0x16fc  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
09:25:43.0153 0x16fc  pci - ok
09:25:43.0169 0x16fc  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:25:43.0169 0x16fc  pciide - ok
09:25:43.0200 0x16fc  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:25:43.0200 0x16fc  pcmcia - ok
09:25:43.0278 0x16fc  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:25:43.0325 0x16fc  PEAUTH - ok
09:25:43.0434 0x16fc  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
09:25:43.0512 0x16fc  pla - ok
09:25:43.0559 0x16fc  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:25:43.0559 0x16fc  PlugPlay - ok
09:25:43.0574 0x16fc  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:25:43.0574 0x16fc  Pml Driver HPZ12 - ok
09:25:43.0621 0x16fc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
09:25:43.0652 0x16fc  PNRPAutoReg - ok
09:25:43.0699 0x16fc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
09:25:43.0715 0x16fc  PNRPsvc - ok
09:25:43.0777 0x16fc  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:25:43.0793 0x16fc  PolicyAgent - ok
09:25:43.0824 0x16fc  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:25:43.0824 0x16fc  PptpMiniport - ok
09:25:43.0839 0x16fc  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
09:25:43.0855 0x16fc  Processor - ok
09:25:43.0871 0x16fc  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
09:25:43.0886 0x16fc  ProfSvc - ok
09:25:43.0902 0x16fc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
09:25:43.0902 0x16fc  ProtectedStorage - ok
09:25:43.0949 0x16fc  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:25:43.0949 0x16fc  PSched - ok
09:25:44.0027 0x16fc  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:25:44.0073 0x16fc  ql2300 - ok
09:25:44.0089 0x16fc  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:25:44.0105 0x16fc  ql40xx - ok
09:25:44.0136 0x16fc  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
09:25:44.0151 0x16fc  QWAVE - ok
09:25:44.0167 0x16fc  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:25:44.0167 0x16fc  QWAVEdrv - ok
09:25:44.0183 0x16fc  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:25:44.0183 0x16fc  RasAcd - ok
09:25:44.0198 0x16fc  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
09:25:44.0198 0x16fc  RasAuto - ok
09:25:44.0214 0x16fc  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:25:44.0229 0x16fc  Rasl2tp - ok
09:25:44.0276 0x16fc  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
09:25:44.0292 0x16fc  RasMan - ok
09:25:44.0339 0x16fc  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:25:44.0354 0x16fc  RasPppoe - ok
09:25:44.0401 0x16fc  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:25:44.0401 0x16fc  RasSstp - ok
09:25:44.0448 0x16fc  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:25:44.0448 0x16fc  rdbss - ok
09:25:44.0479 0x16fc  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:25:44.0479 0x16fc  RDPCDD - ok
09:25:44.0526 0x16fc  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
09:25:44.0526 0x16fc  rdpdr - ok
09:25:44.0541 0x16fc  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:25:44.0541 0x16fc  RDPENCDD - ok
09:25:44.0573 0x16fc  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:25:44.0573 0x16fc  RDPWD - ok
09:25:44.0604 0x16fc  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:25:44.0604 0x16fc  RemoteAccess - ok
09:25:44.0666 0x16fc  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:25:44.0666 0x16fc  RemoteRegistry - ok
09:25:44.0682 0x16fc  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
09:25:44.0697 0x16fc  RpcLocator - ok
09:25:44.0729 0x16fc  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
09:25:44.0744 0x16fc  RpcSs - ok
09:25:44.0775 0x16fc  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:25:44.0775 0x16fc  rspndr - ok
09:25:44.0822 0x16fc  [ ABBE0F54BA3A378262C9CB86CF7D91F8, 573D336A4A40B303498628FCA7685102F5CC69FC371100CF519126086C60732F ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
09:25:44.0822 0x16fc  RTL8169 - ok
09:25:44.0822 0x16fc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
09:25:44.0838 0x16fc  SamSs - ok
09:25:44.0853 0x16fc  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:25:44.0853 0x16fc  sbp2port - ok
09:25:44.0900 0x16fc  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:25:44.0916 0x16fc  SCardSvr - ok
09:25:44.0963 0x16fc  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
09:25:44.0994 0x16fc  Schedule - ok
09:25:45.0009 0x16fc  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:25:45.0009 0x16fc  SCPolicySvc - ok
09:25:45.0025 0x16fc  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:25:45.0041 0x16fc  SDRSVC - ok
09:25:45.0056 0x16fc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:25:45.0056 0x16fc  secdrv - ok
09:25:45.0087 0x16fc  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
09:25:45.0087 0x16fc  seclogon - ok
09:25:45.0087 0x16fc  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
09:25:45.0103 0x16fc  SENS - ok
09:25:45.0119 0x16fc  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:25:45.0119 0x16fc  Serenum - ok
09:25:45.0134 0x16fc  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
09:25:45.0134 0x16fc  Serial - ok
09:25:45.0165 0x16fc  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:25:45.0165 0x16fc  sermouse - ok
09:25:45.0181 0x16fc  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:25:45.0197 0x16fc  SessionEnv - ok
09:25:45.0197 0x16fc  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:25:45.0212 0x16fc  sffdisk - ok
09:25:45.0228 0x16fc  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:25:45.0228 0x16fc  sffp_mmc - ok
09:25:45.0228 0x16fc  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:25:45.0228 0x16fc  sffp_sd - ok
09:25:45.0259 0x16fc  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:25:45.0259 0x16fc  sfloppy - ok
09:25:45.0290 0x16fc  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:25:45.0306 0x16fc  SharedAccess - ok
09:25:45.0337 0x16fc  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:25:45.0353 0x16fc  ShellHWDetection - ok
09:25:45.0368 0x16fc  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:25:45.0368 0x16fc  sisagp - ok
09:25:45.0384 0x16fc  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:25:45.0384 0x16fc  SiSRaid2 - ok
09:25:45.0399 0x16fc  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:25:45.0415 0x16fc  SiSRaid4 - ok
09:25:45.0587 0x16fc  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
09:25:45.0758 0x16fc  slsvc - ok
09:25:45.0821 0x16fc  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:25:45.0821 0x16fc  SLUINotify - ok
09:25:45.0883 0x16fc  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:25:45.0883 0x16fc  Smb - ok
09:25:45.0914 0x16fc  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:25:45.0930 0x16fc  SNMPTRAP - ok
09:25:45.0961 0x16fc  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:25:45.0961 0x16fc  spldr - ok
09:25:46.0023 0x16fc  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
09:25:46.0039 0x16fc  Spooler - ok
09:25:46.0133 0x16fc  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:25:46.0148 0x16fc  srv - ok
09:25:46.0195 0x16fc  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:25:46.0211 0x16fc  srv2 - ok
09:25:46.0257 0x16fc  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:25:46.0257 0x16fc  srvnet - ok
09:25:46.0304 0x16fc  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:25:46.0304 0x16fc  SSDPSRV - ok
09:25:46.0335 0x16fc  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:25:46.0367 0x16fc  SstpSvc - ok
09:25:46.0429 0x16fc  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
09:25:46.0445 0x16fc  stisvc - ok
09:25:46.0460 0x16fc  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:25:46.0460 0x16fc  swenum - ok
09:25:46.0523 0x16fc  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
09:25:46.0523 0x16fc  swprv - ok
09:25:46.0538 0x16fc  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
09:25:46.0538 0x16fc  Symc8xx - ok
09:25:46.0554 0x16fc  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:25:46.0569 0x16fc  Sym_hi - ok
09:25:46.0569 0x16fc  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:25:46.0585 0x16fc  Sym_u3 - ok
09:25:46.0647 0x16fc  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
09:25:46.0663 0x16fc  SysMain - ok
09:25:46.0694 0x16fc  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:25:46.0710 0x16fc  TabletInputService - ok
09:25:46.0757 0x16fc  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:25:46.0772 0x16fc  TapiSrv - ok
09:25:46.0788 0x16fc  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
09:25:46.0803 0x16fc  TBS - ok
09:25:46.0866 0x16fc  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:25:46.0897 0x16fc  Tcpip - ok
09:25:46.0944 0x16fc  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:25:46.0975 0x16fc  Tcpip6 - ok
09:25:47.0006 0x16fc  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:25:47.0022 0x16fc  tcpipreg - ok
09:25:47.0037 0x16fc  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:25:47.0037 0x16fc  TDPIPE - ok
09:25:47.0053 0x16fc  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:25:47.0053 0x16fc  TDTCP - ok
09:25:47.0115 0x16fc  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:25:47.0115 0x16fc  tdx - ok
09:25:47.0147 0x16fc  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:25:47.0147 0x16fc  TermDD - ok
09:25:47.0209 0x16fc  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
09:25:47.0240 0x16fc  TermService - ok
09:25:47.0256 0x16fc  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
09:25:47.0318 0x16fc  Themes - ok
09:25:47.0349 0x16fc  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
09:25:47.0349 0x16fc  THREADORDER - ok
09:25:47.0381 0x16fc  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
09:25:47.0412 0x16fc  TrkWks - ok
09:25:47.0474 0x16fc  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:25:47.0490 0x16fc  TrustedInstaller - ok
09:25:47.0521 0x16fc  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:25:47.0537 0x16fc  tssecsrv - ok
09:25:47.0583 0x16fc  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
09:25:47.0583 0x16fc  tunmp - ok
09:25:47.0630 0x16fc  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:25:47.0630 0x16fc  tunnel - ok
09:25:47.0661 0x16fc  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:25:47.0661 0x16fc  uagp35 - ok
09:25:47.0724 0x16fc  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:25:47.0739 0x16fc  udfs - ok
09:25:47.0771 0x16fc  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:25:47.0786 0x16fc  UI0Detect - ok
09:25:47.0802 0x16fc  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:25:47.0802 0x16fc  uliagpkx - ok
09:25:47.0833 0x16fc  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
09:25:47.0849 0x16fc  uliahci - ok
09:25:47.0864 0x16fc  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:25:47.0880 0x16fc  UlSata - ok
09:25:47.0895 0x16fc  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
09:25:47.0895 0x16fc  ulsata2 - ok
09:25:47.0927 0x16fc  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:25:47.0927 0x16fc  umbus - ok
09:25:47.0973 0x16fc  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
09:25:47.0989 0x16fc  upnphost - ok
09:25:48.0020 0x16fc  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:25:48.0036 0x16fc  usbccgp - ok
09:25:48.0051 0x16fc  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:25:48.0051 0x16fc  usbcir - ok
09:25:48.0098 0x16fc  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:25:48.0114 0x16fc  usbehci - ok
09:25:48.0145 0x16fc  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:25:48.0161 0x16fc  usbhub - ok
09:25:48.0176 0x16fc  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:25:48.0176 0x16fc  usbohci - ok
09:25:48.0207 0x16fc  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:25:48.0207 0x16fc  usbprint - ok
09:25:48.0239 0x16fc  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:25:48.0254 0x16fc  usbscan - ok
09:25:48.0285 0x16fc  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:25:48.0285 0x16fc  USBSTOR - ok
09:25:48.0332 0x16fc  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:25:48.0348 0x16fc  usbuhci - ok
09:25:48.0410 0x16fc  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
09:25:48.0410 0x16fc  usbvideo - ok
09:25:48.0473 0x16fc  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
09:25:48.0473 0x16fc  UxSms - ok
09:25:48.0551 0x16fc  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
09:25:48.0566 0x16fc  vds - ok
09:25:48.0597 0x16fc  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:25:48.0597 0x16fc  vga - ok
09:25:48.0613 0x16fc  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:25:48.0613 0x16fc  VgaSave - ok
09:25:48.0629 0x16fc  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:25:48.0644 0x16fc  viaagp - ok
09:25:48.0660 0x16fc  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
09:25:48.0660 0x16fc  ViaC7 - ok
09:25:48.0691 0x16fc  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
09:25:48.0691 0x16fc  viaide - ok
09:25:48.0753 0x16fc  [ 0F0CFDB1EBFF88AB998003C65CD79B4B, F6847B7E29D3DCF57FA22A36981DFC0F1DF5340A4872DF820223ACC277FA5B54 ] VMUVC           C:\Windows\system32\Drivers\VMUVC.sys
09:25:48.0769 0x16fc  VMUVC - ok
09:25:48.0785 0x16fc  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:25:48.0800 0x16fc  volmgr - ok
09:25:48.0847 0x16fc  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:25:48.0863 0x16fc  volmgrx - ok
09:25:48.0894 0x16fc  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:25:48.0909 0x16fc  volsnap - ok
09:25:48.0941 0x16fc  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:25:48.0941 0x16fc  vsmraid - ok
09:25:49.0034 0x16fc  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
09:25:49.0081 0x16fc  VSS - ok
09:25:49.0159 0x16fc  [ D3EE7CC6B0C29083A874DB9D890BCEB5, 6F75CFCD91F45C6559D65315EC4B9D73F7AD278C632B733B47382F23F6DDD9B1 ] vvftUVC         C:\Windows\system32\drivers\vvftUVC.sys
09:25:49.0175 0x16fc  vvftUVC - ok
09:25:49.0190 0x16fc  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
09:25:49.0221 0x16fc  W32Time - ok
09:25:49.0237 0x16fc  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:25:49.0237 0x16fc  WacomPen - ok
09:25:49.0268 0x16fc  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:25:49.0268 0x16fc  Wanarp - ok
09:25:49.0268 0x16fc  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:25:49.0284 0x16fc  Wanarpv6 - ok
09:25:49.0346 0x16fc  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:25:49.0393 0x16fc  wcncsvc - ok
09:25:49.0440 0x16fc  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:25:49.0455 0x16fc  WcsPlugInService - ok
09:25:49.0471 0x16fc  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
09:25:49.0471 0x16fc  Wd - ok
09:25:49.0518 0x16fc  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:25:49.0549 0x16fc  Wdf01000 - ok
09:25:49.0565 0x16fc  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:25:49.0580 0x16fc  WdiServiceHost - ok
09:25:49.0596 0x16fc  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:25:49.0596 0x16fc  WdiSystemHost - ok
09:25:49.0658 0x16fc  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
09:25:49.0674 0x16fc  WebClient - ok
09:25:49.0721 0x16fc  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:25:49.0736 0x16fc  Wecsvc - ok
09:25:49.0767 0x16fc  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:25:49.0767 0x16fc  wercplsupport - ok
09:25:49.0814 0x16fc  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:25:49.0830 0x16fc  WerSvc - ok
09:25:49.0892 0x16fc  [ 72CC6A8CA7891031D6380DB5025C773C, 33D5021C3A2FE8E9F6E2C22F4777E1D82A6B3998EB857B618A3C8838D3C8B03E ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:25:49.0923 0x16fc  winachsf - ok
09:25:49.0970 0x16fc  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:25:49.0986 0x16fc  WinDefend - ok
09:25:50.0001 0x16fc  WinHttpAutoProxySvc - ok
09:25:50.0079 0x16fc  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:25:50.0079 0x16fc  Winmgmt - ok
09:25:50.0157 0x16fc  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:25:50.0235 0x16fc  WinRM - ok
09:25:50.0282 0x16fc  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:25:50.0298 0x16fc  Wlansvc - ok
09:25:50.0345 0x16fc  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:25:50.0345 0x16fc  WmiAcpi - ok
09:25:50.0391 0x16fc  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:25:50.0391 0x16fc  wmiApSrv - ok
09:25:50.0469 0x16fc  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:25:50.0516 0x16fc  WMPNetworkSvc - ok
09:25:50.0563 0x16fc  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:25:50.0579 0x16fc  WPCSvc - ok
09:25:50.0625 0x16fc  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:25:50.0641 0x16fc  WPDBusEnum - ok
09:25:50.0688 0x16fc  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:25:50.0688 0x16fc  WpdUsb - ok
09:25:50.0781 0x16fc  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:25:50.0828 0x16fc  WPFFontCache_v0400 - ok
09:25:50.0875 0x16fc  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:25:50.0875 0x16fc  ws2ifsl - ok
09:25:50.0922 0x16fc  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
09:25:50.0937 0x16fc  wscsvc - ok
09:25:50.0937 0x16fc  WSearch - ok
09:25:51.0078 0x16fc  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:25:51.0203 0x16fc  wuauserv - ok
09:25:51.0234 0x16fc  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:25:51.0281 0x16fc  WudfPf - ok
09:25:51.0312 0x16fc  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:25:51.0327 0x16fc  WUDFRd - ok
09:25:51.0374 0x16fc  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:25:51.0374 0x16fc  wudfsvc - ok
09:25:51.0405 0x16fc  [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
09:25:51.0405 0x16fc  XAudio - ok
09:25:51.0437 0x16fc  [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
09:25:51.0468 0x16fc  XAudioService - ok
09:25:51.0468 0x16fc  ================ Scan global ===============================
09:25:51.0499 0x16fc  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
09:25:51.0546 0x16fc  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
09:25:51.0593 0x16fc  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
09:25:51.0671 0x16fc  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
09:25:51.0686 0x16fc  [ Global ] - ok
09:25:51.0686 0x16fc  ================ Scan MBR ==================================
09:25:51.0702 0x16fc  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
09:25:52.0185 0x16fc  \Device\Harddisk0\DR0 - ok
09:25:52.0185 0x16fc  ================ Scan VBR ==================================
09:25:52.0185 0x16fc  [ 9D26EA7E9A461B8459AB045639BF7709 ] \Device\Harddisk0\DR0\Partition1
09:25:52.0232 0x16fc  \Device\Harddisk0\DR0\Partition1 - ok
09:25:52.0232 0x16fc  [ 16AB93066FEAE188BA9FB7978F205B13 ] \Device\Harddisk0\DR0\Partition2
09:25:52.0263 0x16fc  \Device\Harddisk0\DR0\Partition2 - ok
09:25:52.0263 0x16fc  ================ Scan generic autorun ======================
09:25:52.0326 0x16fc  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
09:25:52.0388 0x16fc  Windows Defender - ok
09:25:52.0653 0x16fc  [ D93985F5D87DF1A119E939EADB5C4B9E, EA9E22A5A23157B5F456A24F3700C9A4011726ABDC0105DE85C2F7DE16634C5F ] C:\Windows\RtHDVCpl.exe
09:25:52.0872 0x16fc  RtHDVCpl - ok
09:25:52.0919 0x16fc  [ 9A4322EE420D6FACD4D4B1FF6CB856B1, 527BF61885161B8D93C317CAC1FC8B8A709F0D4AF3599A000C82FE861D6019EF ] c:\hp\support\hpsysdrv.exe
09:25:52.0919 0x16fc  hpsysdrv - ok
09:25:52.0950 0x16fc  [ EF4FF93786AE65DD307FCADABCD087CA, FBBA58FFC424813AE109934E7F80B284ECE6A8C8AE7A038BD0796F93A790575D ] C:\Windows\system32\igfxtray.exe
09:25:52.0950 0x16fc  IgfxTray - ok
09:25:52.0981 0x16fc  [ E0913BFFE047972BAA72AC3AE608E24D, E2A8BBA7B0E688327FD3BAA2138002EB0F842FFA55DE033559D6D96C64154DC0 ] C:\Windows\system32\hkcmd.exe
09:25:52.0981 0x16fc  HotKeysCmds - ok
09:25:52.0997 0x16fc  [ 83591BC9E3328F5BACCF487CD12414EB, 930DC85C2BD3E300E88F87327AFBF5A4391AD2112315DA62A329B37408DBCC6F ] C:\Windows\system32\igfxpers.exe
09:25:52.0997 0x16fc  Persistence - ok
09:25:52.0997 0x16fc  HP Health Check Scheduler - ok
09:25:53.0059 0x16fc  [ 689C6EA7A17B3AE0F2A0151465EF311E, 58DEA4E4F845D334CBFFA8896D17E97BFEAB08814D650B46353A5FA95808ED7C ] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
09:25:53.0075 0x16fc  SunJavaUpdateSched - ok
09:25:53.0121 0x16fc  [ 8B9145D229D4E89D15ACB820D4A3A90F, F3831D9AE752B6AFBD3380E0BC849E4B051D6E06A88C1F61293A6DE4F66794E1 ] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
09:25:53.0121 0x16fc  Adobe Reader Speed Launcher - ok
09:25:53.0153 0x16fc  [ B93C4070F24E46B0097648C276B5039E, 5113AAB400D456A5C11EF47E40755755F227BB4A7134C0E2C81F6199C896BD98 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
09:25:53.0153 0x16fc  HP Software Update - ok
09:25:53.0215 0x16fc  [ FF473648E7B1B37C7F3249A6549FAC72, 632825038F5975415D129CCB84682243360821857D250D7827E21A08DE855BCC ] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
09:25:53.0215 0x16fc  hpqSRMon - ok
09:25:53.0309 0x16fc  [ BD18FB44B14911F41CA8695928C9D9A8, 0ADE31A0196FCAB5301A16529C56E2CDDDDEDAFBAD0112F2AC81B8D16680582F ] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
09:25:53.0355 0x16fc  DVDAgent - ok
09:25:53.0402 0x16fc  [ 9CC83F60C71DAEAFF79971E5D94C11E1, 089C6A3553CCB5807320766F2F166E391960FDD29BBA25831449F03B5036FEC1 ] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
09:25:53.0402 0x16fc  VMonitorVMUVC - ok
09:25:53.0543 0x16fc  [ 9808FB2DD54BDF03EC605881F71C8D64, 5A10B1FF7048C9746E4E9DDA7D0D9F3C649F5CC3C88F2BDA6E2467F661935DA4 ] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
09:25:53.0652 0x16fc  InstaLAN - ok
09:25:53.0917 0x16fc  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
09:25:54.0073 0x16fc  AvastUI.exe - ok
09:25:54.0182 0x16fc  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
09:25:54.0229 0x16fc  Sidebar - ok
09:25:54.0245 0x16fc  WindowsWelcomeCenter - ok
09:25:54.0307 0x16fc  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
09:25:54.0338 0x16fc  Sidebar - ok
09:25:54.0354 0x16fc  WindowsWelcomeCenter - ok
09:25:54.0432 0x16fc  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
09:25:54.0463 0x16fc  Sidebar - ok
09:25:54.0510 0x16fc  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
09:25:54.0510 0x16fc  ehTray.exe - ok
09:25:54.0650 0x16fc  [ CEBB4703FE0A875947E5F0A3A95FE577, 9D9F8F506E1D3C41D576E6BEA11A793447C3CCE5812337C91BE140113801DAFE ] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
09:25:54.0775 0x16fc  AdobeUpdater - ok
09:25:54.0822 0x16fc  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
09:25:54.0837 0x16fc  WMPNSCFG - ok
09:25:54.0837 0x16fc  Waiting for KSN requests completion. In queue: 319
09:25:55.0851 0x16fc  Waiting for KSN requests completion. In queue: 319
09:25:56.0865 0x16fc  Waiting for KSN requests completion. In queue: 319
09:25:58.0020 0x16fc  Win FW state via NFP2: enabled
09:26:00.0812 0x16fc  ============================================================
09:26:00.0812 0x16fc  Scan finished
09:26:00.0812 0x16fc  ============================================================
09:26:00.0828 0x0fec  Detected object count: 0
09:26:00.0828 0x0fec  Actual detected object count: 0
09:26:11.0171 0x0d94  Deinitialize success
 


  • 0

#9
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello, 
 

I did opt to disable Avast

 

OK, no problem. 

 

There seems to be a lot of FRST entries missing from your list of installed programmes. 

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Confirm that you see programmes such as avast!, Malwarebytes, Chrome, etc. 
  • Rerun FRST, ensuring Addition.txt is checked. 
  • Under === Installed Programs ===, confirm you see the aforementioned programmes. If you do, please post the contents of Addition.txt.
  • If you don't, let me know. 

  • 0

#10
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Odd, but I do not see Avast, Malwarebytes or Chrome in the Appwiz listing, though I'm able to run Chrome (still with Avast warning of random websites and Avast is clearly running as well).  (I also don't see them in the Control Panel programs listing for what that's worth).   I've made jpegs from screen captures of the Appwiz results (it took two to capture the whole listing since it was longer than one screen).  Should I post them? 


  • 0

Advertisements


#11
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello, 

 

Appwiz is the same as the listing from your Control Panel. 

Please post the screenshots, and list which programmes appear to be missing. 


  • 0

#12
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Appwizresultsall.jpg I'm currently at home on my computer, so the best that I can do from here is post the screen shot (I stitched the two pictures together into one).  However, I do know that Avast, Malwarebytes and Chrome are all on the computer; I also think that ccleaner should be there as well, because I put that on and ran it last week.   I'm curious about whether the missing programs show up in ccleaner's Uninstall utility, but since I'm home and not at the infected computer at the moment, I'm unable to check.
 
It's possible I won't be able to get back on the infected computer until Saturday (as noted, we're trying to coordinate our two work schedules, which are very different).


  • 0

#13
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Julie, 
 

It's possible I won't be able to get back on the infected computer until Saturday (as noted, we're trying to coordinate our two work schedules, which are very different).

No problem. 

 

Once you have access, please let me know if the programmes appear in CCleaner's Uninstall list, and we'll go from there. 


  • 0

#14
Twins_1997

Twins_1997

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

The programs aren't listed on the CCleaner uninstall list.  However, avastui.exe is listed on the CCleaner start-up list.

 

One other thing that looks unexpected (to this relative novice) is that on the Google Chrome start-up tab in CCleaner, the "avast! on-line security" listing was marked "No" under "Enabled".  I changed it to "Yes", but when I started Chrome, it didn't have any effect on the constant barrage of warning messages.  I have changed it back to "No".


  • 0

#15
LiquidTension

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Julie, 
 
Lets not worry about that for now. Please do the following.
 
STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cndt
    SearchScopes: HKLM - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo....ing}&fr=hp-psdt
    SearchScopes: HKLM - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/w...}&l=dis&o=uscqd
    SearchScopes: HKCU - {146B2238-BBEC-471C-BC30-5DC5DB2BC879} URL = http://search.yahoo....ing}&fr=hp-psdt
    SearchScopes: HKCU - {3643E908-98E6-4AB7-A81E-FA03A71BEB00} URL = http://www.ask.com/w...}&l=dis&o=uscqd
    BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Folder: C:\ProgramData\841eedee619a4b34
    Folder: C:\Program Files\CA
    Folder: C:\Program Files\Adanak
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. If the log is very long, please attach the file.
     

STEP 2
BY4dvz9.png.pagespeed.ce.cpqHQmQDB6.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
xE3feWj5.png.pagespeed.ic.JE3sJIzHrn.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP