WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware or redirecting program [Solved]

Started by morrisoncredit , Nov 09 2013 11:13 AM

This topic is locked

32 replies to this topic

#1 morrisoncredit

New Member

Authentic Member
16 posts

Posted 09 November 2013 - 11:13 AM

I think I have some malware or a redirecting program

OTLlog

OTL logfile created on: 11/9/2013 12:02:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Juanita\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.21 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 42.59% Memory free
6.43 Gb Paging File | 4.50 Gb Available in Paging File | 69.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.32 Gb Total Space | 899.06 Gb Free Space | 96.54% Space Free | Partition Type: NTFS

Computer Name: JUANITADAVIS | User Name: Juanita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Juanita\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QuickBooksMessaging.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe (Intuit Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
PRC - C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe (Pitney Bowes, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe (WareCentral.com)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7950655216951a291ff375b54d5e33fd\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\3ddba003d43c3baa6f75894bd7f27d07\System.Data.Entity.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\dcf2b1a7011858156e5b759de2e5e598\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\877c3d0263392551522f9655dbf747b6\PresentationFramework-SystemXmlLinq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9248a710d7fe2485a557ce5d3cbcf2df\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5f2320d38621eb541713e6cd421c2b8a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\48a294a6ff9cea6b26c38fc8b4f5e3e8\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ee73646032cbb022d16771203727e3b2\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9306fc630870a75ddd23441ad77bdc57\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\99539917f59c4a963afa2e46f9d73a1f\System.Data.OracleClient.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\48576847f23080832be66e93d8e964bf\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\48576847f23080832be66e93d8e964bf\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\4cfa42c8b69a64e192f3255ec900457d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e7d92730b571b31e62c2cf257f04a974\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9a6093eb864d6729de75ec4b955dddb1\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1aea3525c318ac7218966d7b91c52ff1\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\1346fe7d35b70702029e422970db1201\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\Webification.DLL ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\K700.Common\1.0.3.0__089a49f3bff26a22\K700.Common.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_25.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\ReportBridge.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QBMAPILibrary.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QBCompressor.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QB2WPFBridge.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\mbpopup.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\IPDWidgetInterop.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\IPDWidgetBridge.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\htmlhelper.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\FeaturesBridge.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\BackupLib.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\zlib1.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\29c55874e34f9d5cd3ea739262f48adc\System.AddIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\70aac9dff3bdde548962557151c1ff49\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\be74d258a0daa0e11197e1dcb1b3b0b9\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\d9a485330ec2708456134e4a9712a4ab\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Level Quality Watcher) -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (DymoPnpService) -- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\Windows\System32\drivers\aswsp.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (DM150Drv) -- C:\Windows\System32\drivers\DM150Drv.sys (Pitney Bowes)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6032.sys (Intel Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {386D7123-EEF2-4CEC-8A38-FC97E28E1468}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 11 CE 92 97 DC CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {386D7123-EEF2-4CEC-8A38-FC97E28E1468}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{386D7123-EEF2-4CEC-8A38-FC97E28E1468}: "URL" = http://search.condui...0492580713&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3153924.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Connect DLCS Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.startup.homepage: "www.newzjunky.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7Bd6f7ba42-d051-09d5-a953-b09956f39997%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/08 10:35:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/11/08 10:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juanita\AppData\Roaming\Mozilla\Extensions
[2013/11/08 12:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions
[2013/11/08 10:42:41 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}
[2013/11/08 10:39:04 | 000,001,001 | ---- | M] () -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\conduit.xml
[2013/11/08 12:08:13 | 000,002,115 | ---- | M] () -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\MyStart Search.xml
[2013/11/08 10:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/08 10:29:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/08 10:35:55 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.condui...4962911426&UM=2
CHR - Extension: Docs = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! Online Security = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google Wallet = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLSService] "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe" File not found
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PC Meter Connect] C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe (Pitney Bowes, Inc.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff] C:\Program Files\Conduit\CT3310511\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_jonjajmpblmjkhjemkalbddhodlehkfg] C:\Program Files\Conduit\CT3153924\plugins\TBVerifier.dll (Conduit Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.11 24.92.226.12 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFB6D8AE-FD45-42A8-B2C8-C9871D11B4AC}: DhcpNameServer = 24.92.226.11 24.92.226.12 192.168.1.1
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/09 11:55:44 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Deployment
[2013/11/09 11:55:44 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Apps
[2013/11/09 11:51:03 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\WTT NOV 2013
[2013/11/09 09:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/11/09 09:33:48 | 000,047,736 | ---- | C] (Pitney Bowes) -- C:\Windows\System32\drivers\generic.sys
[2013/11/09 09:32:44 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\{C5DFEA20-CA95-4908-9CD4-A301AF5E7BAB}
[2013/11/08 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Diagnostics
[2013/11/08 14:47:31 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Documents\Outlook Files
[2013/11/08 14:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/11/08 14:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/11/08 14:13:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/11/08 14:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/11/08 14:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/11/08 14:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/11/08 14:09:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/11/08 13:15:13 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/11/08 13:13:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/11/08 12:44:48 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\QuickBooks Letter Templates
[2013/11/08 12:26:06 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\LogMeIn Rescue Applet
[2013/11/08 12:08:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013/11/08 12:07:56 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013/11/08 12:07:56 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013/11/08 12:07:56 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013/11/08 12:07:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013/11/08 12:07:54 | 000,027,136 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\System32\ImHttpComm.dll
[2013/11/08 12:07:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT
[2013/11/08 12:05:51 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/11/08 12:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/11/08 12:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/11/08 12:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/08 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\ElevatedDiagnostics
[2013/11/08 11:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
[2013/11/08 11:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/11/08 11:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/11/08 11:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\DYMO
[2013/11/08 11:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\DYMO
[2013/11/08 11:17:31 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Intuit
[2013/11/08 11:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2013/11/08 11:15:23 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Macromedia
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2013/11/08 11:09:27 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Microsoft Help
[2013/11/08 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Xerox
[2013/11/08 11:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SkyDrive
[2013/11/08 11:05:46 | 000,000,000 | R--D | C] -- C:\Users\Juanita\SkyDrive
[2013/11/08 11:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/11/08 11:05:21 | 000,000,000 | ---D | C] -- C:\5853f73ae1f668bddf
[2013/11/08 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\HP
[2013/11/08 10:56:56 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/11/08 10:56:56 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/08 10:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pitney Bowes
[2013/11/08 10:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pitney Bowes
[2013/11/08 10:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Pitney Bowes
[2013/11/08 10:48:37 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\Windows\System32\AdpeakProxy.dll
[2013/11/08 10:48:36 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Download Manager
[2013/11/08 10:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Akamai
[2013/11/08 10:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintKey-Pro
[2013/11/08 10:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Warecentral
[2013/11/08 10:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/11/08 10:43:14 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Conduit
[2013/11/08 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\NativeMessaging
[2013/11/08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\CRE
[2013/11/08 10:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/11/08 10:40:24 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Wajam
[2013/11/08 10:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/11/08 10:40:18 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/08 10:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/11/08 10:39:07 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\SearchProtect
[2013/11/08 10:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/08 10:38:09 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\AVAST Software
[2013/11/08 10:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/08 10:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/08 10:36:07 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Google
[2013/11/08 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/11/08 10:35:58 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/08 10:35:57 | 000,774,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/08 10:35:57 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2013/11/08 10:35:57 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/08 10:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/11/08 10:35:56 | 000,079,720 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/08 10:35:56 | 000,035,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/08 10:35:55 | 000,269,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/08 10:35:53 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/08 10:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/11/08 10:35:13 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2013/11/08 10:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/08 10:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2013/11/08 10:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 11
[2013/11/08 10:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2013/11/08 10:31:48 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Malwarebytes
[2013/11/08 10:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/08 10:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/08 10:31:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/08 10:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/08 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/11/08 10:31:29 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Programs
[2013/11/08 10:31:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Macromedia
[2013/11/08 10:31:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Adobe
[2013/11/08 10:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2013/11/08 10:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/11/08 10:29:43 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Mozilla
[2013/11/08 10:29:43 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Mozilla
[2013/11/08 10:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/11/08 10:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/08 10:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/08 10:25:10 | 000,000,000 | ---D | C] -- C:\Windows\Intuit
[2013/11/08 10:25:03 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Sanford,_L.P
[2013/11/08 10:24:46 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Documents\DYMO Label
[2013/11/08 10:24:46 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\DYMO
[2013/11/08 10:18:15 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013/11/08 10:18:15 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013/11/08 10:18:09 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013/11/08 10:18:09 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013/11/08 10:18:09 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013/11/08 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\VirtualStore
[2013/11/08 10:17:25 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013/11/08 10:17:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\AppData\Local\Temporary Internet Files
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Templates
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Start Menu
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\SendTo
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Recent
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\PrintHood
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\NetHood
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Documents\My Videos
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Documents\My Pictures
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Documents\My Music
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\My Documents
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Local Settings
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\AppData\Local\History
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Cookies
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Application Data
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\AppData\Local\Application Data
[2013/11/08 10:17:21 | 000,000,000 | -H-D | C] -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Temp
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Microsoft
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\InstallShield
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Identities
[2013/11/08 10:17:20 | 000,000,000 | --SD | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Videos
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Searches
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Saved Games
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Pictures
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Music
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Links
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Favorites
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Downloads
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Documents
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Desktop
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Contacts
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/08 10:17:20 | 000,000,000 | -H-D | C] -- C:\Users\Juanita\AppData
[2013/11/08 10:17:05 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/11/06 18:34:58 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Stationery
[2013/11/06 18:34:54 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Quickbooks Customer Letters
[2013/11/06 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Juanita's Letters
[2013/11/06 18:34:10 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Juanita's Documents
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/09 11:41:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/09 11:40:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2013/11/09 11:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/09 10:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/09 10:35:52 | 000,021,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 10:35:52 | 000,021,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 10:32:56 | 000,662,718 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/09 10:32:56 | 000,122,016 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/09 10:28:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/09 10:28:16 | 2588,626,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/08 14:58:16 | 000,391,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/08 14:43:30 | 000,001,112 | ---- | M] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/11/08 14:28:54 | 000,003,029 | ---- | M] () -- C:\Users\Juanita\Desktop\Email.lnk
[2013/11/08 14:27:24 | 000,000,112 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/11/08 13:16:39 | 000,041,450 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013/11/08 12:10:50 | 000,000,000 | ---- | M] () -- C:\END
[2013/11/08 12:05:51 | 000,001,233 | ---- | M] () -- C:\Users\Juanita\Desktop\Revo Uninstaller.lnk
[2013/11/08 11:27:27 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2013/11/08 11:27:27 | 000,002,292 | ---- | M] () -- C:\Users\Public\Desktop\Intuit QuickBooks Enterprise Solutions - Retail Edition 12.0.lnk
[2013/11/08 11:27:27 | 000,002,198 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2013/11/08 11:27:27 | 000,002,114 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2013/11/08 11:27:27 | 000,001,307 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
[2013/11/08 11:15:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/11/08 11:15:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/08 11:02:06 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/11/08 10:58:59 | 000,222,632 | ---- | M] () -- C:\Windows\MSUIGHUR.tt2
[2013/11/08 10:58:31 | 000,094,064 | ---- | M] () -- C:\Windows\LEELAWAD.tt2
[2013/11/08 10:58:31 | 000,093,836 | ---- | M] () -- C:\Windows\LEELAWDB.tt2
[2013/11/08 10:55:03 | 000,002,236 | ---- | M] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/08 10:43:27 | 000,002,663 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrintKey-Pro.lnk
[2013/11/08 10:43:11 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2013/11/08 10:39:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/08 10:36:53 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/08 10:35:54 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/08 10:35:54 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/08 10:35:54 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/08 10:35:54 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/08 10:35:54 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/08 10:35:54 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/08 10:35:54 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/08 10:35:53 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/08 10:35:53 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/08 10:29:39 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/08 10:26:30 | 000,001,418 | ---- | M] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/06 19:15:30 | 000,000,288 | ---- | M] () -- C:\Users\Juanita\Desktop\Credit reports.url
[2013/11/06 15:59:36 | 000,000,154 | ---- | M] () -- C:\Users\Juanita\Desktop\Flexsteel.URL
[2013/11/05 11:28:52 | 000,000,304 | ---- | M] () -- C:\Users\Juanita\Desktop\GE Site.URL
[2013/10/16 10:18:44 | 000,338,944 | ---- | M] (Adpeak, Inc.) -- C:\Windows\System32\AdpeakProxy.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/08 14:28:54 | 000,003,029 | ---- | C] () -- C:\Users\Juanita\Desktop\Email.lnk
[2013/11/08 12:05:51 | 000,001,233 | ---- | C] () -- C:\Users\Juanita\Desktop\Revo Uninstaller.lnk
[2013/11/08 11:18:09 | 000,002,292 | ---- | C] () -- C:\Users\Public\Desktop\Intuit QuickBooks Enterprise Solutions - Retail Edition 12.0.lnk
[2013/11/08 11:16:07 | 000,002,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2013/11/08 11:16:07 | 000,002,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2013/11/08 11:16:07 | 000,002,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2013/11/08 11:16:07 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
[2013/11/08 11:05:46 | 000,002,135 | ---- | C] () -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013/11/08 11:02:06 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/11/08 10:59:17 | 000,222,632 | ---- | C] () -- C:\Windows\MSUIGHUR.tt2
[2013/11/08 10:59:16 | 000,094,064 | ---- | C] () -- C:\Windows\LEELAWAD.tt2
[2013/11/08 10:59:16 | 000,093,836 | ---- | C] () -- C:\Windows\LEELAWDB.tt2
[2013/11/08 10:56:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/08 10:43:38 | 000,000,000 | ---- | C] () -- C:\END
[2013/11/08 10:43:27 | 000,002,663 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrintKey-Pro.lnk
[2013/11/08 10:40:41 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Dealply.job
[2013/11/08 10:39:19 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/08 10:36:53 | 000,002,236 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/08 10:36:53 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/08 10:36:12 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/08 10:36:11 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/08 10:35:58 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/08 10:35:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/08 10:33:41 | 000,000,112 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/11/08 10:29:39 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/08 10:29:39 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/08 10:26:30 | 000,001,418 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/08 10:25:19 | 000,001,112 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/11/08 10:18:10 | 000,001,424 | ---- | C] () -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/08 10:17:22 | 000,000,290 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/08 10:17:22 | 000,000,272 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/06 18:38:04 | 000,000,288 | ---- | C] () -- C:\Users\Juanita\Desktop\Credit reports.url
[2013/11/06 18:38:00 | 000,000,338 | ---- | C] () -- C:\Users\Juanita\Desktop\Wells Fargo.url
[2013/11/06 18:37:54 | 000,000,222 | ---- | C] () -- C:\Users\Juanita\Desktop\Pioneer.url
[2013/11/06 18:37:50 | 000,000,304 | ---- | C] () -- C:\Users\Juanita\Desktop\GE Site.URL
[2013/11/06 18:36:15 | 000,000,154 | ---- | C] () -- C:\Users\Juanita\Desktop\Flexsteel.URL
[2013/11/06 18:36:02 | 000,318,021 | ---- | C] () -- C:\Users\Juanita\Desktop\thats-news10now-right-.jpg
[2013/11/06 18:35:50 | 000,000,540 | ---- | C] () -- C:\Users\Juanita\Desktop\Welcome To AshleyDirect.com.url
[2013/11/06 18:35:44 | 000,000,329 | ---- | C] () -- C:\Users\Juanita\Desktop\WLTW-FM Player.url
[2013/11/06 18:35:39 | 000,000,193 | ---- | C] () -- C:\Users\Juanita\Desktop\La-Z-Boy Partner Portal.url
[2013/05/31 05:31:00 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2013/05/31 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2013/05/31 05:30:58 | 000,000,186 | ---- | C] () -- C:\Windows\System32\Gsw32.exe.config

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 16:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/08 10:38:09 | 000,000,000 | ---D | M] -- C:\Users\Juanita\AppData\Roaming\AVAST Software
[2013/11/08 12:24:53 | 000,000,000 | ---D | M] -- C:\Users\Juanita\AppData\Roaming\SearchProtect
[2013/11/08 11:08:57 | 000,000,000 | ---D | M] -- C:\Users\Juanita\AppData\Roaming\Xerox

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009/07/13 23:53:46 | 000,006,400 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/13 23:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/11/08 10:36:11 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/11/08 10:36:12 | 000,000,888 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/11/08 10:40:41 | 000,000,298 | ---- | C] () -- C:\Windows\Tasks\Dealply.job
[2013/11/08 10:56:57 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2010/11/20 19:38:36 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2010/11/20 19:38:36 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 16:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 16:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2013/11/08 12:07:48 | 000,052,392 | ---- | M] () MD5=044DD9DC2BE5DDF33729EB9F7C6C1D37 -- C:\Windows\Temp\cf78bb16-4909-4fb2-bf2b-7f8e1814a556\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\f2f739a8d939cb0fdc769a3446af420a\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\f2f739a8d939cb0fdc769a3446af420a\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2010/11/20 19:38:27 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/20 19:38:27 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui

< MD5 for: IEXPLORE.EXE >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2010/11/20 16:29:33 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/11/20 16:29:33 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2013/11/09 11:34:40 | 000,216,228 | ---- | M] () MD5=BDECBDF8C06A60FED25FE1CA7D379A89 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

< MD5 for: SERVICES >
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CSS >
[2013/05/31 05:28:28 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\Components\Services\services.css

< MD5 for: SERVICES.EXE >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/20 19:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2010/11/20 19:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/20 19:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2010/11/20 19:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: WINLOGON.ADML >
[2010/11/20 19:38:36 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2010/11/20 19:38:36 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 16:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/10 16:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 19:38:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2010/11/20 19:38:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2010/11/20 19:38:26 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
[2010/11/20 19:38:26 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 15:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009/07/13 15:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/11/08 12:10:50 | 000,000,000 | ---- | M] () -- C:\END
[2013/11/09 10:28:16 | 2588,626,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/08 12:12:57 | 000,001,927 | ---- | M] () -- C:\logFileUI.txt
[2013/11/09 10:28:20 | 3451,506,688 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 16:29:21 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll
[2009/07/24 15:51:22 | 000,033,280 | ---- | M] (Xerox Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\x5pp.dll
[2009/07/24 15:51:22 | 000,011,264 | ---- | M] (Xerox Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\x5print.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2013/11/08 10:35:53 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2013/11/09 09:30:26 | 000,065,198 | RHS- | M] () -- C:\Program Files\DLS8Uninstall.log
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Windows
Volume Serial Number is 2225-4629
Directory of C:\
07/13/2009 11:53 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
07/13/2009 11:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009 11:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
07/13/2009 11:53 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009 11:53 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
07/13/2009 11:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009 11:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default
07/13/2009 11:53 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:53 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:53 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009 11:53 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:53 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:53 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:53 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:53 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:53 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:53 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:53 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009 11:53 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:53 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Juanita
11/08/2013 10:17 AM    <JUNCTION>     Application Data [C:\Users\Juanita\AppData\Roaming]
11/08/2013 10:17 AM    <JUNCTION>     Cookies [C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Cookies]
11/08/2013 10:17 AM    <JUNCTION>     Local Settings [C:\Users\Juanita\AppData\Local]
11/08/2013 10:17 AM    <JUNCTION>     My Documents [C:\Users\Juanita\Documents]
11/08/2013 10:17 AM    <JUNCTION>     NetHood [C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/08/2013 10:17 AM    <JUNCTION>     PrintHood [C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/08/2013 10:17 AM    <JUNCTION>     Recent [C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Recent]
11/08/2013 10:17 AM    <JUNCTION>     SendTo [C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\SendTo]
11/08/2013 10:17 AM    <JUNCTION>     Start Menu [C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu]
11/08/2013 10:17 AM    <JUNCTION>     Templates [C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Juanita\AppData\Local
11/08/2013 10:17 AM    <JUNCTION>     Application Data [C:\Users\Juanita\AppData\Local]
11/08/2013 10:17 AM    <JUNCTION>     History [C:\Users\Juanita\AppData\Local\Microsoft\Windows\History]
11/08/2013 10:17 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Juanita\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Juanita\Documents
11/08/2013 10:17 AM    <JUNCTION>     My Music [C:\Users\Juanita\Music]
11/08/2013 10:17 AM    <JUNCTION>     My Pictures [C:\Users\Juanita\Pictures]
11/08/2013 10:17 AM    <JUNCTION>     My Videos [C:\Users\Juanita\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:53 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009 11:53 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:53 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              50 Dir(s) 965,345,329,152 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/11/08 10:26:30 | 000,000,221 | -HS- | M] () -- C:\Users\Juanita\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-11-08 15:35:57

< End of report >

Advertisements

Register to Remove

#2 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 11 November 2013 - 08:15 PM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

Is this a business computer by chance?

#3 morrisoncredit

New Member

Authentic Member
16 posts

Posted 12 November 2013 - 05:06 PM

Thanks for offering to help. Yes,this is a business computer

#4 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 13 November 2013 - 07:16 AM

Hi,

Ok thanks for letting me know.

Per our Terms of Use

We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.

I appreciate your understanding.

#5 morrisoncredit

New Member

Authentic Member
16 posts

Posted 13 November 2013 - 07:54 AM

Like we have a huge IT Department? lol

#6 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 13 November 2013 - 08:01 AM

Is this your business that you own by chance?

#7 morrisoncredit

New Member

Authentic Member
16 posts

Posted 13 November 2013 - 11:00 PM

Yes, me and my wife.....2 other employees

#8 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 14 November 2013 - 06:39 AM

Well...since it is your business you can give me authorization to help. Would you like to continue? If so, please run a new Quick Scan with OTL and then post the OTL.txt log that is made and also do the following...

AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------

Please download TDSSKiller

Double click TDSSKiller.exe
Press Start Scan but do nothing else as we are just looking for what is there.
If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
Attach the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

#9 morrisoncredit

New Member

Authentic Member
16 posts

Posted 14 November 2013 - 09:59 AM

Thanks for agreeing to help

OTL Log

OTL logfile created on: 11/14/2013 10:47:17 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Juanita\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.21 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 50.53% Memory free
6.43 Gb Paging File | 4.85 Gb Available in Paging File | 75.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.32 Gb Total Space | 895.65 Gb Free Space | 96.17% Space Free | Partition Type: NTFS

Computer Name: JUANITADAVIS | User Name: Juanita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Juanita\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QuickBooksMessaging.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe (Intuit Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe (Pitney Bowes, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\852d4e77392caa8f01b457e4cedabda0\System.Data.Entity.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\72843576b9bfad66be46d6eb445b76fa\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\f16e993b7058b005bbf273007fadf95b\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\d187afdee972b70222b76bd6aed1f742\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\9010845c58c17f145b3e39c2d28c4869\PresentationFramework-SystemXmlLinq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\3f6a555d6e496cadcb5d0f0cb418fd1f\System.Data.OracleClient.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ddcfc6e9c3d42f0e3784efa7860a3bcd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ddcfc6e9c3d42f0e3784efa7860a3bcd\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\605819a62c5c969ebaf14b76bf17264a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f4fff5d6e716c439b944025d3994170d\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\5b44a8db5b70143f27fb695b5f72930d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5e398839c6c34ac39e3c79494554258e\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\8c2c0edefb95b0c813ddbdb95fc733be\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c5db04fde4893300ff28045ce4f7567d\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\489734eaabeb7c2b90923a1c0ae9431f\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cceaf9d7891fc325a90473aa9a661661\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\be5f0f2e208bbb3c647acfbc33434251\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\18e76c3868d682a7c065bccd142eeec1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7dd4cd3e4768d2aa55af60c838790088\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d913e7d0b1d32187e0c234f8a1a581fc\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\edb27e2c25837f79902054965d6813cd\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c4ae805ff0a785d6373936ba46340150\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\Webification.DLL ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\K700.Common\1.0.3.0__089a49f3bff26a22\K700.Common.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}\components\SmartbarFireFoxRemotePlugin_25.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\ReportBridge.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QBMAPILibrary.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QBCompressor.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\QB2WPFBridge.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\mbpopup.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\IPDWidgetInterop.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\IPDWidgetBridge.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\htmlhelper.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\FeaturesBridge.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\BackupLib.dll ()
MOD - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

========== Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Level Quality Watcher) -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (DymoPnpService) -- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\Windows\System32\drivers\aswsp.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (DM150Drv) -- C:\Windows\System32\drivers\DM150Drv.sys (Pitney Bowes)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6032.sys (Intel Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {386D7123-EEF2-4CEC-8A38-FC97E28E1468}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 11 CE 92 97 DC CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {386D7123-EEF2-4CEC-8A38-FC97E28E1468}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{386D7123-EEF2-4CEC-8A38-FC97E28E1468}: "URL" = http://search.condui...0492580713&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3153924.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Connect DLCS Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.startup.homepage: "www.newzjunky.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7Bd6f7ba42-d051-09d5-a953-b09956f39997%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/08 10:35:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/11/08 10:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juanita\AppData\Roaming\Mozilla\Extensions
[2013/11/09 14:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions
[2013/11/08 10:42:41 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\extensions\{d6f7ba42-d051-09d5-a953-b09956f39997}
[2013/11/08 10:39:04 | 000,001,001 | ---- | M] () -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\conduit.xml
[2013/11/08 12:08:13 | 000,002,115 | ---- | M] () -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\MyStart Search.xml
[2013/11/08 10:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/08 10:29:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/08 10:35:55 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3310511&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...962911426&UM=2,
CHR - Extension: No name found = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: No name found = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PC Meter Connect] C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe (Pitney Bowes, Inc.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFB6D8AE-FD45-42A8-B2C8-C9871D11B4AC}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 12.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/11 13:09:12 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Documents\PrintScreen Files
[2013/11/11 13:09:12 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
[2013/11/11 13:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
[2013/11/11 13:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2013/11/11 07:48:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2013/11/09 12:22:19 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\assembly
[2013/11/09 11:55:44 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Deployment
[2013/11/09 11:55:44 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Apps
[2013/11/09 11:51:03 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\WTT NOV 2013
[2013/11/09 09:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/11/09 09:33:48 | 000,047,736 | ---- | C] (Pitney Bowes) -- C:\Windows\System32\drivers\generic.sys
[2013/11/09 09:32:44 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\{C5DFEA20-CA95-4908-9CD4-A301AF5E7BAB}
[2013/11/08 14:55:57 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Diagnostics
[2013/11/08 14:47:31 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Documents\Outlook Files
[2013/11/08 14:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/11/08 14:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/11/08 14:13:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/11/08 14:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/11/08 14:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/11/08 14:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/11/08 14:09:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/11/08 13:13:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/11/08 12:44:48 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\QuickBooks Letter Templates
[2013/11/08 12:26:06 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\LogMeIn Rescue Applet
[2013/11/08 12:08:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013/11/08 12:07:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013/11/08 12:07:54 | 000,027,136 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\System32\ImHttpComm.dll
[2013/11/08 12:07:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT
[2013/11/08 12:05:51 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/11/08 12:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/11/08 12:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/11/08 12:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/08 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\ElevatedDiagnostics
[2013/11/08 11:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
[2013/11/08 11:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/11/08 11:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/11/08 11:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\DYMO
[2013/11/08 11:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\DYMO
[2013/11/08 11:17:31 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Intuit
[2013/11/08 11:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
[2013/11/08 11:15:23 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Macromedia
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Intuit
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2013/11/08 11:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2013/11/08 11:09:27 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Microsoft Help
[2013/11/08 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Xerox
[2013/11/08 11:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SkyDrive
[2013/11/08 11:05:46 | 000,000,000 | R--D | C] -- C:\Users\Juanita\SkyDrive
[2013/11/08 11:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/11/08 11:05:21 | 000,000,000 | ---D | C] -- C:\5853f73ae1f668bddf
[2013/11/08 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\HP
[2013/11/08 10:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pitney Bowes
[2013/11/08 10:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Pitney Bowes
[2013/11/08 10:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Pitney Bowes
[2013/11/08 10:48:37 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\Windows\System32\AdpeakProxy.dll
[2013/11/08 10:48:36 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Download Manager
[2013/11/08 10:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Akamai
[2013/11/08 10:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/11/08 10:43:14 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Conduit
[2013/11/08 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\NativeMessaging
[2013/11/08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\CRE
[2013/11/08 10:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/11/08 10:40:24 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Wajam
[2013/11/08 10:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/11/08 10:40:18 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/08 10:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/11/08 10:39:07 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\SearchProtect
[2013/11/08 10:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/08 10:38:09 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\AVAST Software
[2013/11/08 10:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/08 10:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/08 10:36:07 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Google
[2013/11/08 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/11/08 10:35:58 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/08 10:35:57 | 000,774,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/08 10:35:57 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2013/11/08 10:35:57 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/08 10:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/11/08 10:35:56 | 000,079,720 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/08 10:35:56 | 000,035,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/08 10:35:55 | 000,269,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/08 10:35:53 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/08 10:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/11/08 10:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/08 10:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2013/11/08 10:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 11
[2013/11/08 10:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\COMMON FILES
[2013/11/08 10:31:48 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Malwarebytes
[2013/11/08 10:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/08 10:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/08 10:31:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/08 10:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/08 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/11/08 10:31:29 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Programs
[2013/11/08 10:31:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Macromedia
[2013/11/08 10:31:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Adobe
[2013/11/08 10:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2013/11/08 10:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/11/08 10:29:43 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Mozilla
[2013/11/08 10:29:43 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Mozilla
[2013/11/08 10:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/11/08 10:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/08 10:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/08 10:25:10 | 000,000,000 | ---D | C] -- C:\Windows\Intuit
[2013/11/08 10:25:03 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Sanford,_L.P
[2013/11/08 10:24:46 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Documents\DYMO Label
[2013/11/08 10:24:46 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\DYMO
[2013/11/08 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\VirtualStore
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\AppData\Local\Temporary Internet Files
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Templates
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Start Menu
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\SendTo
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Recent
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\PrintHood
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\NetHood
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Documents\My Videos
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Documents\My Pictures
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Documents\My Music
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\My Documents
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Local Settings
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\AppData\Local\History
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Cookies
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\Application Data
[2013/11/08 10:17:25 | 000,000,000 | -HSD | C] -- C:\Users\Juanita\AppData\Local\Application Data
[2013/11/08 10:17:21 | 000,000,000 | -H-D | C] -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Temp
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Microsoft
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\InstallShield
[2013/11/08 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\Identities
[2013/11/08 10:17:20 | 000,000,000 | --SD | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Videos
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Searches
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Saved Games
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Pictures
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Music
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Links
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Favorites
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Downloads
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Documents
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Desktop
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\Contacts
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/08 10:17:20 | 000,000,000 | R--D | C] -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/08 10:17:20 | 000,000,000 | -H-D | C] -- C:\Users\Juanita\AppData
[2013/11/08 10:17:05 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/11/06 18:34:58 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Stationery
[2013/11/06 18:34:54 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Quickbooks Customer Letters
[2013/11/06 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Juanita's Letters
[2013/11/06 18:34:10 | 000,000,000 | ---D | C] -- C:\Users\Juanita\Desktop\Juanita's Documents
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/14 10:41:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/14 10:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/14 10:40:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2013/11/14 10:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/14 07:50:11 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 07:50:11 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 07:49:05 | 000,663,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/14 07:49:05 | 000,122,524 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/14 07:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/14 07:42:35 | 2588,626,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 08:45:35 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/11 13:09:12 | 000,001,185 | ---- | M] () -- C:\Users\Juanita\Desktop\Gadwin PrintScreen.lnk
[2013/11/11 07:50:08 | 000,391,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/09 16:09:39 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/08 14:43:30 | 000,001,112 | ---- | M] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/11/08 14:28:54 | 000,003,029 | ---- | M] () -- C:\Users\Juanita\Desktop\Email.lnk
[2013/11/08 14:27:24 | 000,000,112 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/11/08 13:16:39 | 000,041,450 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013/11/08 12:10:50 | 000,000,000 | ---- | M] () -- C:\END
[2013/11/08 12:05:51 | 000,001,233 | ---- | M] () -- C:\Users\Juanita\Desktop\Revo Uninstaller.lnk
[2013/11/08 11:27:27 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2013/11/08 11:27:27 | 000,002,292 | ---- | M] () -- C:\Users\Public\Desktop\Intuit QuickBooks Enterprise Solutions - Retail Edition 12.0.lnk
[2013/11/08 11:27:27 | 000,002,198 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2013/11/08 11:27:27 | 000,002,114 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2013/11/08 11:27:27 | 000,001,307 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
[2013/11/08 11:02:06 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/11/08 10:58:59 | 000,222,632 | ---- | M] () -- C:\Windows\MSUIGHUR.tt2
[2013/11/08 10:58:31 | 000,094,064 | ---- | M] () -- C:\Windows\LEELAWAD.tt2
[2013/11/08 10:58:31 | 000,093,836 | ---- | M] () -- C:\Windows\LEELAWDB.tt2
[2013/11/08 10:55:03 | 000,002,236 | ---- | M] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/08 10:43:11 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2013/11/08 10:39:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/08 10:35:54 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/08 10:35:54 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/08 10:35:54 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/11/08 10:35:54 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/08 10:35:54 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/08 10:35:54 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/08 10:35:54 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/08 10:35:53 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/08 10:35:53 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/08 10:29:39 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/08 10:26:30 | 000,001,418 | ---- | M] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/06 19:15:30 | 000,000,288 | ---- | M] () -- C:\Users\Juanita\Desktop\Credit reports.url
[2013/11/06 15:59:36 | 000,000,154 | ---- | M] () -- C:\Users\Juanita\Desktop\Flexsteel.URL
[2013/11/05 11:28:52 | 000,000,304 | ---- | M] () -- C:\Users\Juanita\Desktop\GE Site.URL
[2013/10/16 10:18:44 | 000,338,944 | ---- | M] (Adpeak, Inc.) -- C:\Windows\System32\AdpeakProxy.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/11 13:09:12 | 000,001,185 | ---- | C] () -- C:\Users\Juanita\Desktop\Gadwin PrintScreen.lnk
[2013/11/09 16:31:18 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/11/09 16:09:39 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/09 08:07:16 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/11/08 14:28:54 | 000,003,029 | ---- | C] () -- C:\Users\Juanita\Desktop\Email.lnk
[2013/11/08 12:05:51 | 000,001,233 | ---- | C] () -- C:\Users\Juanita\Desktop\Revo Uninstaller.lnk
[2013/11/08 11:18:09 | 000,002,292 | ---- | C] () -- C:\Users\Public\Desktop\Intuit QuickBooks Enterprise Solutions - Retail Edition 12.0.lnk
[2013/11/08 11:16:07 | 000,002,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2013/11/08 11:16:07 | 000,002,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2013/11/08 11:16:07 | 000,002,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2013/11/08 11:16:07 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
[2013/11/08 11:05:46 | 000,002,135 | ---- | C] () -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013/11/08 11:02:06 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/11/08 10:59:17 | 000,222,632 | ---- | C] () -- C:\Windows\MSUIGHUR.tt2
[2013/11/08 10:59:16 | 000,094,064 | ---- | C] () -- C:\Windows\LEELAWAD.tt2
[2013/11/08 10:59:16 | 000,093,836 | ---- | C] () -- C:\Windows\LEELAWDB.tt2
[2013/11/08 10:56:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/08 10:43:38 | 000,000,000 | ---- | C] () -- C:\END
[2013/11/08 10:40:41 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\Dealply.job
[2013/11/08 10:39:19 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/08 10:36:53 | 000,002,236 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/08 10:36:53 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/08 10:36:12 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/08 10:36:11 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/08 10:35:58 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/08 10:35:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/08 10:33:41 | 000,000,112 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/11/08 10:29:39 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/08 10:29:39 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/08 10:26:30 | 000,001,418 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/08 10:25:19 | 000,001,112 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/11/08 10:18:10 | 000,001,424 | ---- | C] () -- C:\Users\Juanita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/08 10:17:22 | 000,000,290 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/08 10:17:22 | 000,000,272 | ---- | C] () -- C:\Users\Juanita\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/06 18:38:04 | 000,000,288 | ---- | C] () -- C:\Users\Juanita\Desktop\Credit reports.url
[2013/11/06 18:38:00 | 000,000,338 | ---- | C] () -- C:\Users\Juanita\Desktop\Wells Fargo.url
[2013/11/06 18:37:54 | 000,000,222 | ---- | C] () -- C:\Users\Juanita\Desktop\Pioneer.url
[2013/11/06 18:37:50 | 000,000,304 | ---- | C] () -- C:\Users\Juanita\Desktop\GE Site.URL
[2013/11/06 18:36:15 | 000,000,154 | ---- | C] () -- C:\Users\Juanita\Desktop\Flexsteel.URL
[2013/11/06 18:36:02 | 000,318,021 | ---- | C] () -- C:\Users\Juanita\Desktop\thats-news10now-right-.jpg
[2013/11/06 18:35:50 | 000,000,540 | ---- | C] () -- C:\Users\Juanita\Desktop\Welcome To AshleyDirect.com.url
[2013/11/06 18:35:44 | 000,000,329 | ---- | C] () -- C:\Users\Juanita\Desktop\WLTW-FM Player.url
[2013/11/06 18:35:39 | 000,000,193 | ---- | C] () -- C:\Users\Juanita\Desktop\La-Z-Boy Partner Portal.url
[2013/05/31 05:31:00 | 000,667,280 | ---- | C] () -- C:\Windows\System32\tx12.dll
[2013/05/31 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini
[2013/05/31 05:30:58 | 000,000,186 | ---- | C] () -- C:\Windows\System32\Gsw32.exe.config

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/08 10:38:09 | 000,000,000 | ---D | M] -- C:\Users\Juanita\AppData\Roaming\AVAST Software
[2013/11/08 12:24:53 | 000,000,000 | ---D | M] -- C:\Users\Juanita\AppData\Roaming\SearchProtect
[2013/11/08 11:08:57 | 000,000,000 | ---D | M] -- C:\Users\Juanita\AppData\Roaming\Xerox

========== Purity Check ==========

< End of report >

TDSS Killer Log

10:53:10.0858 0x1528 TDSS rootkit removing tool 3.0.0.17 Nov 12 2013 19:54:52
10:53:15.0983 0x1528 ============================================================
10:53:15.0983 0x1528 Current date / time: 2013/11/14 10:53:15.0983
10:53:15.0983 0x1528 SystemInfo:
10:53:15.0983 0x1528
10:53:15.0983 0x1528 OS Version: 6.1.7601 ServicePack: 1.0
10:53:15.0983 0x1528 Product type: Workstation
10:53:15.0983 0x1528 ComputerName: JUANITADAVIS
10:53:15.0987 0x1528 UserName: Juanita
10:53:15.0987 0x1528 Windows directory: C:\Windows
10:53:15.0987 0x1528 System windows directory: C:\Windows
10:53:15.0987 0x1528 Processor architecture: Intel x86
10:53:15.0987 0x1528 Number of processors: 2
10:53:15.0987 0x1528 Page size: 0x1000
10:53:15.0987 0x1528 Boot type: Normal boot
10:53:15.0987 0x1528 ============================================================
10:53:17.0794 0x1528 System UUID: {D33FB2AF-B51C-C552-A5A9-957D1775F85C}
10:53:18.0576 0x1528 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:53:18.0634 0x1528 ============================================================
10:53:18.0634 0x1528 \Device\Harddisk0\DR0:
10:53:18.0634 0x1528 MBR partitions:
10:53:18.0634 0x1528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
10:53:18.0634 0x1528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x746A1800
10:53:18.0634 0x1528 ============================================================
10:53:18.0654 0x1528 C: <-> \Device\Harddisk0\DR0\Partition2
10:53:18.0654 0x1528 ============================================================
10:53:18.0654 0x1528 Initialize success
10:53:18.0654 0x1528 ============================================================
10:53:22.0681 0x1134 ============================================================
10:53:22.0681 0x1134 Scan started
10:53:22.0681 0x1134 Mode: Manual;
10:53:22.0681 0x1134 ============================================================
10:53:22.0681 0x1134 KSN ping started
10:53:25.0299 0x1134 KSN ping finished: true
10:53:25.0840 0x1134 ================ Scan system memory ========================
10:53:25.0840 0x1134 System memory - ok
10:53:25.0840 0x1134 ================ Scan services =============================
10:53:25.0948 0x1134 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:53:25.0953 0x1134 1394ohci - ok
10:53:25.0995 0x1134 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:53:25.0999 0x1134 ACPI - ok
10:53:26.0013 0x1134 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:53:26.0014 0x1134 AcpiPmi - ok
10:53:26.0051 0x1134 [ 5EE42C392D81DF4544E4286EBB231A7A, 49B9F873B75D9260B22ED8AF5CA3096534BD6F0EBDBA504C5B726643DFAAD91E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
10:53:26.0057 0x1134 ADIHdAudAddService - ok
10:53:26.0101 0x1134 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:53:26.0105 0x1134 AdobeFlashPlayerUpdateSvc - ok
10:53:26.0126 0x1134 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:53:26.0134 0x1134 adp94xx - ok
10:53:26.0152 0x1134 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:53:26.0159 0x1134 adpahci - ok
10:53:26.0175 0x1134 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:53:26.0178 0x1134 adpu320 - ok
10:53:26.0193 0x1134 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:53:26.0195 0x1134 AeLookupSvc - ok
10:53:26.0231 0x1134 [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
10:53:26.0237 0x1134 AFD - ok
10:53:26.0252 0x1134 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
10:53:26.0253 0x1134 agp440 - ok
10:53:26.0271 0x1134 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
10:53:26.0273 0x1134 aic78xx - ok
10:53:26.0293 0x1134 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
10:53:26.0294 0x1134 ALG - ok
10:53:26.0308 0x1134 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:53:26.0308 0x1134 aliide - ok
10:53:26.0317 0x1134 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:53:26.0319 0x1134 amdagp - ok
10:53:26.0334 0x1134 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:53:26.0335 0x1134 amdide - ok
10:53:26.0347 0x1134 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:53:26.0349 0x1134 AmdK8 - ok
10:53:26.0357 0x1134 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:53:26.0358 0x1134 AmdPPM - ok
10:53:26.0380 0x1134 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:53:26.0381 0x1134 amdsata - ok
10:53:26.0403 0x1134 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:53:26.0406 0x1134 amdsbs - ok
10:53:26.0413 0x1134 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:53:26.0414 0x1134 amdxata - ok
10:53:26.0429 0x1134 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
10:53:26.0430 0x1134 AppID - ok
10:53:26.0442 0x1134 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:53:26.0443 0x1134 AppIDSvc - ok
10:53:26.0459 0x1134 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
10:53:26.0460 0x1134 Appinfo - ok
10:53:26.0488 0x1134 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:53:26.0491 0x1134 AppMgmt - ok
10:53:26.0509 0x1134 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
10:53:26.0511 0x1134 arc - ok
10:53:26.0520 0x1134 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:53:26.0522 0x1134 arcsas - ok
10:53:26.0592 0x1134 [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:53:26.0593 0x1134 aspnet_state - ok
10:53:26.0620 0x1134 [ A870BC4C7AA159EA95EBB948BC9A9E63, 39463565634FFCED490EBC9AFBC5D38117889FB986B9CDD13D3093E09476874D ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
10:53:26.0622 0x1134 aswFsBlk - ok
10:53:26.0631 0x1134 [ 87DE24A345A84B357503C8E1039BDD6B, E7AABB5AE700F17032C6A9C019A9C8BA03A0D7B01BF429286CCEED6B15BCD884 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
10:53:26.0632 0x1134 aswMonFlt - ok
10:53:26.0643 0x1134 [ 2206985EF126AB90F3D7F1A020589DC9, F9BAA1E5B087977A113B9F46C3F6C9E41D36D87DBCF5BA4632FE1BD6099E6424 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
10:53:26.0645 0x1134 aswRdr - ok
10:53:26.0649 0x1134 [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
10:53:26.0650 0x1134 aswRvrt - ok
10:53:26.0682 0x1134 [ 5BDF8C1CE61E23D51662FFDA2106E148, 7E33B09EBE42FA5DA6016D977D9BA06023644BFC7E2D85E3F7854A1FA6FAB15F ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
10:53:26.0698 0x1134 aswSnx - ok
10:53:26.0731 0x1134 [ 259E864BFB9268CD7CEFA5849A3B374B, EF1BE2581A53A6FCCE64ECE63AF2CF3D84592D472694102FD147ADE57C0F4697 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
10:53:26.0737 0x1134 aswSP - ok
10:53:26.0748 0x1134 [ B61AB6FAC792BB5AB34819339626117A, 01C7CDBDF27D7DC6DB7BD9A2F140262AF24F0B9E5282149F4FA07DF0C346C1F4 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
10:53:26.0750 0x1134 aswTdi - ok
10:53:26.0762 0x1134 [ BADA8FD627F1D0E22308211C33F0BDB5, F88751280969B8963DCFC684C99C7CCF396B50FD0AC0F869628A009557438609 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
10:53:26.0766 0x1134 aswVmm - ok
10:53:26.0797 0x1134 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:53:26.0798 0x1134 AsyncMac - ok
10:53:26.0818 0x1134 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:53:26.0819 0x1134 atapi - ok
10:53:26.0850 0x1134 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:53:26.0859 0x1134 AudioEndpointBuilder - ok
10:53:26.0883 0x1134 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:53:26.0890 0x1134 Audiosrv - ok
10:53:26.0924 0x1134 [ 7A189530FD0CFD415DBE41123F8A6A59, C5A90C6D47CEAEFEA1E9F2EBA89B79DC72790EA87650B699EB8B69692CF3430B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:53:26.0926 0x1134 avast! Antivirus - ok
10:53:26.0942 0x1134 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:53:26.0944 0x1134 AxInstSV - ok
10:53:26.0969 0x1134 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
10:53:26.0978 0x1134 b06bdrv - ok
10:53:26.0995 0x1134 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
10:53:26.0999 0x1134 b57nd60x - ok
10:53:27.0011 0x1134 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
10:53:27.0013 0x1134 BDESVC - ok
10:53:27.0025 0x1134 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:53:27.0026 0x1134 Beep - ok
10:53:27.0058 0x1134 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
10:53:27.0068 0x1134 BFE - ok
10:53:27.0098 0x1134 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
10:53:27.0113 0x1134 BITS - ok
10:53:27.0135 0x1134 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:53:27.0136 0x1134 blbdrive - ok
10:53:27.0167 0x1134 [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:53:27.0174 0x1134 Bonjour Service - ok
10:53:27.0201 0x1134 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:53:27.0203 0x1134 bowser - ok
10:53:27.0226 0x1134 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:53:27.0227 0x1134 BrFiltLo - ok
10:53:27.0235 0x1134 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:53:27.0236 0x1134 BrFiltUp - ok
10:53:27.0256 0x1134 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
10:53:27.0259 0x1134 Browser - ok
10:53:27.0276 0x1134 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:53:27.0283 0x1134 Brserid - ok
10:53:27.0294 0x1134 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:53:27.0296 0x1134 BrSerWdm - ok
10:53:27.0310 0x1134 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:53:27.0311 0x1134 BrUsbMdm - ok
10:53:27.0326 0x1134 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:53:27.0327 0x1134 BrUsbSer - ok
10:53:27.0343 0x1134 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:53:27.0345 0x1134 BTHMODEM - ok
10:53:27.0374 0x1134 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
10:53:27.0375 0x1134 bthserv - ok
10:53:27.0395 0x1134 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:53:27.0397 0x1134 cdfs - ok
10:53:27.0418 0x1134 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:53:27.0420 0x1134 cdrom - ok
10:53:27.0432 0x1134 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:53:27.0434 0x1134 CertPropSvc - ok
10:53:27.0445 0x1134 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
10:53:27.0446 0x1134 circlass - ok
10:53:27.0459 0x1134 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
10:53:27.0463 0x1134 CLFS - ok
10:53:27.0493 0x1134 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:53:27.0495 0x1134 clr_optimization_v2.0.50727_32 - ok
10:53:27.0510 0x1134 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:53:27.0513 0x1134 clr_optimization_v4.0.30319_32 - ok
10:53:27.0532 0x1134 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:53:27.0533 0x1134 CmBatt - ok
10:53:27.0550 0x1134 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:53:27.0551 0x1134 cmdide - ok
10:53:27.0575 0x1134 [ 247B4CE2DAB1160CD422D532D5241E1F, CFE04DBE48B23B084C3F4C3D0F483B26F322E4693176D8739A412BE5D8BE597E ] CNG             C:\Windows\system32\Drivers\cng.sys
10:53:27.0582 0x1134 CNG - ok
10:53:27.0595 0x1134 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:53:27.0596 0x1134 Compbatt - ok
10:53:27.0618 0x1134 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:53:27.0626 0x1134 CompositeBus - ok
10:53:27.0639 0x1134 COMSysApp - ok
10:53:27.0658 0x1134 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:53:27.0659 0x1134 crcdisk - ok
10:53:27.0686 0x1134 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:53:27.0691 0x1134 CryptSvc - ok
10:53:27.0717 0x1134 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
10:53:27.0724 0x1134 CSC - ok
10:53:27.0749 0x1134 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
10:53:27.0761 0x1134 CscService - ok
10:53:27.0775 0x1134 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:53:27.0784 0x1134 DcomLaunch - ok
10:53:27.0795 0x1134 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
10:53:27.0800 0x1134 defragsvc - ok
10:53:27.0810 0x1134 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:53:27.0811 0x1134 DfsC - ok
10:53:27.0838 0x1134 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:53:27.0844 0x1134 Dhcp - ok
10:53:27.0848 0x1134 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
10:53:27.0849 0x1134 discache - ok
10:53:27.0870 0x1134 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
10:53:27.0872 0x1134 Disk - ok
10:53:27.0907 0x1134 [ C1E8F827343C65957F76487677711DFA, BDF54F1455BE031DAC5927587C106B12AE93189E69E974704975D5C056A40ED3 ] DM150Drv        C:\Windows\system32\DRIVERS\DM150Drv.sys
10:53:27.0908 0x1134 DM150Drv - ok
10:53:27.0930 0x1134 [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
10:53:27.0932 0x1134 dmvsc - ok
10:53:27.0953 0x1134 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:53:27.0956 0x1134 Dnscache - ok
10:53:27.0969 0x1134 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:53:27.0973 0x1134 dot3svc - ok
10:53:27.0998 0x1134 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
10:53:28.0002 0x1134 DPS - ok
10:53:28.0033 0x1134 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:53:28.0034 0x1134 drmkaud - ok
10:53:28.0074 0x1134 [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:53:28.0088 0x1134 DXGKrnl - ok
10:53:28.0145 0x1134 [ E823E52438D7B673B818659A0B3C9638, 536AA34B8E974C0F83BFA5CDC40BE5040CAFA746C46A28DAD33BF4777FA47A41 ] DymoPnpService C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
10:53:28.0146 0x1134 DymoPnpService - ok
10:53:28.0165 0x1134 [ 3EA531906572FFD549B72A10F828E58C, 179D40413E5CB1E46F9486F80D56C8DE5CDE0C309BC65E0508D98C3E6A00BBEB ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6032.sys
10:53:28.0169 0x1134 e1kexpress - ok
10:53:28.0181 0x1134 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
10:53:28.0184 0x1134 EapHost - ok
10:53:28.0277 0x1134 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
10:53:28.0321 0x1134 ebdrv - ok
10:53:28.0353 0x1134 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS             C:\Windows\System32\lsass.exe
10:53:28.0356 0x1134 EFS - ok
10:53:28.0405 0x1134 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:53:28.0416 0x1134 ehRecvr - ok
10:53:28.0429 0x1134 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
10:53:28.0431 0x1134 ehSched - ok
10:53:28.0442 0x1134 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:53:28.0449 0x1134 elxstor - ok
10:53:28.0460 0x1134 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:53:28.0461 0x1134 ErrDev - ok
10:53:28.0487 0x1134 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
10:53:28.0494 0x1134 EventSystem - ok
10:53:28.0505 0x1134 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:53:28.0508 0x1134 exfat - ok
10:53:28.0518 0x1134 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:53:28.0521 0x1134 fastfat - ok
10:53:28.0565 0x1134 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
10:53:28.0576 0x1134 Fax - ok
10:53:28.0594 0x1134 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
10:53:28.0595 0x1134 fdc - ok
10:53:28.0607 0x1134 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
10:53:28.0608 0x1134 fdPHost - ok
10:53:28.0619 0x1134 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:53:28.0621 0x1134 FDResPub - ok
10:53:28.0627 0x1134 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:53:28.0628 0x1134 FileInfo - ok
10:53:28.0636 0x1134 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:53:28.0637 0x1134 Filetrace - ok
10:53:28.0649 0x1134 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:53:28.0650 0x1134 flpydisk - ok
10:53:28.0670 0x1134 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:53:28.0674 0x1134 FltMgr - ok
10:53:28.0719 0x1134 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
10:53:28.0737 0x1134 FontCache - ok
10:53:28.0766 0x1134 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:53:28.0767 0x1134 FontCache3.0.0.0 - ok
10:53:28.0777 0x1134 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:53:28.0778 0x1134 FsDepends - ok
10:53:28.0792 0x1134 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:53:28.0793 0x1134 Fs_Rec - ok
10:53:28.0817 0x1134 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:53:28.0821 0x1134 fvevol - ok
10:53:28.0829 0x1134 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:53:28.0831 0x1134 gagp30kx - ok
10:53:28.0854 0x1134 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:53:28.0868 0x1134 gpsvc - ok
10:53:28.0898 0x1134 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:53:28.0900 0x1134 gupdate - ok
10:53:28.0906 0x1134 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:53:28.0908 0x1134 gupdatem - ok
10:53:28.0924 0x1134 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:53:28.0925 0x1134 hcw85cir - ok
10:53:28.0961 0x1134 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:53:28.0967 0x1134 HdAudAddService - ok
10:53:29.0005 0x1134 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:53:29.0008 0x1134 HDAudBus - ok
10:53:29.0028 0x1134 [ 88A67C34E37186665E916FD347B50D19, 23C4F11E421DE7D8330418118524D345A905300816E3D7D486DB18C670226EE1 ] HECI            C:\Windows\system32\drivers\HECI.sys
10:53:29.0029 0x1134 HECI - ok
10:53:29.0077 0x1134 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:53:29.0107 0x1134 HidBatt - ok
10:53:29.0111 0x1134 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:53:29.0112 0x1134 HidBth - ok
10:53:29.0135 0x1134 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:53:29.0137 0x1134 HidIr - ok
10:53:29.0148 0x1134 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
10:53:29.0150 0x1134 hidserv - ok
10:53:29.0175 0x1134 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
10:53:29.0176 0x1134 HidUsb - ok
10:53:29.0193 0x1134 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:53:29.0196 0x1134 hkmsvc - ok
10:53:29.0208 0x1134 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:53:29.0214 0x1134 HomeGroupListener - ok
10:53:29.0239 0x1134 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:53:29.0246 0x1134 HomeGroupProvider - ok
10:53:29.0255 0x1134 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:53:29.0257 0x1134 HpSAMD - ok
10:53:29.0284 0x1134 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:53:29.0292 0x1134 HTTP - ok
10:53:29.0302 0x1134 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:53:29.0303 0x1134 hwpolicy - ok
10:53:29.0318 0x1134 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:53:29.0320 0x1134 i8042prt - ok
10:53:29.0349 0x1134 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:53:29.0355 0x1134 iaStorV - ok
10:53:29.0405 0x1134 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:53:29.0422 0x1134 idsvc - ok
10:53:29.0577 0x1134 [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
10:53:29.0645 0x1134 igfx - ok
10:53:29.0699 0x1134 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:53:29.0701 0x1134 iirsp - ok
10:53:29.0733 0x1134 [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:53:29.0748 0x1134 IKEEXT - ok
10:53:29.0773 0x1134 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:53:29.0774 0x1134 intelide - ok
10:53:29.0799 0x1134 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:53:29.0801 0x1134 intelppm - ok
10:53:29.0820 0x1134 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:53:29.0824 0x1134 IPBusEnum - ok
10:53:29.0830 0x1134 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:53:29.0832 0x1134 IpFilterDriver - ok
10:53:29.0867 0x1134 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:53:29.0877 0x1134 iphlpsvc - ok
10:53:29.0892 0x1134 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:53:29.0894 0x1134 IPMIDRV - ok
10:53:29.0905 0x1134 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:53:29.0908 0x1134 IPNAT - ok
10:53:29.0912 0x1134 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:53:29.0912 0x1134 IRENUM - ok
10:53:29.0922 0x1134 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:53:29.0923 0x1134 isapnp - ok
10:53:29.0944 0x1134 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:53:29.0950 0x1134 iScsiPrt - ok
10:53:29.0968 0x1134 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:53:29.0969 0x1134 kbdclass - ok
10:53:29.0978 0x1134 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:53:29.0979 0x1134 kbdhid - ok
10:53:29.0987 0x1134 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso          C:\Windows\system32\lsass.exe
10:53:29.0989 0x1134 KeyIso - ok
10:53:30.0008 0x1134 [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:53:30.0009 0x1134 KSecDD - ok
10:53:30.0023 0x1134 [ D30159AC9237519FBC62C6EC247D2D46, 10BDE041C95D0CCD3591ED497002043FEC3A5F732D7AE311FBA457E0FE16CE4B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:53:30.0025 0x1134 KSecPkg - ok
10:53:30.0049 0x1134 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:53:30.0057 0x1134 KtmRm - ok
10:53:30.0082 0x1134 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:53:30.0089 0x1134 LanmanServer - ok
10:53:30.0118 0x1134 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:53:30.0123 0x1134 LanmanWorkstation - ok
10:53:30.0132 0x1134 Level Quality Watcher - ok
10:53:30.0139 0x1134 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:53:30.0141 0x1134 lltdio - ok
10:53:30.0164 0x1134 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:53:30.0169 0x1134 lltdsvc - ok
10:53:30.0185 0x1134 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:53:30.0188 0x1134 lmhosts - ok
10:53:30.0208 0x1134 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:53:30.0210 0x1134 LSI_FC - ok
10:53:30.0238 0x1134 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:53:30.0240 0x1134 LSI_SAS - ok
10:53:30.0263 0x1134 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:53:30.0265 0x1134 LSI_SAS2 - ok
10:53:30.0280 0x1134 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:53:30.0282 0x1134 LSI_SCSI - ok
10:53:30.0297 0x1134 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:53:30.0299 0x1134 luafv - ok
10:53:30.0305 0x1134 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:53:30.0306 0x1134 MBAMProtector - ok
10:53:30.0327 0x1134 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:53:30.0335 0x1134 MBAMScheduler - ok
10:53:30.0362 0x1134 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:53:30.0375 0x1134 MBAMService - ok
10:53:30.0389 0x1134 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:53:30.0392 0x1134 Mcx2Svc - ok
10:53:30.0403 0x1134 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:53:30.0404 0x1134 megasas - ok
10:53:30.0418 0x1134 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:53:30.0423 0x1134 MegaSR - ok
10:53:30.0445 0x1134 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
10:53:30.0447 0x1134 MMCSS - ok
10:53:30.0456 0x1134 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
10:53:30.0457 0x1134 Modem - ok
10:53:30.0467 0x1134 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:53:30.0468 0x1134 monitor - ok
10:53:30.0483 0x1134 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:53:30.0484 0x1134 mouclass - ok
10:53:30.0493 0x1134 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:53:30.0495 0x1134 mouhid - ok
10:53:30.0499 0x1134 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:53:30.0500 0x1134 mountmgr - ok
10:53:30.0521 0x1134 [ 5D494509432897338AFC19DB78A76DCB, 873F61F45D4A96096E17F9E266B1A20CCD65E4678DDB21DDE3DB98E831E524D3 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:53:30.0524 0x1134 MozillaMaintenance - ok
10:53:30.0572 0x1134 [ 7E34BFA1A7B60BBA1DA03D677F16CD63, 54FEE34CD2711AF176A41ECE9E12F83E92304F28A0BEA9FAC95CFE9AF7C135F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
10:53:30.0578 0x1134 MpFilter - ok
10:53:30.0598 0x1134 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:53:30.0601 0x1134 mpio - ok
10:53:30.0609 0x1134 [ F32E2D6A1640A469A9ED4F1929A4A861, 663146C14DD49D346A2BA7BC403162E5F6CF99119555FEDB62C0CFC2A553BEA4 ] MpNWMon         C:\Windows\system32\DRIVERS\MpNWMon.sys
10:53:30.0610 0x1134 MpNWMon - ok
10:53:30.0620 0x1134 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:53:30.0621 0x1134 mpsdrv - ok
10:53:30.0642 0x1134 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:53:30.0655 0x1134 MpsSvc - ok
10:53:30.0679 0x1134 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:53:30.0681 0x1134 MRxDAV - ok
10:53:30.0705 0x1134 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:53:30.0707 0x1134 mrxsmb - ok
10:53:30.0720 0x1134 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:53:30.0724 0x1134 mrxsmb10 - ok
10:53:30.0734 0x1134 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:53:30.0736 0x1134 mrxsmb20 - ok
10:53:30.0757 0x1134 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:53:30.0757 0x1134 msahci - ok
10:53:30.0769 0x1134 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:53:30.0772 0x1134 msdsm - ok
10:53:30.0785 0x1134 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
10:53:30.0789 0x1134 MSDTC - ok
10:53:30.0811 0x1134 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:53:30.0812 0x1134 Msfs - ok
10:53:30.0820 0x1134 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:53:30.0821 0x1134 mshidkmdf - ok
10:53:30.0831 0x1134 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:53:30.0832 0x1134 msisadrv - ok
10:53:30.0858 0x1134 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:53:30.0861 0x1134 MSiSCSI - ok
10:53:30.0864 0x1134 msiserver - ok
10:53:30.0876 0x1134 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:53:30.0876 0x1134 MSKSSRV - ok
10:53:30.0916 0x1134 [ 90DC23D940551DB35367FB1E40575B25, 636C5BC3488F39CD967CBC287DC37E420884E1EF64B65238FB8F2DCF941DA817 ] MsMpSvc         c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
10:53:30.0917 0x1134 MsMpSvc - ok
10:53:30.0923 0x1134 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:53:30.0924 0x1134 MSPCLOCK - ok
10:53:30.0935 0x1134 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:53:30.0936 0x1134 MSPQM - ok
10:53:30.0943 0x1134 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:53:30.0948 0x1134 MsRPC - ok
10:53:30.0961 0x1134 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:53:30.0962 0x1134 mssmbios - ok
10:53:30.0972 0x1134 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:53:30.0973 0x1134 MSTEE - ok
10:53:30.0989 0x1134 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:53:30.0990 0x1134 MTConfig - ok
10:53:30.0993 0x1134 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:53:30.0995 0x1134 Mup - ok
10:53:31.0017 0x1134 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
10:53:31.0024 0x1134 napagent - ok
10:53:31.0050 0x1134 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:53:31.0055 0x1134 NativeWifiP - ok
10:53:31.0093 0x1134 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:53:31.0108 0x1134 NDIS - ok
10:53:31.0119 0x1134 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:53:31.0120 0x1134 NdisCap - ok
10:53:31.0129 0x1134 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:53:31.0130 0x1134 NdisTapi - ok
10:53:31.0133 0x1134 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:53:31.0134 0x1134 Ndisuio - ok
10:53:31.0138 0x1134 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:53:31.0140 0x1134 NdisWan - ok
10:53:31.0144 0x1134 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:53:31.0145 0x1134 NDProxy - ok
10:53:31.0153 0x1134 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:53:31.0154 0x1134 NetBIOS - ok
10:53:31.0166 0x1134 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:53:31.0169 0x1134 NetBT - ok
10:53:31.0178 0x1134 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon        C:\Windows\system32\lsass.exe
10:53:31.0181 0x1134 Netlogon - ok
10:53:31.0200 0x1134 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
10:53:31.0208 0x1134 Netman - ok
10:53:31.0224 0x1134 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:53:31.0227 0x1134 NetMsmqActivator - ok
10:53:31.0232 0x1134 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:53:31.0234 0x1134 NetPipeActivator - ok
10:53:31.0256 0x1134 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
10:53:31.0263 0x1134 netprofm - ok
10:53:31.0274 0x1134 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:53:31.0277 0x1134 NetTcpActivator - ok
10:53:31.0282 0x1134 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:53:31.0285 0x1134 NetTcpPortSharing - ok
10:53:31.0312 0x1134 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:53:31.0313 0x1134 nfrd960 - ok
10:53:31.0330 0x1134 [ 17E2C08C5ECFBE94A7C67B1C275EE9D9, C60D6DFC4F49C9DF0D7190E9F98F77B05334FDFF380BC8749111BDED5F21F71B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:53:31.0332 0x1134 NisDrv - ok
10:53:31.0365 0x1134 [ C73DE53197AC0C4DB60B80588F0D54DF, DBF566B36B945A85E1FBE7513E93C34323E790692237593F39FC5B96D284B2F1 ] NisSrv          c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
10:53:31.0369 0x1134 NisSrv - ok
10:53:31.0394 0x1134 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:53:31.0400 0x1134 NlaSvc - ok
10:53:31.0412 0x1134 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:53:31.0413 0x1134 Npfs - ok
10:53:31.0426 0x1134 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
10:53:31.0429 0x1134 nsi - ok
10:53:31.0439 0x1134 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:53:31.0439 0x1134 nsiproxy - ok
10:53:31.0486 0x1134 [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:53:31.0520 0x1134 Ntfs - ok
10:53:31.0530 0x1134 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
10:53:31.0531 0x1134 Null - ok
10:53:31.0552 0x1134 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:53:31.0554 0x1134 nvraid - ok
10:53:31.0571 0x1134 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:53:31.0574 0x1134 nvstor - ok
10:53:31.0588 0x1134 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:53:31.0591 0x1134 nv_agp - ok
10:53:31.0597 0x1134 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:53:31.0599 0x1134 ohci1394 - ok
10:53:31.0632 0x1134 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:53:31.0635 0x1134 ose - ok
10:53:31.0779 0x1134 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:53:31.0910 0x1134 osppsvc - ok
10:53:31.0948 0x1134 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:53:31.0955 0x1134 p2pimsvc - ok
10:53:31.0972 0x1134 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:53:31.0980 0x1134 p2psvc - ok
10:53:32.0004 0x1134 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
10:53:32.0006 0x1134 Parport - ok
10:53:32.0020 0x1134 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:53:32.0022 0x1134 partmgr - ok
10:53:32.0031 0x1134 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
10:53:32.0032 0x1134 Parvdm - ok
10:53:32.0038 0x1134 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:53:32.0043 0x1134 PcaSvc - ok
10:53:32.0068 0x1134 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
10:53:32.0072 0x1134 pci - ok
10:53:32.0092 0x1134 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:53:32.0093 0x1134 pciide - ok
10:53:32.0118 0x1134 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:53:32.0121 0x1134 pcmcia - ok
10:53:32.0138 0x1134 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:53:32.0139 0x1134 pcw - ok
10:53:32.0174 0x1134 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:53:32.0186 0x1134 PEAUTH - ok
10:53:32.0225 0x1134 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:53:32.0258 0x1134 PeerDistSvc - ok
10:53:32.0309 0x1134 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
10:53:32.0334 0x1134 pla - ok
10:53:32.0365 0x1134 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:53:32.0373 0x1134 PlugPlay - ok
10:53:32.0383 0x1134 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:53:32.0386 0x1134 PNRPAutoReg - ok
10:53:32.0398 0x1134 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:53:32.0404 0x1134 PNRPsvc - ok
10:53:32.0432 0x1134 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:53:32.0438 0x1134 PolicyAgent - ok
10:53:32.0448 0x1134 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
10:53:32.0454 0x1134 Power - ok
10:53:32.0464 0x1134 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:53:32.0466 0x1134 PptpMiniport - ok
10:53:32.0481 0x1134 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
10:53:32.0482 0x1134 Processor - ok
10:53:32.0501 0x1134 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:53:32.0506 0x1134 ProfSvc - ok
10:53:32.0513 0x1134 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
10:53:32.0515 0x1134 ProtectedStorage - ok
10:53:32.0529 0x1134 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:53:32.0531 0x1134 Psched - ok
10:53:32.0574 0x1134 [ 2BAAD07111D003D8E4360898C6667F22, 7B284828B8182E1F74FAFF054330551732FF60A941CC13C6429BBD1D510E335B ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:53:32.0575 0x1134 QBCFMonitorService - ok
10:53:32.0596 0x1134 [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
10:53:32.0598 0x1134 QBFCService - ok
10:53:32.0691 0x1134 [ CE9ED0A054A43FD033E9B0BE8208EAC7, F55676E3D568B701DD13ACC1AD673B60E8A48B799227FFA3BAB41EE06F104E81 ] QBVSS           C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
10:53:32.0709 0x1134 QBVSS - ok
10:53:32.0752 0x1134 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:53:32.0786 0x1134 ql2300 - ok
10:53:32.0804 0x1134 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:53:32.0806 0x1134 ql40xx - ok
10:53:32.0834 0x1134 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
10:53:32.0840 0x1134 QWAVE - ok
10:53:32.0843 0x1134 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:53:32.0844 0x1134 QWAVEdrv - ok
10:53:32.0852 0x1134 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:53:32.0853 0x1134 RasAcd - ok
10:53:32.0872 0x1134 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:53:32.0873 0x1134 RasAgileVpn - ok
10:53:32.0878 0x1134 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
10:53:32.0882 0x1134 RasAuto - ok
10:53:32.0886 0x1134 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:53:32.0888 0x1134 Rasl2tp - ok
10:53:32.0906 0x1134 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
10:53:32.0914 0x1134 RasMan - ok
10:53:32.0918 0x1134 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:53:32.0920 0x1134 RasPppoe - ok
10:53:32.0924 0x1134 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:53:32.0926 0x1134 RasSstp - ok
10:53:32.0933 0x1134 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:53:32.0937 0x1134 rdbss - ok
10:53:32.0951 0x1134 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
10:53:32.0952 0x1134 rdpbus - ok
10:53:32.0958 0x1134 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:53:32.0958 0x1134 RDPCDD - ok
10:53:32.0979 0x1134 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:53:32.0982 0x1134 RDPDR - ok
10:53:33.0002 0x1134 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:53:33.0003 0x1134 RDPENCDD - ok
10:53:33.0014 0x1134 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:53:33.0015 0x1134 RDPREFMP - ok
10:53:33.0038 0x1134 [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:53:33.0042 0x1134 RDPWD - ok
10:53:33.0050 0x1134 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:53:33.0053 0x1134 rdyboost - ok
10:53:33.0071 0x1134 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:53:33.0075 0x1134 RemoteAccess - ok
10:53:33.0080 0x1134 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:53:33.0085 0x1134 RemoteRegistry - ok
10:53:33.0096 0x1134 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:53:33.0100 0x1134 RpcEptMapper - ok
10:53:33.0115 0x1134 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
10:53:33.0117 0x1134 RpcLocator - ok
10:53:33.0137 0x1134 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
10:53:33.0147 0x1134 RpcSs - ok
10:53:33.0152 0x1134 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:53:33.0154 0x1134 rspndr - ok
10:53:33.0174 0x1134 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:53:33.0176 0x1134 s3cap - ok
10:53:33.0188 0x1134 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs           C:\Windows\system32\lsass.exe
10:53:33.0191 0x1134 SamSs - ok
10:53:33.0204 0x1134 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:53:33.0206 0x1134 sbp2port - ok
10:53:33.0222 0x1134 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:53:33.0228 0x1134 SCardSvr - ok
10:53:33.0231 0x1134 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:53:33.0233 0x1134 scfilter - ok
10:53:33.0274 0x1134 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
10:53:33.0309 0x1134 Schedule - ok
10:53:33.0325 0x1134 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:53:33.0327 0x1134 SCPolicySvc - ok
10:53:33.0332 0x1134 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:53:33.0336 0x1134 SDRSVC - ok
10:53:33.0344 0x1134 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:53:33.0345 0x1134 secdrv - ok
10:53:33.0358 0x1134 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
10:53:33.0362 0x1134 seclogon - ok
10:53:33.0374 0x1134 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
10:53:33.0378 0x1134 SENS - ok
10:53:33.0392 0x1134 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:53:33.0395 0x1134 SensrSvc - ok
10:53:33.0414 0x1134 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:53:33.0415 0x1134 Serenum - ok
10:53:33.0435 0x1134 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
10:53:33.0437 0x1134 Serial - ok
10:53:33.0455 0x1134 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:53:33.0456 0x1134 sermouse - ok
10:53:33.0475 0x1134 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:53:33.0479 0x1134 SessionEnv - ok
10:53:33.0497 0x1134 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:53:33.0497 0x1134 sffdisk - ok
10:53:33.0507 0x1134 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:53:33.0508 0x1134 sffp_mmc - ok
10:53:33.0519 0x1134 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:53:33.0520 0x1134 sffp_sd - ok
10:53:33.0530 0x1134 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:53:33.0530 0x1134 sfloppy - ok
10:53:33.0569 0x1134 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:53:33.0578 0x1134 SharedAccess - ok
10:53:33.0594 0x1134 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:53:33.0604 0x1134 ShellHWDetection - ok
10:53:33.0617 0x1134 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:53:33.0618 0x1134 sisagp - ok
10:53:33.0637 0x1134 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:53:33.0638 0x1134 SiSRaid2 - ok
10:53:33.0659 0x1134 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:53:33.0662 0x1134 SiSRaid4 - ok
10:53:33.0680 0x1134 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:53:33.0682 0x1134 Smb - ok
10:53:33.0692 0x1134 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:53:33.0695 0x1134 SNMPTRAP - ok
10:53:33.0709 0x1134 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:53:33.0710 0x1134 spldr - ok
10:53:33.0733 0x1134 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
10:53:33.0742 0x1134 Spooler - ok
10:53:33.0834 0x1134 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
10:53:33.0920 0x1134 sppsvc - ok
10:53:33.0932 0x1134 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:53:33.0936 0x1134 sppuinotify - ok
10:53:33.0959 0x1134 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:53:33.0965 0x1134 srv - ok
10:53:33.0982 0x1134 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:53:33.0987 0x1134 srv2 - ok
10:53:34.0013 0x1134 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:53:34.0015 0x1134 srvnet - ok
10:53:34.0027 0x1134 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:53:34.0033 0x1134 SSDPSRV - ok
10:53:34.0038 0x1134 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:53:34.0042 0x1134 SstpSvc - ok
10:53:34.0065 0x1134 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:53:34.0067 0x1134 stexstor - ok
10:53:34.0123 0x1134 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
10:53:34.0136 0x1134 StiSvc - ok
10:53:34.0161 0x1134 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:53:34.0181 0x1134 storflt - ok
10:53:34.0223 0x1134 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
10:53:34.0228 0x1134 StorSvc - ok
10:53:34.0314 0x1134 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:53:34.0315 0x1134 storvsc - ok
10:53:34.0330 0x1134 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:53:34.0331 0x1134 swenum - ok
10:53:34.0344 0x1134 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
10:53:34.0357 0x1134 swprv - ok
10:53:34.0399 0x1134 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
10:53:34.0434 0x1134 SysMain - ok
10:53:34.0441 0x1134 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:53:34.0445 0x1134 TabletInputService - ok
10:53:34.0452 0x1134 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:53:34.0459 0x1134 TapiSrv - ok
10:53:34.0466 0x1134 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
10:53:34.0470 0x1134 TBS - ok
10:53:34.0516 0x1134 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:53:34.0549 0x1134 Tcpip - ok
10:53:34.0585 0x1134 [ CA59F7C570AF70BC174F477CFE2D9EE3, F09E4E14207A2AC6957D2C0AC8707D0E356A9087FA6DC703373242D8EEB026BD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:53:34.0603 0x1134 TCPIP6 - ok
10:53:34.0633 0x1134 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:53:34.0634 0x1134 tcpipreg - ok
10:53:34.0652 0x1134 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:53:34.0653 0x1134 TDPIPE - ok
10:53:34.0674 0x1134 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:53:34.0676 0x1134 TDTCP - ok
10:53:34.0692 0x1134 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:53:34.0694 0x1134 tdx - ok
10:53:34.0707 0x1134 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:53:34.0710 0x1134 TermDD - ok
10:53:34.0740 0x1134 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
10:53:34.0759 0x1134 TermService - ok
10:53:34.0764 0x1134 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
10:53:34.0768 0x1134 Themes - ok
10:53:34.0779 0x1134 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
10:53:34.0782 0x1134 THREADORDER - ok
10:53:34.0793 0x1134 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
10:53:34.0798 0x1134 TrkWks - ok
10:53:34.0835 0x1134 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:53:34.0839 0x1134 TrustedInstaller - ok
10:53:34.0856 0x1134 [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:53:34.0857 0x1134 tssecsrv - ok
10:53:34.0861 0x1134 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:53:34.0863 0x1134 TsUsbFlt - ok
10:53:34.0880 0x1134 [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:53:34.0881 0x1134 TsUsbGD - ok
10:53:34.0895 0x1134 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:53:34.0897 0x1134 tunnel - ok
10:53:34.0914 0x1134 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:53:34.0915 0x1134 uagp35 - ok
10:53:34.0932 0x1134 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:53:34.0937 0x1134 udfs - ok
10:53:34.0951 0x1134 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:53:34.0955 0x1134 UI0Detect - ok
10:53:34.0967 0x1134 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:53:34.0969 0x1134 uliagpkx - ok
10:53:34.0988 0x1134 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:53:34.0989 0x1134 umbus - ok
10:53:35.0001 0x1134 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:53:35.0002 0x1134 UmPass - ok
10:53:35.0028 0x1134 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:53:35.0035 0x1134 UmRdpService - ok
10:53:35.0053 0x1134 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
10:53:35.0061 0x1134 upnphost - ok
10:53:35.0079 0x1134 [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:53:35.0081 0x1134 usbccgp - ok
10:53:35.0098 0x1134 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:53:35.0100 0x1134 usbcir - ok
10:53:35.0119 0x1134 [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:53:35.0121 0x1134 usbehci - ok
10:53:35.0140 0x1134 [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:53:35.0144 0x1134 usbhub - ok
10:53:35.0155 0x1134 [ E185D44FAC515A18D9DEDDC23C2CDF44, EF69D0253CC8F1D29929FD5E74F18737ECF5D238874B6E1505E2EAEE66D9D987 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:53:35.0157 0x1134 usbohci - ok
10:53:35.0175 0x1134 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:53:35.0176 0x1134 usbprint - ok
10:53:35.0212 0x1134 [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
10:53:35.0214 0x1134 usbscan - ok
10:53:35.0230 0x1134 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
10:53:35.0233 0x1134 USBSTOR - ok
10:53:35.0241 0x1134 [ 68DF884CF41CDADA664BEB01DAF67E3D, 142781FE2FF93B269D8FA11D4C3F60967552A867E94533D94EF1C2D777A67872 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:53:35.0243 0x1134 usbuhci - ok
10:53:35.0257 0x1134 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
10:53:35.0264 0x1134 UxSms - ok
10:53:35.0271 0x1134 [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc        C:\Windows\system32\lsass.exe
10:53:35.0275 0x1134 VaultSvc - ok
10:53:35.0285 0x1134 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:53:35.0287 0x1134 vdrvroot - ok
10:53:35.0313 0x1134 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
10:53:35.0329 0x1134 vds - ok
10:53:35.0361 0x1134 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:53:35.0363 0x1134 vga - ok
10:53:35.0378 0x1134 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:53:35.0379 0x1134 VgaSave - ok
10:53:35.0404 0x1134 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:53:35.0409 0x1134 vhdmp - ok
10:53:35.0422 0x1134 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:53:35.0424 0x1134 viaagp - ok
10:53:35.0439 0x1134 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
10:53:35.0442 0x1134 ViaC7 - ok
10:53:35.0462 0x1134 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:53:35.0463 0x1134 viaide - ok
10:53:35.0491 0x1134 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:53:35.0496 0x1134 vmbus - ok
10:53:35.0511 0x1134 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:53:35.0513 0x1134 VMBusHID - ok
10:53:35.0528 0x1134 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:53:35.0531 0x1134 volmgr - ok
10:53:35.0551 0x1134 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:53:35.0558 0x1134 volmgrx - ok
10:53:35.0569 0x1134 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:53:35.0574 0x1134 volsnap - ok
10:53:35.0589 0x1134 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:53:35.0593 0x1134 vsmraid - ok
10:53:35.0616 0x1134 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
10:53:35.0639 0x1134 VSS - ok
10:53:35.0644 0x1134 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:53:35.0645 0x1134 vwifibus - ok
10:53:35.0659 0x1134 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
10:53:35.0668 0x1134 W32Time - ok
10:53:35.0683 0x1134 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:53:35.0685 0x1134 WacomPen - ok
10:53:35.0694 0x1134 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:53:35.0695 0x1134 WANARP - ok
10:53:35.0698 0x1134 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:53:35.0700 0x1134 Wanarpv6 - ok
10:53:35.0760 0x1134 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:53:35.0803 0x1134 WatAdminSvc - ok
10:53:35.0840 0x1134 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
10:53:35.0875 0x1134 wbengine - ok
10:53:35.0886 0x1134 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:53:35.0892 0x1134 WbioSrvc - ok
10:53:35.0901 0x1134 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:53:35.0908 0x1134 wcncsvc - ok
10:53:35.0914 0x1134 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:53:35.0918 0x1134 WcsPlugInService - ok
10:53:35.0938 0x1134 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
10:53:35.0939 0x1134 Wd - ok
10:53:35.0960 0x1134 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:53:35.0970 0x1134 Wdf01000 - ok
10:53:35.0984 0x1134 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:53:35.0989 0x1134 WdiServiceHost - ok
10:53:35.0993 0x1134 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:53:35.0997 0x1134 WdiSystemHost - ok
10:53:36.0026 0x1134 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
10:53:36.0033 0x1134 WebClient - ok
10:53:36.0039 0x1134 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:53:36.0045 0x1134 Wecsvc - ok
10:53:36.0050 0x1134 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:53:36.0054 0x1134 wercplsupport - ok
10:53:36.0067 0x1134 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
10:53:36.0072 0x1134 WerSvc - ok
10:53:36.0092 0x1134 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:53:36.0093 0x1134 WfpLwf - ok
10:53:36.0106 0x1134 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:53:36.0107 0x1134 WIMMount - ok
10:53:36.0149 0x1134 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:53:36.0164 0x1134 WinDefend - ok
10:53:36.0182 0x1134 WinHttpAutoProxySvc - ok
10:53:36.0220 0x1134 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:53:36.0225 0x1134 Winmgmt - ok
10:53:36.0262 0x1134 [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
10:53:36.0295 0x1134 WinRM - ok
10:53:36.0335 0x1134 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:53:36.0350 0x1134 Wlansvc - ok
10:53:36.0367 0x1134 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:53:36.0368 0x1134 WmiAcpi - ok
10:53:36.0384 0x1134 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:53:36.0386 0x1134 wmiApSrv - ok
10:53:36.0434 0x1134 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:53:36.0468 0x1134 WMPNetworkSvc - ok
10:53:36.0477 0x1134 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:53:36.0481 0x1134 WPCSvc - ok
10:53:36.0494 0x1134 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:53:36.0499 0x1134 WPDBusEnum - ok
10:53:36.0505 0x1134 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:53:36.0507 0x1134 ws2ifsl - ok
10:53:36.0516 0x1134 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
10:53:36.0521 0x1134 wscsvc - ok
10:53:36.0537 0x1134 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:53:36.0538 0x1134 WSDPrintDevice - ok
10:53:36.0557 0x1134 [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\Windows\system32\drivers\WSDScan.sys
10:53:36.0558 0x1134 WSDScan - ok
10:53:36.0560 0x1134 WSearch - ok
10:53:36.0621 0x1134 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:53:36.0662 0x1134 wuauserv - ok
10:53:36.0687 0x1134 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:53:36.0688 0x1134 WudfPf - ok
10:53:36.0718 0x1134 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:53:36.0721 0x1134 WUDFRd - ok
10:53:36.0756 0x1134 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:53:36.0760 0x1134 wudfsvc - ok
10:53:36.0790 0x1134 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:53:36.0796 0x1134 WwanSvc - ok
10:53:36.0808 0x1134 ================ Scan global ===============================
10:53:36.0833 0x1134 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:53:36.0849 0x1134 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:53:36.0862 0x1134 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
10:53:36.0879 0x1134 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:53:36.0897 0x1134 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
10:53:36.0906 0x1134 [ Global ] - ok
10:53:36.0906 0x1134 ================ Scan MBR ==================================
10:53:36.0919 0x1134 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:53:37.0077 0x1134 \Device\Harddisk0\DR0 - ok
10:53:37.0077 0x1134 ================ Scan VBR ==================================
10:53:37.0078 0x1134 [ 51B9D6697B6F18406E43D8BA503BE88F ] \Device\Harddisk0\DR0\Partition1
10:53:37.0079 0x1134 \Device\Harddisk0\DR0\Partition1 - ok
10:53:37.0083 0x1134 [ 26DD453FC9DEF4B2BE011C6F3313881D ] \Device\Harddisk0\DR0\Partition2
10:53:37.0084 0x1134 \Device\Harddisk0\DR0\Partition2 - ok
10:53:37.0085 0x1134 Waiting for KSN requests completion. In queue: 305
10:53:38.0085 0x1134 Waiting for KSN requests completion. In queue: 305
10:53:39.0085 0x1134 Waiting for KSN requests completion. In queue: 305
10:53:40.0207 0x1134 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 2.0.657.0 ), 0x61000 ( enabled : updated )
10:53:40.0216 0x1134 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2007.172 ), 0x41000 ( enabled : updated )
10:53:40.0250 0x1134 Win FW state via NFP2: enabled
10:53:42.0734 0x1134 ============================================================
10:53:42.0734 0x1134 Scan finished
10:53:42.0734 0x1134 ============================================================
10:53:42.0736 0x1170 Detected object count: 0
10:53:42.0736 0x1170 Actual detected object count: 0
10:54:02.0000 0x11c8 Deinitialize success

ADW Log

# AdwCleaner v3.012 - Report created 14/11/2013 at 10:50:59
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Juanita - JUANITADAVIS
# Running from : C:\Users\Juanita\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\Conduit.xml
File Found : C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\MyStart Search.xml
File Found : C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\user.js
File Found : C:\Windows\system32\ImhxxpComm.dll
File Found : C:\Windows\System32\Tasks\Dealply
File Found : C:\Windows\Tasks\Dealply.job
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Searchprotect
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Juanita\AppData\Local\Conduit
Folder Found C:\Users\Juanita\AppData\Local\Temp\Smartbar
Folder Found C:\Users\Juanita\AppData\Local\Wajam
Folder Found C:\Users\Juanita\AppData\LocalLow\Conduit
Folder Found C:\Users\Juanita\AppData\Roaming\Searchprotect
Folder Found C:\Windows\system32\ARFC
Folder Found C:\Windows\system32\jmdp
Folder Found C:\Windows\system32\WNLT

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3153924
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Dealply
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67B180A7-13E0-4BD6-98E7-DD733A39E4B8}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\wnlt
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\prefs.js ]

Line Found : user_pref("CT3153924.FF19Solved", "true");
Line Found : user_pref("CT3153924.UserID", "UN39898513432788736");
Line Found : user_pref("CT3153924.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3153924.fullUserID", "UN39898513432788736.IN.20131108103855");
Line Found : user_pref("CT3153924.installDate", "08/11/2013 10:39:03");
Line Found : user_pref("CT3153924.installSessionId", "{103DA1B9-C83E-44F5-8A33-A4EDE0D3A072}");
Line Found : user_pref("CT3153924.installSp", "TRUE");
Line Found : user_pref("CT3153924.installerVersion", "1.7.1.7");
Line Found : user_pref("CT3153924.keyword", "true");
Line Found : user_pref("CT3153924.originalHomepage", "about:home");
Line Found : user_pref("CT3153924.originalSearchAddressUrl", "");
Line Found : user_pref("CT3153924.originalSearchEngine", "");
Line Found : user_pref("CT3153924.originalSearchEngineName", "");
Line Found : user_pref("CT3153924.searchRevert", "false");
Line Found : user_pref("CT3153924.searchUserMode", "2");
Line Found : user_pref("CT3153924.smartbar.homepage", "true");
Line Found : user_pref("CT3153924.versionFromInstaller", "10.22.2.30");
Line Found : user_pref("CT3153924.xpeMode", "0");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("browser.search.defaultthis.engineName", "Connect DLCS Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&CUI=UN39898513432788736&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);
Line Found : user_pref("extensions.helperbar.countryiso", "us");
Line Found : user_pref("extensions.helperbar.downloadprovider", "ob_128");
Line Found : user_pref("extensions.helperbar.installationid", "d6f7ba42-d051-09d5-a953-b09956f39997");
Line Found : user_pref("extensions.helperbar.installdate", "08/11/2013");
Line Found : user_pref("extensions.helperbar.publisher", "quickobrw");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3153924");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3153924&CUI=UN39898513432788736&UM=2&SearchSource=13");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3153924&SearchSource=2&CUI=UN39898513432788736&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3153924");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3153924");
Line Found : user_pref("smartbar.machineId", "DWVTJPVTVYOZ4FT8I46+/VOWCA04UBRMLD3KLVANMMHSZHAE1HGVF9FMSRWCY6HPG5JH8BU4TEPKQ8V2DNRHCW");

-\\ Google Chrome v31.0.1650.48

[ File : C:\Users\Juanita\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : search_url
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [7330 octets] - [14/11/2013 10:50:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7390 octets] ##########

#10 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 14 November 2013 - 06:05 PM

Hi,

Tweaking.com Registry Backup

Download the tool found here to your Desktop so it is easy to find.
Double click on the file you just downloaded to install it to your system.
Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
**Note** The tool should automatically open to the Backup Registry tab.
Press Backup Now
When the back up is complete, the tool will tell you that Successful */* Files Backed Up
You have now successfully backed up your Registry.

----------

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services
 
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 11 CE 92 97 DC CE 01  [binary data]
IE - HKCU\..\SearchScopes\{386D7123-EEF2-4CEC-8A38-FC97E28E1468}: "URL" = http://search.condui...0492580713&UM=2
FF - prefs.js..browser.search.defaultthis.engineName: "Connect DLCS Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
[2013/11/08 10:39:04 | 000,001,001 | ---- | M] () -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\conduit.xml
[2013/11/08 12:08:13 | 000,002,115 | ---- | M] () -- C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\MyStart Search.xml
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
[2013/11/08 10:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/11/08 10:43:14 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Conduit
[2013/11/08 10:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/11/08 10:40:24 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Local\Wajam
[2013/11/08 10:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/11/08 10:39:07 | 000,000,000 | ---D | C] -- C:\Users\Juanita\AppData\Roaming\SearchProtect
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2013/11/14 10:40:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Dealply.job
 
:Files
dir C:\Windows\System32\jmdp /s /c
ipconfig /flushdns /c
 
:Commands
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Advertisements

Register to Remove

#11 morrisoncredit

New Member

Authentic Member
16 posts

Posted 15 November 2013 - 08:21 AM

New OTL Log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{386D7123-EEF2-4CEC-8A38-FC97E28E1468}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{386D7123-EEF2-4CEC-8A38-FC97E28E1468}\ not found.
Prefs.js: "Connect DLCS Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\conduit.xml moved successfully.
C:\Users\Juanita\AppData\Roaming\Mozilla\Firefox\Profiles\xc76rcld.default\searchplugins\MyStart Search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
C:\ProgramData\Conduit folder moved successfully.
C:\Users\Juanita\AppData\Local\Conduit folder moved successfully.
C:\Program Files\Conduit\CT3310511\plugins folder moved successfully.
C:\Program Files\Conduit\CT3310511 folder moved successfully.
C:\Program Files\Conduit\CT3153924\plugins folder moved successfully.
C:\Program Files\Conduit\CT3153924 folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Users\Juanita\AppData\Local\Wajam folder moved successfully.
C:\Program Files\SearchProtect\ffprotect folder moved successfully.
C:\Program Files\SearchProtect folder moved successfully.
C:\Users\Juanita\AppData\Roaming\SearchProtect\Res folder moved successfully.
C:\Users\Juanita\AppData\Roaming\SearchProtect\bin folder moved successfully.
C:\Users\Juanita\AppData\Roaming\SearchProtect folder moved successfully.
C:\Program Files\office.tmp folder deleted successfully.
C:\Windows\Tasks\Dealply.job moved successfully.
========== FILES ==========
< dir C:\Windows\System32\jmdp /s /c >
Volume in drive C is Windows
Volume Serial Number is 2225-4629
Directory of C:\Windows\System32\jmdp
11/09/2013 09:51 AM    <DIR>          .
11/09/2013 09:51 AM    <DIR>          ..
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               2 Dir(s) 965,185,540,096 bytes free
C:\Users\Juanita\Downloads\cmd.bat deleted successfully.
C:\Users\Juanita\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Juanita\Downloads\cmd.bat deleted successfully.
C:\Users\Juanita\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Juanita
->Temp folder emptied: 71518114 bytes
->Temporary Internet Files folder emptied: 13395529 bytes
->FireFox cache emptied: 220225465 bytes
->Google Chrome cache emptied: 2412688 bytes
->Flash cache emptied: 3075 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31459972 bytes
RecycleBin emptied: 3384352 bytes

Total Files Cleaned = 327.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 11152013_091532

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I'll be away until Monday 11/18 Thanks for your help

#12 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 15 November 2013 - 10:49 AM

Ok no problem.....Let me know how your system is running when you return.

#13 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 18 November 2013 - 05:05 PM

Back yet?

#14 morrisoncredit

New Member

Authentic Member
16 posts

Posted 18 November 2013 - 09:53 PM

Sorry Jeff...had to take care of an ailing Dad today....will check tomorrow Thanks

#15 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 19 November 2013 - 06:31 AM

Not a problem at all. Hope he gets better soon.

Body Background

skin color theme