Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alureon rootkit and a fake partition


  • This topic is locked This topic is locked
19 replies to this topic

#1 yhelfman

yhelfman

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:09:48 AM

Posted 21 March 2014 - 04:16 PM

Hi,

 

This post was initially in this original post:

http://www.bleepingcomputer.com/forums/t/528149/suspicious-behaviour-on-pc/#entry3321203

 

so that you can see what we've done so far and also the logs (I still have the logs if needed to be re-attached).

 

The issues that still remain at this point:

 

1. I'm able to connect to a WIFI network, but I'm still not able to browse to any url or download anything from the web.

2. Some Word docs that worked before now give error message when I try ti open them.

 

I named the topic of this post "Alureon rootkit and a fake partition" since Broni who helped me in the previous post concluded that is what I have.

 

I've followed Broni's instructions, scanned DDS and here's the log (assumed you do not need the attach.txt log at this point):

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by michal at 13:49:40 on 2014-03-21
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2935.1583 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://glz.co.il/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
uRun: [Google Update] "C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [googletalk] C:\Users\michal\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [PpTwbvAGVRj.exe] C:\ProgramData\PpTwbvAGVRj.exe
uRun: [AVG-Secure-Search-Update_1113a] C:\Users\michal\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=c1fca084785f47d38c1a41490800be4a-0da2fa089a937b9c7a2f45fa1aa4c7ff085918a3 /CMPID=1113a
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: netflix.com
TCP: Interfaces\{102292F6-C811-432C-9527-B87DEBB7114D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{102292F6-C811-432C-9527-B87DEBB7114D}\144545534303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{102292F6-C811-432C-9527-B87DEBB7114D}\84F4D454D253539323 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
x64-mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070901
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\
FF - component: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}\components\dtTransparency.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\michal\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\Users\michal\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.3.3\npasperaweb.dll
FF - plugin: c:\Users\michal\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.3.3\npasperaweb64.dll
FF - plugin: C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\extensions\awi@asperasoft.com\plugins\npinstallhelper.dll
FF - plugin: C:\Users\michal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\michal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\michal\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
---- FIREFOX POLICIES ----
.
.
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=&q=
FF - user.js: extensions.mysearchdial.id - 90004EE457B986D4
FF - user.js: extensions.mysearchdial.instlDay - 16132
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.015:40:20
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd0202ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - irmsd0202ff
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1273153481
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - irmsd0202ff
FF - user.js: extensions.irmysearch.instlRef - irmsd0202ff
FF - user.js: extensions.irmysearch.cr - 1273153481
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-5 55280]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-11-5 46368]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-28 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-28 13336]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-28 1692480]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-11-5 5093216]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-28 2320920]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-3-28 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-28 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-3-28 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-28 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-28 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-28 289280]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-17 7680512]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-28 250984]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-28 325152]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-20 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-21 01:15:48 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-21 01:15:48 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-21 01:14:48 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-20 23:40:20 -------- d-----w- C:\Users\michal\AppData\Roaming\Malwarebytes
2014-03-20 23:39:59 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-20 23:39:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 23:36:53 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{986EB6C8-B60C-4131-8B20-68EBBAAD43F2}\offreg.dll
2014-03-03 23:42:20 20312 ----a-w- C:\Windows\System32\roboot64.exe
2014-03-03 23:42:16 -------- d-----w- C:\Users\michal\AppData\Roaming\systweak
2014-03-03 23:40:56 -------- d-----w- C:\Program Files (x86)\FindRight
.
==================== Find3M  ====================
.
2014-02-21 21:07:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 21:07:32 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-21 21:06:45 17858952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
============= FINISH: 13:53:47.39 ===============
 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 22 March 2014 - 05:20 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:09:48 AM

Posted 22 March 2014 - 05:32 PM

Hi Marius,

 

After I scanned TDSSKiller the default option was actually "Cure" and not "Copy to Quarantine", but I followed your instructions and changed it to "Skip".

Here's the log.

 

15:26:40.0499 0x0e14  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
15:27:15.0759 0x0e14  ============================================================
15:27:15.0759 0x0e14  Current date / time: 2014/03/22 15:27:15.0759
15:27:15.0759 0x0e14  SystemInfo:
15:27:15.0759 0x0e14 
15:27:15.0759 0x0e14  OS Version: 6.1.7600 ServicePack: 0.0
15:27:15.0759 0x0e14  Product type: Workstation
15:27:15.0759 0x0e14  ComputerName: INSPIRON
15:27:15.0759 0x0e14  UserName: michal
15:27:15.0759 0x0e14  Windows directory: C:\Windows
15:27:15.0759 0x0e14  System windows directory: C:\Windows
15:27:15.0759 0x0e14  Running under WOW64
15:27:15.0759 0x0e14  Processor architecture: Intel x64
15:27:15.0759 0x0e14  Number of processors: 4
15:27:15.0759 0x0e14  Page size: 0x1000
15:27:15.0759 0x0e14  Boot type: Normal boot
15:27:15.0759 0x0e14  ============================================================
15:27:15.0946 0x0e14  KLMD registered as C:\Windows\system32\drivers\99641606.sys
15:27:16.0040 0x0e14  System UUID: {50B9F859-006D-E0A4-A936-0C7F5441F2AA}
15:27:16.0430 0x0e14  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:27:16.0430 0x0e14  ============================================================
15:27:16.0430 0x0e14  \Device\Harddisk0\DR0:
15:27:16.0430 0x0e14  MBR partitions:
15:27:16.0430 0x0e14  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
15:27:16.0430 0x0e14  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x236AFAB0
15:27:16.0430 0x0e14  ============================================================
15:27:16.0477 0x0e14  C: <-> \Device\Harddisk0\DR0\Partition2
15:27:16.0477 0x0e14  ============================================================
15:27:16.0477 0x0e14  Initialize success
15:27:16.0477 0x0e14  ============================================================
15:27:27.0802 0x03c0  ============================================================
15:27:27.0802 0x03c0  Scan started
15:27:27.0802 0x03c0  Mode: Manual;
15:27:27.0802 0x03c0  ============================================================
15:27:27.0802 0x03c0  KSN ping started
15:27:27.0818 0x03c0  KSN ping finished: false
15:27:28.0489 0x03c0  ================ Scan system memory ========================
15:27:28.0489 0x03c0  System memory - ok
15:27:28.0489 0x03c0  ================ Scan services =============================
15:27:28.0769 0x03c0  [ 969C91060CBB5D17CB8440B5F78B4C51, 9B5754DDACA15B11DB4D22B0473360C72CFA854AD4AD57546AF3B3C63AAE7759 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:27:28.0785 0x03c0  1394ohci - ok
15:27:28.0879 0x03c0  [ 794FF35015209B9D44F1360C42C9776D, 4CF2C3968A4A3A5211BAD5F6D9E7A70C18FAE0BF57F45413711AB0C974C419EA ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:27:28.0894 0x03c0  ACPI - ok
15:27:28.0941 0x03c0  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:27:28.0941 0x03c0  AcpiPmi - ok
15:27:29.0066 0x03c0  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:27:29.0066 0x03c0  AdobeARMservice - ok
15:27:29.0269 0x03c0  [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:27:29.0269 0x03c0  AdobeFlashPlayerUpdateSvc - ok
15:27:29.0362 0x03c0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:27:29.0378 0x03c0  adp94xx - ok
15:27:29.0425 0x03c0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:27:29.0456 0x03c0  adpahci - ok
15:27:29.0487 0x03c0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:27:29.0503 0x03c0  adpu320 - ok
15:27:29.0565 0x03c0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:27:29.0565 0x03c0  AeLookupSvc - ok
15:27:29.0659 0x03c0  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
15:27:29.0659 0x03c0  AESTFilters - ok
15:27:29.0768 0x03c0  [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD             C:\Windows\system32\drivers\afd.sys
15:27:29.0908 0x03c0  AFD - ok
15:27:29.0939 0x03c0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:27:29.0955 0x03c0  agp440 - ok
15:27:29.0971 0x03c0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:27:29.0971 0x03c0  ALG - ok
15:27:30.0017 0x03c0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:27:30.0017 0x03c0  aliide - ok
15:27:30.0064 0x03c0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:27:30.0080 0x03c0  amdide - ok
15:27:30.0095 0x03c0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:27:30.0095 0x03c0  AmdK8 - ok
15:27:30.0111 0x03c0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:27:30.0127 0x03c0  AmdPPM - ok
15:27:30.0173 0x03c0  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:27:30.0173 0x03c0  amdsata - ok
15:27:30.0205 0x03c0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:27:30.0220 0x03c0  amdsbs - ok
15:27:30.0236 0x03c0  [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:27:30.0236 0x03c0  amdxata - ok
15:27:30.0267 0x03c0  [ 308A886677FB0BD87F495DC95ACD8C54, 340A97D9EFB915CD8E4DA307FFB6549B89F6191028451FCD215FF6A6C74F0D96 ] AppID           C:\Windows\system32\drivers\appid.sys
15:27:30.0267 0x03c0  AppID - ok
15:27:30.0298 0x03c0  [ C0FA6F414410F70417016632DB6FEAF7, E0EDCAF538CAC3D6921649735937CCD9EB4FBB2B051F71AF91D918BA52DEB248 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:27:30.0298 0x03c0  AppIDSvc - ok
15:27:30.0314 0x03c0  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
15:27:30.0329 0x03c0  Appinfo - ok
15:27:30.0439 0x03c0  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:27:30.0439 0x03c0  Apple Mobile Device - ok
15:27:30.0470 0x03c0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:27:30.0470 0x03c0  arc - ok
15:27:30.0485 0x03c0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:27:30.0485 0x03c0  arcsas - ok
15:27:30.0563 0x03c0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:30.0563 0x03c0  AsyncMac - ok
15:27:30.0626 0x03c0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:27:30.0626 0x03c0  atapi - ok
15:27:30.0719 0x03c0  [ E1FFD1F7B043AEF0ACC9E7593043FD4C, 0C5B9ED4484E4280AF884B4E14A514336E86B9F237627E7CA912D59DD8A30C2F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:27:30.0751 0x03c0  AudioEndpointBuilder - ok
15:27:30.0782 0x03c0  [ E1FFD1F7B043AEF0ACC9E7593043FD4C, 0C5B9ED4484E4280AF884B4E14A514336E86B9F237627E7CA912D59DD8A30C2F ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:27:30.0797 0x03c0  AudioSrv - ok
15:27:30.0875 0x03c0  [ A1F53D2A00E64679A1D81B61D2333D06, 41D4F252693A2382A1C1FB85A49DF5AAB5B21620DC09A0E1A7F66A437E3A0B3B ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
15:27:30.0875 0x03c0  avgtp - ok
15:27:30.0891 0x03c0  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:27:30.0907 0x03c0  AxInstSV - ok
15:27:30.0969 0x03c0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:27:30.0985 0x03c0  b06bdrv - ok
15:27:31.0000 0x03c0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:27:31.0016 0x03c0  b57nd60a - ok
15:27:31.0047 0x03c0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:27:31.0047 0x03c0  BDESVC - ok
15:27:31.0063 0x03c0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:27:31.0063 0x03c0  Beep - ok
15:27:31.0156 0x03c0  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
15:27:31.0187 0x03c0  BFE - ok
15:27:31.0343 0x03c0  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
15:27:31.0390 0x03c0  BITS - ok
15:27:31.0453 0x03c0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:27:31.0453 0x03c0  blbdrive - ok
15:27:31.0515 0x03c0  [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:27:31.0515 0x03c0  bowser - ok
15:27:31.0531 0x03c0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:27:31.0531 0x03c0  BrFiltLo - ok
15:27:31.0546 0x03c0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:27:31.0546 0x03c0  BrFiltUp - ok
15:27:31.0624 0x03c0  [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser         C:\Windows\System32\browser.dll
15:27:31.0624 0x03c0  Browser - ok
15:27:31.0687 0x03c0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\system32\DRIVERS\BrSerId.sys
15:27:31.0702 0x03c0  Brserid - ok
15:27:31.0718 0x03c0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:27:31.0718 0x03c0  BrSerWdm - ok
15:27:31.0733 0x03c0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:27:31.0733 0x03c0  BrUsbMdm - ok
15:27:31.0765 0x03c0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
15:27:31.0765 0x03c0  BrUsbSer - ok
15:27:31.0811 0x03c0  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:27:31.0811 0x03c0  BthEnum - ok
15:27:31.0827 0x03c0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:27:31.0827 0x03c0  BTHMODEM - ok
15:27:31.0889 0x03c0  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:27:31.0889 0x03c0  BthPan - ok
15:27:31.0936 0x03c0  [ D59773C7FDD3D795D6FE402EEEA8D71E, 9A26A1A3254D7BCDFADFFC9FD5D1A53A3DF12AC874FB2525AD33B87E42EFC5B1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:27:31.0967 0x03c0  BTHPORT - ok
15:27:32.0014 0x03c0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:27:32.0014 0x03c0  bthserv - ok
15:27:32.0045 0x03c0  [ 8504842634DD144C075B6B0C982CCEC4, BFBB8D67F146FBD4813BB8B29A3865C222966DA2B043732A5BCD759A40F4E5CE ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:27:32.0045 0x03c0  BTHUSB - ok
15:27:32.0077 0x03c0  [ D3466F77C2C49C6E393BA5FBA963A33E, FD5E48A29E153BBAB095AB2E3B86F592B1FC1F790978911093B5F8A2CD6C5652 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
15:27:32.0077 0x03c0  btusbflt - ok
15:27:32.0108 0x03c0  [ AF838D8029AE7C27470862D63FA54D24, 96247094D2446CEE594AD765B98DE8583762A96FE83223CB18B4CDB3A4958376 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:27:32.0108 0x03c0  btwaudio - ok
15:27:32.0139 0x03c0  [ 5C849BD7C78791C5CEE9F4651D7FE38D, BC93A1B911FB4A44EC4DB64AF9AFC6F2013CD76BFB6FA9E4834CFDAAAF4BCD9F ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
15:27:32.0139 0x03c0  btwavdt - ok
15:27:32.0217 0x03c0  [ 10FFB5FA51D5713D872B41A59DFC2213, E0C0EA99C862E3FCE4D121BB34DEC00E74A371DF4093A44055E70E9F4CFA3DC6 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:27:32.0248 0x03c0  btwdins - ok
15:27:32.0264 0x03c0  [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
15:27:32.0264 0x03c0  btwl2cap - ok
15:27:32.0295 0x03c0  [ 3E1991AFA851A36DC978B0A1B0535C8B, F55F7FDDD2A71532F163E4F14B26A09DCDB7C970E806D803418D4CE0DFF09FB6 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:27:32.0295 0x03c0  btwrchid - ok
15:27:32.0326 0x03c0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:27:32.0342 0x03c0  cdfs - ok
15:27:32.0389 0x03c0  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
15:27:32.0389 0x03c0  cdrom - ok
15:27:32.0435 0x03c0  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:27:32.0435 0x03c0  CertPropSvc - ok
15:27:32.0451 0x03c0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:27:32.0451 0x03c0  circlass - ok
15:27:32.0498 0x03c0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:27:32.0545 0x03c0  CLFS - ok
15:27:32.0669 0x03c0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:32.0669 0x03c0  clr_optimization_v2.0.50727_32 - ok
15:27:32.0747 0x03c0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:27:32.0747 0x03c0  clr_optimization_v2.0.50727_64 - ok
15:27:32.0825 0x03c0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:32.0841 0x03c0  clr_optimization_v4.0.30319_32 - ok
15:27:32.0872 0x03c0  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:27:32.0872 0x03c0  clr_optimization_v4.0.30319_64 - ok
15:27:32.0888 0x03c0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:27:32.0888 0x03c0  CmBatt - ok
15:27:32.0935 0x03c0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:27:32.0935 0x03c0  cmdide - ok
15:27:33.0013 0x03c0  [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:27:33.0028 0x03c0  CNG - ok
15:27:33.0044 0x03c0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:27:33.0044 0x03c0  Compbatt - ok
15:27:33.0091 0x03c0  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:27:33.0091 0x03c0  CompositeBus - ok
15:27:33.0106 0x03c0  COMSysApp - ok
15:27:33.0122 0x03c0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:27:33.0122 0x03c0  crcdisk - ok
15:27:33.0200 0x03c0  [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:27:33.0215 0x03c0  CryptSvc - ok
15:27:33.0293 0x03c0  [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:27:33.0293 0x03c0  CtClsFlt - ok
15:27:33.0449 0x03c0  [ 72794D112CBAFF3BC0C29BF7350D4741, 060C207F27306A3464FBCD8B08BDC97E34923ECA349933ECB059848BD08F41ED ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:27:33.0512 0x03c0  cvhsvc - ok
15:27:33.0605 0x03c0  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:27:33.0637 0x03c0  DcomLaunch - ok
15:27:33.0683 0x03c0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:27:33.0699 0x03c0  defragsvc - ok
15:27:33.0730 0x03c0  [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:27:33.0746 0x03c0  DfsC - ok
15:27:33.0839 0x03c0  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:27:33.0855 0x03c0  Dhcp - ok
15:27:33.0886 0x03c0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:27:33.0886 0x03c0  discache - ok
15:27:33.0902 0x03c0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:27:33.0902 0x03c0  Disk - ok
15:27:33.0980 0x03c0  [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:27:33.0980 0x03c0  Dnscache - ok
15:27:34.0011 0x03c0  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:27:34.0011 0x03c0  dot3svc - ok
15:27:34.0073 0x03c0  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
15:27:34.0089 0x03c0  DPS - ok
15:27:34.0105 0x03c0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:27:34.0105 0x03c0  drmkaud - ok
15:27:34.0198 0x03c0  [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:27:34.0245 0x03c0  DXGKrnl - ok
15:27:34.0261 0x03c0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:27:34.0276 0x03c0  EapHost - ok
15:27:34.0417 0x03c0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:27:34.0557 0x03c0  ebdrv - ok
15:27:34.0666 0x03c0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS             C:\Windows\System32\lsass.exe
15:27:34.0666 0x03c0  EFS - ok
15:27:34.0775 0x03c0  [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:27:34.0807 0x03c0  ehRecvr - ok
15:27:34.0838 0x03c0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:27:34.0838 0x03c0  ehSched - ok
15:27:34.0885 0x03c0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:27:34.0916 0x03c0  elxstor - ok
15:27:34.0947 0x03c0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:27:34.0947 0x03c0  ErrDev - ok
15:27:35.0009 0x03c0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:27:35.0025 0x03c0  EventSystem - ok
15:27:35.0150 0x03c0  [ B56D9602DB5FE1C116B1CA5EFD8E2E50, 34F52939089A98860E659BEF6AB8275BC50C33CC282DD3D34E13909BB7E3E575 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:27:35.0212 0x03c0  EvtEng - ok
15:27:35.0243 0x03c0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:27:35.0259 0x03c0  exfat - ok
15:27:35.0306 0x03c0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:27:35.0306 0x03c0  fastfat - ok
15:27:35.0368 0x03c0  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
15:27:35.0399 0x03c0  Fax - ok
15:27:35.0415 0x03c0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:27:35.0415 0x03c0  fdc - ok
15:27:35.0431 0x03c0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:27:35.0431 0x03c0  fdPHost - ok
15:27:35.0446 0x03c0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:27:35.0462 0x03c0  FDResPub - ok
15:27:35.0477 0x03c0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:27:35.0493 0x03c0  FileInfo - ok
15:27:35.0509 0x03c0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:27:35.0509 0x03c0  Filetrace - ok
15:27:35.0540 0x03c0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:27:35.0540 0x03c0  flpydisk - ok
15:27:35.0587 0x03c0  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:27:35.0602 0x03c0  FltMgr - ok
15:27:35.0758 0x03c0  [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache       C:\Windows\system32\FntCache.dll
15:27:35.0821 0x03c0  FontCache - ok
15:27:35.0867 0x03c0  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:27:35.0867 0x03c0  FontCache3.0.0.0 - ok
15:27:35.0883 0x03c0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:27:35.0883 0x03c0  FsDepends - ok
15:27:35.0914 0x03c0  [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:27:35.0914 0x03c0  Fs_Rec - ok
15:27:35.0961 0x03c0  [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:27:35.0961 0x03c0  fvevol - ok
15:27:35.0992 0x03c0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:27:35.0992 0x03c0  gagp30kx - ok
15:27:36.0039 0x03c0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:27:36.0039 0x03c0  GEARAspiWDM - ok
15:27:36.0148 0x03c0  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:27:36.0211 0x03c0  gpsvc - ok
15:27:36.0226 0x03c0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:27:36.0226 0x03c0  hcw85cir - ok
15:27:36.0304 0x03c0  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:27:36.0335 0x03c0  HdAudAddService - ok
15:27:36.0398 0x03c0  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:27:36.0413 0x03c0  HDAudBus - ok
15:27:36.0445 0x03c0  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
15:27:36.0445 0x03c0  HECIx64 - ok
15:27:36.0460 0x03c0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:27:36.0460 0x03c0  HidBatt - ok
15:27:36.0476 0x03c0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:27:36.0507 0x03c0  HidBth - ok
15:27:36.0507 0x03c0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:27:36.0523 0x03c0  HidIr - ok
15:27:36.0538 0x03c0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:27:36.0538 0x03c0  hidserv - ok
15:27:36.0585 0x03c0  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:27:36.0585 0x03c0  HidUsb - ok
15:27:36.0616 0x03c0  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:27:36.0616 0x03c0  hkmsvc - ok
15:27:36.0647 0x03c0  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:27:36.0647 0x03c0  HomeGroupListener - ok
15:27:36.0741 0x03c0  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:27:36.0741 0x03c0  HomeGroupProvider - ok
15:27:36.0788 0x03c0  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:27:36.0803 0x03c0  HpSAMD - ok
15:27:36.0850 0x03c0  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:27:36.0897 0x03c0  HTTP - ok
15:27:36.0913 0x03c0  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:27:36.0913 0x03c0  hwpolicy - ok
15:27:36.0959 0x03c0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:27:36.0975 0x03c0  i8042prt - ok
15:27:37.0022 0x03c0  [ 2064090C9FAAD92C090D77E50E735B2E, 802BF10AF2F4B5DC93926C34DB2782DA6FD7243766D583E85603879483A592D2 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:27:37.0037 0x03c0  iaStor - ok
15:27:37.0100 0x03c0  [ A9BE186ABF28B3D3D698CB855EDF457E, 03E1851132E1C8669CF9B3CEB1C9E6AE45BBAC2632FEEDD311F3B3FAA9B623DD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:27:37.0100 0x03c0  IAStorDataMgrSvc - ok
15:27:37.0162 0x03c0  [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:27:37.0193 0x03c0  iaStorV - ok
15:27:37.0287 0x03c0  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:27:37.0334 0x03c0  idsvc - ok
15:27:37.0693 0x03c0  [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:27:38.0020 0x03c0  igfx - ok
15:27:38.0067 0x03c0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:27:38.0067 0x03c0  iirsp - ok
15:27:38.0129 0x03c0  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
15:27:38.0161 0x03c0  IKEEXT - ok
15:27:38.0239 0x03c0  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
15:27:38.0239 0x03c0  Impcd - ok
15:27:38.0270 0x03c0  [ C6C1F19205DA83C801BE7C25F4E2EE07, AE28686272D0F3789751C8F73BE998026BA80D93539C81DDE148E34A34A9AD0C ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:27:38.0285 0x03c0  IntcDAud - ok
15:27:38.0332 0x03c0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:27:38.0332 0x03c0  intelide - ok
15:27:38.0363 0x03c0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:27:38.0379 0x03c0  intelppm - ok
15:27:38.0395 0x03c0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:27:38.0410 0x03c0  IPBusEnum - ok
15:27:38.0426 0x03c0  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:38.0441 0x03c0  IpFilterDriver - ok
15:27:38.0535 0x03c0  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:27:38.0582 0x03c0  iphlpsvc - ok
15:27:38.0613 0x03c0  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:27:38.0629 0x03c0  IPMIDRV - ok
15:27:38.0644 0x03c0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:27:38.0644 0x03c0  IPNAT - ok
15:27:38.0738 0x03c0  [ 0FF335D687C85097725A53458160E81E, BF8BB3C8AF1822BEB5FF5F8008614B982F277D862B16B6516CA91F73D336E9D4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:27:38.0769 0x03c0  iPod Service - ok
15:27:38.0785 0x03c0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:27:38.0785 0x03c0  IRENUM - ok
15:27:38.0831 0x03c0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:27:38.0831 0x03c0  isapnp - ok
15:27:38.0878 0x03c0  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:27:38.0878 0x03c0  iScsiPrt - ok
15:27:38.0925 0x03c0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:27:38.0925 0x03c0  kbdclass - ok
15:27:38.0956 0x03c0  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:27:38.0956 0x03c0  kbdhid - ok
15:27:38.0972 0x03c0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso          C:\Windows\system32\lsass.exe
15:27:38.0972 0x03c0  KeyIso - ok
15:27:39.0019 0x03c0  [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:27:39.0019 0x03c0  KSecDD - ok
15:27:39.0050 0x03c0  [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:27:39.0050 0x03c0  KSecPkg - ok
15:27:39.0081 0x03c0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:27:39.0081 0x03c0  ksthunk - ok
15:27:39.0128 0x03c0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:27:39.0159 0x03c0  KtmRm - ok
15:27:39.0268 0x03c0  [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:27:39.0284 0x03c0  LanmanServer - ok
15:27:39.0331 0x03c0  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:27:39.0346 0x03c0  LanmanWorkstation - ok
15:27:39.0377 0x03c0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:27:39.0393 0x03c0  lltdio - ok
15:27:39.0424 0x03c0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:27:39.0440 0x03c0  lltdsvc - ok
15:27:39.0471 0x03c0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:27:39.0471 0x03c0  lmhosts - ok
15:27:39.0533 0x03c0  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:27:39.0549 0x03c0  LMS - ok
15:27:39.0580 0x03c0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:27:39.0580 0x03c0  LSI_FC - ok
15:27:39.0580 0x03c0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:27:39.0596 0x03c0  LSI_SAS - ok
15:27:39.0611 0x03c0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:27:39.0611 0x03c0  LSI_SAS2 - ok
15:27:39.0627 0x03c0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:27:39.0627 0x03c0  LSI_SCSI - ok
15:27:39.0674 0x03c0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:27:39.0674 0x03c0  luafv - ok
15:27:39.0736 0x03c0  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:27:39.0736 0x03c0  Mcx2Svc - ok
15:27:39.0752 0x03c0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:27:39.0752 0x03c0  megasas - ok
15:27:39.0783 0x03c0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:27:39.0799 0x03c0  MegaSR - ok
15:27:39.0830 0x03c0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:27:39.0830 0x03c0  MMCSS - ok
15:27:39.0861 0x03c0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:27:39.0861 0x03c0  Modem - ok
15:27:39.0877 0x03c0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:27:39.0877 0x03c0  monitor - ok
15:27:39.0908 0x03c0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:27:39.0908 0x03c0  mouclass - ok
15:27:39.0939 0x03c0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:27:39.0939 0x03c0  mouhid - ok
15:27:39.0955 0x03c0  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:27:39.0970 0x03c0  mountmgr - ok
15:27:40.0064 0x03c0  [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:27:40.0064 0x03c0  MozillaMaintenance - ok
15:27:40.0126 0x03c0  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:27:40.0142 0x03c0  mpio - ok
15:27:40.0157 0x03c0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:27:40.0173 0x03c0  mpsdrv - ok
15:27:40.0251 0x03c0  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:27:40.0298 0x03c0  MpsSvc - ok
15:27:40.0329 0x03c0  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:27:40.0329 0x03c0  MRxDAV - ok
15:27:40.0391 0x03c0  [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:27:40.0407 0x03c0  mrxsmb - ok
15:27:40.0454 0x03c0  [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:27:40.0469 0x03c0  mrxsmb10 - ok
15:27:40.0516 0x03c0  [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:27:40.0516 0x03c0  mrxsmb20 - ok
15:27:40.0563 0x03c0  [ BCCF16D5FB1109162380E3E28DC9E4E5, E27253A4AD6A82A2F47FD36EC849EEBFA30538C97E1A3FF39FEFB34D3F908C9D ] msahci          C:\Windows\system32\drivers\msahci.sys
15:27:40.0563 0x03c0  msahci - ok
15:27:40.0610 0x03c0  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:27:40.0610 0x03c0  msdsm - ok
15:27:40.0657 0x03c0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:27:40.0657 0x03c0  MSDTC - ok
15:27:40.0703 0x03c0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:27:40.0703 0x03c0  Msfs - ok
15:27:40.0719 0x03c0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:27:40.0719 0x03c0  mshidkmdf - ok
15:27:40.0766 0x03c0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:27:40.0766 0x03c0  msisadrv - ok
15:27:40.0814 0x03c0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:27:40.0814 0x03c0  MSiSCSI - ok
15:27:40.0829 0x03c0  msiserver - ok
15:27:40.0845 0x03c0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:27:40.0845 0x03c0  MSKSSRV - ok
15:27:40.0860 0x03c0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:27:40.0860 0x03c0  MSPCLOCK - ok
15:27:40.0876 0x03c0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:27:40.0876 0x03c0  MSPQM - ok
15:27:40.0907 0x03c0  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:27:40.0923 0x03c0  MsRPC - ok
15:27:40.0938 0x03c0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:27:40.0938 0x03c0  mssmbios - ok
15:27:40.0954 0x03c0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:27:40.0954 0x03c0  MSTEE - ok
15:27:40.0970 0x03c0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:27:40.0970 0x03c0  MTConfig - ok
15:27:41.0001 0x03c0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:27:41.0001 0x03c0  Mup - ok
15:27:41.0048 0x03c0  [ A9BC2302FBDF52C8AF4E2FC966288D21, 4CBDCDCC2BA8133BDC0BA1A1EB47FB9241CAACF93544BAD37175417DA9E616D6 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:27:41.0079 0x03c0  MyWiFiDHCPDNS - ok
15:27:41.0141 0x03c0  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
15:27:41.0157 0x03c0  napagent - ok
15:27:41.0188 0x03c0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:27:41.0188 0x03c0  NativeWifiP - ok
15:27:41.0235 0x03c0  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:27:41.0266 0x03c0  NDIS - ok
15:27:41.0297 0x03c0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:27:41.0297 0x03c0  NdisCap - ok
15:27:41.0313 0x03c0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:27:41.0313 0x03c0  NdisTapi - ok
15:27:41.0344 0x03c0  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:27:41.0344 0x03c0  Ndisuio - ok
15:27:41.0360 0x03c0  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:27:41.0375 0x03c0  NdisWan - ok
15:27:41.0391 0x03c0  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:27:41.0391 0x03c0  NDProxy - ok
15:27:41.0438 0x03c0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:27:41.0438 0x03c0  NetBIOS - ok
15:27:41.0453 0x03c0  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:27:41.0469 0x03c0  NetBT - ok
15:27:41.0484 0x03c0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon        C:\Windows\system32\lsass.exe
15:27:41.0484 0x03c0  Netlogon - ok
15:27:41.0547 0x03c0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:27:41.0578 0x03c0  Netman - ok
15:27:41.0609 0x03c0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:27:41.0625 0x03c0  netprofm - ok
15:27:41.0656 0x03c0  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:27:41.0656 0x03c0  NetTcpPortSharing - ok
15:27:41.0921 0x03c0  [ 24F64343F14A119308456E1CA7507B26, E9219B173426E872977C3D615552B066C697A31D003AE3F0012BF1C6FFCEFF51 ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
15:27:42.0186 0x03c0  NETw5s64 - ok
15:27:42.0218 0x03c0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:27:42.0218 0x03c0  nfrd960 - ok
15:27:42.0296 0x03c0  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:27:42.0327 0x03c0  NlaSvc - ok
15:27:42.0342 0x03c0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:27:42.0342 0x03c0  Npfs - ok
15:27:42.0374 0x03c0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:27:42.0374 0x03c0  nsi - ok
15:27:42.0389 0x03c0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:27:42.0389 0x03c0  nsiproxy - ok
15:27:42.0498 0x03c0  [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:27:42.0608 0x03c0  Ntfs - ok
15:27:42.0623 0x03c0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:27:42.0623 0x03c0  Null - ok
15:27:42.0654 0x03c0  [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:27:42.0654 0x03c0  nvraid - ok
15:27:42.0717 0x03c0  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:27:42.0732 0x03c0  nvstor - ok
15:27:42.0764 0x03c0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:27:42.0779 0x03c0  nv_agp - ok
15:27:42.0810 0x03c0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:27:42.0826 0x03c0  ohci1394 - ok
15:27:42.0888 0x03c0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:27:42.0904 0x03c0  ose - ok
15:27:43.0107 0x03c0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:27:43.0294 0x03c0  osppsvc - ok
15:27:43.0325 0x03c0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:27:43.0341 0x03c0  p2pimsvc - ok
15:27:43.0356 0x03c0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:27:43.0372 0x03c0  p2psvc - ok
15:27:43.0388 0x03c0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:27:43.0388 0x03c0  Parport - ok
15:27:43.0419 0x03c0  [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:27:43.0419 0x03c0  partmgr - ok
15:27:43.0450 0x03c0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:27:43.0466 0x03c0  PcaSvc - ok
15:27:43.0590 0x03c0  [ 7317A0B550F7AC0223B7070897670476, ABB0A1296BA267467C16CF99383EFCAB1732B07EE5B2494197A26B8432DD0A94 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
15:27:43.0637 0x03c0  PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
15:27:43.0715 0x03c0  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\drivers\pci.sys
15:27:43.0715 0x03c0  pci - ok
15:27:43.0762 0x03c0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:27:43.0762 0x03c0  pciide - ok
15:27:43.0793 0x03c0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:27:43.0809 0x03c0  pcmcia - ok
15:27:43.0840 0x03c0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:27:43.0840 0x03c0  pcw - ok
15:27:43.0902 0x03c0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:27:43.0934 0x03c0  PEAUTH - ok
15:27:44.0027 0x03c0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:27:44.0027 0x03c0  PerfHost - ok
15:27:44.0090 0x03c0  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
15:27:44.0168 0x03c0  pla - ok
15:27:44.0277 0x03c0  [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:27:44.0308 0x03c0  PlugPlay - ok
15:27:44.0339 0x03c0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:27:44.0339 0x03c0  PNRPAutoReg - ok
15:27:44.0370 0x03c0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:27:44.0386 0x03c0  PNRPsvc - ok
15:27:44.0480 0x03c0  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:27:44.0495 0x03c0  PolicyAgent - ok
15:27:44.0542 0x03c0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:27:44.0542 0x03c0  Power - ok
15:27:44.0589 0x03c0  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:27:44.0589 0x03c0  PptpMiniport - ok
15:27:44.0604 0x03c0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:27:44.0620 0x03c0  Processor - ok
15:27:44.0714 0x03c0  [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc         C:\Windows\system32\profsvc.dll
15:27:44.0729 0x03c0  ProfSvc - ok
15:27:44.0729 0x03c0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:27:44.0729 0x03c0  ProtectedStorage - ok
15:27:44.0760 0x03c0  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:27:44.0760 0x03c0  Psched - ok
15:27:44.0823 0x03c0  [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
15:27:44.0823 0x03c0  PxHlpa64 - ok
15:27:44.0916 0x03c0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:27:44.0994 0x03c0  ql2300 - ok
15:27:45.0010 0x03c0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:27:45.0010 0x03c0  ql40xx - ok
15:27:45.0041 0x03c0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:27:45.0041 0x03c0  QWAVE - ok
15:27:45.0072 0x03c0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:27:45.0072 0x03c0  QWAVEdrv - ok
15:27:45.0088 0x03c0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:27:45.0088 0x03c0  RasAcd - ok
15:27:45.0119 0x03c0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:27:45.0119 0x03c0  RasAgileVpn - ok
15:27:45.0135 0x03c0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:27:45.0135 0x03c0  RasAuto - ok
15:27:45.0166 0x03c0  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:27:45.0166 0x03c0  Rasl2tp - ok
15:27:45.0197 0x03c0  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
15:27:45.0244 0x03c0  RasMan - ok
15:27:45.0260 0x03c0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:27:45.0260 0x03c0  RasPppoe - ok
15:27:45.0275 0x03c0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:27:45.0275 0x03c0  RasSstp - ok
15:27:45.0306 0x03c0  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:27:45.0322 0x03c0  rdbss - ok
15:27:45.0338 0x03c0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:27:45.0338 0x03c0  rdpbus - ok
15:27:45.0369 0x03c0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:27:45.0369 0x03c0  RDPCDD - ok
15:27:45.0400 0x03c0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:27:45.0400 0x03c0  RDPENCDD - ok
15:27:45.0400 0x03c0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:27:45.0400 0x03c0  RDPREFMP - ok
15:27:45.0462 0x03c0  [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:27:45.0462 0x03c0  RDPWD - ok
15:27:45.0494 0x03c0  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:27:45.0494 0x03c0  rdyboost - ok
15:27:45.0587 0x03c0  [ 0AA473966357C4A41B5EB19649EB6E5E, D4F1EADDECE41481332CBF03B8CAB4AC6AB048834DF013DB30757E7941F306FE ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:27:45.0618 0x03c0  RegSrvc - ok
15:27:45.0634 0x03c0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:27:45.0634 0x03c0  RemoteAccess - ok
15:27:45.0650 0x03c0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:27:45.0650 0x03c0  RemoteRegistry - ok
15:27:45.0712 0x03c0  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:27:45.0728 0x03c0  RFCOMM - ok
15:27:45.0743 0x03c0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:27:45.0743 0x03c0  RpcEptMapper - ok
15:27:45.0774 0x03c0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:27:45.0774 0x03c0  RpcLocator - ok
15:27:45.0852 0x03c0  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
15:27:45.0868 0x03c0  RpcSs - ok
15:27:45.0899 0x03c0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:27:45.0899 0x03c0  rspndr - ok
15:27:45.0977 0x03c0  [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
15:27:45.0977 0x03c0  RSUSBSTOR - ok
15:27:46.0008 0x03c0  [ FD978B2BF8A9B2390DCBEF435E9C1F9F, 52CFFE354006CCF087D3651D9D2AF201FD8A8FE8FB7D9CAAC8A527E91838ACE6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:27:46.0024 0x03c0  RTL8167 - ok
15:27:46.0055 0x03c0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs           C:\Windows\system32\lsass.exe
15:27:46.0055 0x03c0  SamSs - ok
15:27:46.0102 0x03c0  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:27:46.0118 0x03c0  sbp2port - ok
15:27:46.0133 0x03c0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:27:46.0149 0x03c0  SCardSvr - ok
15:27:46.0164 0x03c0  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:27:46.0164 0x03c0  scfilter - ok
15:27:46.0289 0x03c0  [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule        C:\Windows\system32\schedsvc.dll
15:27:46.0398 0x03c0  Schedule - ok
15:27:46.0430 0x03c0  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:27:46.0430 0x03c0  SCPolicySvc - ok
15:27:46.0445 0x03c0  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:27:46.0445 0x03c0  SDRSVC - ok
15:27:46.0461 0x03c0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:27:46.0461 0x03c0  secdrv - ok
15:27:46.0492 0x03c0  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
15:27:46.0492 0x03c0  seclogon - ok
15:27:46.0508 0x03c0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:27:46.0508 0x03c0  SENS - ok
15:27:46.0523 0x03c0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:27:46.0523 0x03c0  SensrSvc - ok
15:27:46.0539 0x03c0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:27:46.0539 0x03c0  Serenum - ok
15:27:46.0570 0x03c0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:27:46.0570 0x03c0  Serial - ok
15:27:46.0586 0x03c0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:27:46.0586 0x03c0  sermouse - ok
15:27:46.0632 0x03c0  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:27:46.0648 0x03c0  SessionEnv - ok
15:27:46.0679 0x03c0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:27:46.0695 0x03c0  sffdisk - ok
15:27:46.0726 0x03c0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:27:46.0726 0x03c0  sffp_mmc - ok
15:27:46.0773 0x03c0  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:27:46.0773 0x03c0  sffp_sd - ok
15:27:46.0788 0x03c0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:27:46.0804 0x03c0  sfloppy - ok
15:27:46.0882 0x03c0  [ C6CC9297BD53E5229653303E556AA539, 921E21EDED244FEE15B56564B97C97785F45AB862C1012BFA0B96B121DC90076 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
15:27:46.0929 0x03c0  Sftfs - ok
15:27:47.0054 0x03c0  [ 13693B6354DD6E72DC5131DA7D764B90, 447EFDA7CFB1F62EA316219D996406C8DC374097DB903F362D6E945227D8BB2D ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:27:47.0069 0x03c0  sftlist - ok
15:27:47.0116 0x03c0  [ 390AA7BC52CEE43F6790CDEA1E776703, 0D008289E4B14EF56D5233B7C8C789A36503FBAA8896660776557D6F08808FA7 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:27:47.0116 0x03c0  Sftplay - ok
15:27:47.0147 0x03c0  [ 617E29A0B0A2807466560D4C4E338D3E, 5E95D38DB9A6776EB4A15A952FA7949831D6F660EED8C3E79BD09D102BAC5D67 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:27:47.0147 0x03c0  Sftredir - ok
15:27:47.0303 0x03c0  [ 74EC60E20516AAA573BE74F31175270F, 35A68231368DEE46FEF2A4E30BFAAC38F093FC5A362A7491ED38BDE11F0FC356 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:27:47.0381 0x03c0  SftService - ok
15:27:47.0412 0x03c0  [ 8F571F016FA1976F445147E9E6C8AE9B, 527AB960F2E08F598D1B953BDA4EA749831DD3C765DA278044B8AB22365F02B5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
15:27:47.0412 0x03c0  Sftvol - ok
15:27:47.0444 0x03c0  [ C3CDDD18F43D44AB713CF8C4916F7696, 38093295825AFDD08D7E32CC4EF2A6C447F6D6E3C6F7EA5554C25E7C3F16FC92 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:27:47.0459 0x03c0  sftvsa - ok
15:27:47.0537 0x03c0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:27:47.0568 0x03c0  SharedAccess - ok
15:27:47.0615 0x03c0  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:27:47.0615 0x03c0  ShellHWDetection - ok
15:27:47.0631 0x03c0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:27:47.0646 0x03c0  SiSRaid2 - ok
15:27:47.0662 0x03c0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:27:47.0662 0x03c0  SiSRaid4 - ok
15:27:47.0756 0x03c0  [ 8C4F0DCC6A5100D48F9B2F950CDD220F, 7B66C259BEBFEA527BFEC2B69E8224EE2277CB736EF9E0F5A92C932657EC8351 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:27:47.0771 0x03c0  SkypeUpdate - ok
15:27:47.0802 0x03c0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:27:47.0802 0x03c0  Smb - ok
15:27:47.0818 0x03c0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:27:47.0818 0x03c0  SNMPTRAP - ok
15:27:47.0834 0x03c0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:27:47.0834 0x03c0  spldr - ok
15:27:47.0958 0x03c0  [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler         C:\Windows\System32\spoolsv.exe
15:27:48.0005 0x03c0  Spooler - ok
15:27:48.0161 0x03c0  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:27:48.0286 0x03c0  sppsvc - ok
15:27:48.0333 0x03c0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:27:48.0333 0x03c0  sppuinotify - ok
15:27:48.0411 0x03c0  [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:27:48.0442 0x03c0  srv - ok
15:27:48.0504 0x03c0  [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:27:48.0536 0x03c0  srv2 - ok
15:27:48.0582 0x03c0  [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:27:48.0598 0x03c0  srvnet - ok
15:27:48.0614 0x03c0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:27:48.0629 0x03c0  SSDPSRV - ok
15:27:48.0660 0x03c0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:27:48.0660 0x03c0  SstpSvc - ok
15:27:48.0723 0x03c0  [ 463E33B1EA7AF1E6EB87B66B831DB41A, E76654F8E301829C0F27775A5673A3BA929FE4FA6C1C214A98C2915C5EC189A4 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
15:27:48.0738 0x03c0  STacSV - ok
15:27:48.0754 0x03c0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:27:48.0754 0x03c0  stexstor - ok
15:27:48.0816 0x03c0  [ 4304B75094E106FB5423A290C95841E5, 55670F1DBC9B25A5E31FBEB3CB3C97E2B11CCD6359DA89FF1310C1BBCEC66A80 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
15:27:48.0832 0x03c0  STHDA - ok
15:27:48.0910 0x03c0  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
15:27:48.0941 0x03c0  stisvc - ok
15:27:48.0972 0x03c0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:27:48.0972 0x03c0  swenum - ok
15:27:49.0019 0x03c0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:27:49.0050 0x03c0  swprv - ok
15:27:49.0082 0x03c0  [ 8A3FBCB3D6D4710730D27DA4392A4863, 392CCBB54FF2017EDA147283F479E8DED525F41A316EAE114596BBA02D04AF82 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:27:49.0082 0x03c0  SynTP - ok
15:27:49.0222 0x03c0  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
15:27:49.0300 0x03c0  SysMain - ok
15:27:49.0316 0x03c0  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:27:49.0316 0x03c0  TabletInputService - ok
15:27:49.0347 0x03c0  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:27:49.0378 0x03c0  TapiSrv - ok
15:27:49.0394 0x03c0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:27:49.0394 0x03c0  TBS - ok
15:27:49.0503 0x03c0  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:27:49.0596 0x03c0  Tcpip - ok
15:27:49.0643 0x03c0  [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:27:49.0674 0x03c0  TCPIP6 - ok
15:27:49.0721 0x03c0  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:27:49.0721 0x03c0  tcpipreg - ok
15:27:49.0752 0x03c0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:27:49.0752 0x03c0  TDPIPE - ok
15:27:49.0799 0x03c0  [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:27:49.0799 0x03c0  TDTCP - ok
15:27:49.0815 0x03c0  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:27:49.0830 0x03c0  tdx - ok
15:27:50.0096 0x03c0  [ 775A7C4B689C0F112A12AD62064E57D1, C9E9B0F89AEA660CA80F8CC1C9E7116E199B267700265BB47640B0A9341C52FF ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
15:27:50.0283 0x03c0  TeamViewer8 - ok
15:27:50.0345 0x03c0  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:27:50.0345 0x03c0  TermDD - ok
15:27:50.0392 0x03c0  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
15:27:50.0423 0x03c0  TermService - ok
15:27:50.0423 0x03c0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:27:50.0439 0x03c0  Themes - ok
15:27:50.0470 0x03c0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:27:50.0470 0x03c0  THREADORDER - ok
15:27:50.0470 0x03c0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:27:50.0486 0x03c0  TrkWks - ok
15:27:50.0610 0x03c0  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:27:50.0610 0x03c0  TrustedInstaller - ok
15:27:50.0642 0x03c0  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:27:50.0642 0x03c0  tssecsrv - ok
15:27:50.0673 0x03c0  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:27:50.0688 0x03c0  tunnel - ok
15:27:50.0720 0x03c0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:27:50.0720 0x03c0  uagp35 - ok
15:27:50.0751 0x03c0  [ 31BA4A33AFAB6A69EA092B18017F737F, CD19290394D20CCCCD186C80A682000D3A1187ABCB292753402C88C6FB83AB7F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:27:50.0782 0x03c0  udfs - ok
15:27:50.0813 0x03c0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:27:50.0813 0x03c0  UI0Detect - ok
15:27:50.0844 0x03c0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:27:50.0844 0x03c0  uliagpkx - ok
15:27:50.0876 0x03c0  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:27:50.0876 0x03c0  umbus - ok
15:27:50.0907 0x03c0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:27:50.0907 0x03c0  UmPass - ok
15:27:51.0063 0x03c0  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:27:51.0156 0x03c0  UNS - ok
15:27:51.0219 0x03c0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:27:51.0250 0x03c0  upnphost - ok
15:27:51.0328 0x03c0  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:27:51.0328 0x03c0  USBAAPL64 - ok
15:27:51.0375 0x03c0  [ 537A4E03D7103C12D42DFD8FFDB5BDC9, 4E6F43A27E629C9769FAEF305BDCD3D7EDBEE1A98B919AF95CF045407A4297D6 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:51.0375 0x03c0  usbccgp - ok
15:27:51.0422 0x03c0  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:27:51.0437 0x03c0  usbcir - ok
15:27:51.0484 0x03c0  [ FBB21EBE49F6D560DB37AC25FBC68E66, 0F7B2F9BB4062FE24698FF6E5738E83B7FDA9E7FDE9206BEF18C8818627FF2CC ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:27:51.0484 0x03c0  usbehci - ok
15:27:51.0515 0x03c0  [ 6B7A8A99C4A459E73C286A6763EA24CC, 3A8D6AE1D970AAEC4E08B76DB1B2C06AC003AF4F50339416072973E89F660EE2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:27:51.0562 0x03c0  usbhub - ok
15:27:51.0609 0x03c0  [ 8C88AA7617B4CBC2E4BED61D26B33A27, 4575F0DDFF68C5632CBB7BE93A66FFEDD85BD4D4AEE79C44B2EDA4F8642C6EBF ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:27:51.0609 0x03c0  usbohci - ok
15:27:51.0624 0x03c0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:27:51.0624 0x03c0  usbprint - ok
15:27:51.0671 0x03c0  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:27:51.0671 0x03c0  usbscan - ok
15:27:51.0702 0x03c0  [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:27:51.0702 0x03c0  USBSTOR - ok
15:27:51.0734 0x03c0  [ 0B5B3B2DF3FD1709618ACFA50B8392B0, 19F040A16C86C475DD33D935E6244593EC73FF9F8C872BC060DDD8AE4F3EDB55 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:27:51.0734 0x03c0  usbuhci - ok
15:27:51.0796 0x03c0  [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:27:51.0796 0x03c0  usbvideo - ok
15:27:51.0812 0x03c0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:27:51.0812 0x03c0  UxSms - ok
15:27:51.0827 0x03c0  [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc        C:\Windows\system32\lsass.exe
15:27:51.0827 0x03c0  VaultSvc - ok
15:27:51.0843 0x03c0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:27:51.0843 0x03c0  vdrvroot - ok
15:27:51.0874 0x03c0  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
15:27:51.0890 0x03c0  vds - ok
15:27:51.0921 0x03c0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:51.0921 0x03c0  vga - ok
15:27:51.0936 0x03c0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:27:51.0952 0x03c0  VgaSave - ok
15:27:51.0999 0x03c0  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:27:52.0014 0x03c0  vhdmp - ok
15:27:52.0046 0x03c0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:27:52.0046 0x03c0  viaide - ok
15:27:52.0077 0x03c0  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:27:52.0077 0x03c0  volmgr - ok
15:27:52.0124 0x03c0  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:27:52.0139 0x03c0  volmgrx - ok
15:27:52.0202 0x03c0  [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:27:52.0217 0x03c0  volsnap - ok
15:27:52.0233 0x03c0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:27:52.0248 0x03c0  vsmraid - ok
15:27:52.0342 0x03c0  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
15:27:52.0420 0x03c0  VSS - ok
15:27:52.0436 0x03c0  vToolbarUpdater17.1.2 - ok
15:27:52.0451 0x03c0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:27:52.0467 0x03c0  vwifibus - ok
15:27:52.0498 0x03c0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:27:52.0498 0x03c0  vwififlt - ok
15:27:52.0514 0x03c0  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:27:52.0514 0x03c0  vwifimp - ok
15:27:52.0529 0x03c0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:27:52.0545 0x03c0  W32Time - ok
15:27:52.0545 0x03c0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:27:52.0545 0x03c0  WacomPen - ok
15:27:52.0560 0x03c0  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:27:52.0576 0x03c0  WANARP - ok
15:27:52.0576 0x03c0  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:27:52.0576 0x03c0  Wanarpv6 - ok
15:27:52.0701 0x03c0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:27:52.0763 0x03c0  WatAdminSvc - ok
15:27:52.0857 0x03c0  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
15:27:52.0919 0x03c0  wbengine - ok
15:27:52.0950 0x03c0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:27:52.0950 0x03c0  WbioSrvc - ok
15:27:53.0028 0x03c0  [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:27:53.0060 0x03c0  wcncsvc - ok
15:27:53.0075 0x03c0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:27:53.0091 0x03c0  WcsPlugInService - ok
15:27:53.0106 0x03c0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:27:53.0106 0x03c0  Wd - ok
15:27:53.0184 0x03c0  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:27:53.0216 0x03c0  Wdf01000 - ok
15:27:53.0231 0x03c0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:27:53.0247 0x03c0  WdiServiceHost - ok
15:27:53.0247 0x03c0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:27:53.0262 0x03c0  WdiSystemHost - ok
15:27:53.0294 0x03c0  [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient       C:\Windows\System32\webclnt.dll
15:27:53.0309 0x03c0  WebClient - ok
15:27:53.0340 0x03c0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:27:53.0340 0x03c0  Wecsvc - ok
15:27:53.0372 0x03c0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:27:53.0372 0x03c0  wercplsupport - ok
15:27:53.0387 0x03c0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:27:53.0387 0x03c0  WerSvc - ok
15:27:53.0418 0x03c0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:27:53.0418 0x03c0  WfpLwf - ok
15:27:53.0465 0x03c0  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
15:27:53.0481 0x03c0  WimFltr - ok
15:27:53.0496 0x03c0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:27:53.0496 0x03c0  WIMMount - ok
15:27:53.0528 0x03c0  WinDefend - ok
15:27:53.0528 0x03c0  WinHttpAutoProxySvc - ok
15:27:53.0621 0x03c0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:27:53.0637 0x03c0  Winmgmt - ok
15:27:53.0746 0x03c0  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:27:53.0824 0x03c0  WinRM - ok
15:27:53.0886 0x03c0  [ 4D52C872018AF7E18D078978DCC3F6F2, 046A0E56091120950422F8A83C8126682AAF0BBA97CF18DF0D0D4D59D01A4F28 ] winusb          C:\Windows\system32\drivers\WinUSB.SYS
15:27:53.0886 0x03c0  winusb - ok
15:27:53.0964 0x03c0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:27:54.0027 0x03c0  Wlansvc - ok
15:27:54.0074 0x03c0  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:27:54.0074 0x03c0  wlcrasvc - ok
15:27:54.0230 0x03c0  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:27:54.0308 0x03c0  wlidsvc - ok
15:27:54.0354 0x03c0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:27:54.0354 0x03c0  WmiAcpi - ok
15:27:54.0386 0x03c0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:27:54.0386 0x03c0  wmiApSrv - ok
15:27:54.0401 0x03c0  WMPNetworkSvc - ok
15:27:54.0432 0x03c0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:27:54.0432 0x03c0  WPCSvc - ok
15:27:54.0448 0x03c0  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:27:54.0464 0x03c0  WPDBusEnum - ok
15:27:54.0495 0x03c0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:27:54.0495 0x03c0  ws2ifsl - ok
15:27:54.0604 0x03c0  [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:27:54.0604 0x03c0  wscsvc - ok
15:27:54.0620 0x03c0  WSearch - ok
15:27:54.0744 0x03c0  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:27:54.0838 0x03c0  wuauserv - ok
15:27:54.0885 0x03c0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:27:54.0885 0x03c0  WudfPf - ok
15:27:54.0916 0x03c0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:27:54.0932 0x03c0  WUDFRd - ok
15:27:54.0978 0x03c0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:27:54.0994 0x03c0  wudfsvc - ok
15:27:55.0010 0x03c0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:27:55.0025 0x03c0  WwanSvc - ok
15:27:55.0072 0x03c0  [ B3EEACF62445E24FBB2CD4B0FB4DB026, 2E5B6220094C47754233EDA59E6514CE47AC6C6879F367C72B2C02330EABE8E0 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
15:27:55.0103 0x03c0  yukonw7 - ok
15:27:55.0134 0x03c0  ================ Scan global ===============================
15:27:55.0166 0x03c0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
15:27:55.0275 0x03c0  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
15:27:55.0306 0x03c0  [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
15:27:55.0353 0x03c0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:27:55.0400 0x03c0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
15:27:55.0415 0x03c0  [ Global ] - ok
15:27:55.0415 0x03c0  ================ Scan MBR ==================================
15:27:55.0446 0x03c0  [ C3220EB08ADD62E3ED9F72A1F4E4B1BB ] \Device\Harddisk0\DR0
15:27:56.0741 0x03c0  Suspicious mbr (NoAccess): \Device\Harddisk0\DR0
15:27:56.0882 0x03c0  \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b ( 0 )
15:27:56.0882 0x03c0  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
15:27:56.0882 0x03c0  ================ Scan VBR ==================================
15:27:56.0882 0x03c0  [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
15:27:56.0882 0x03c0  \Device\Harddisk0\DR0\Partition1 - ok
15:27:56.0897 0x03c0  [ 42830D70BBEF9B5EC0B23BAAE40FA686 ] \Device\Harddisk0\DR0\Partition2
15:27:56.0944 0x03c0  \Device\Harddisk0\DR0\Partition2 - ok
15:27:57.0022 0x03c0  Win FW state via NFP2: enabled
15:27:57.0022 0x03c0  ============================================================
15:27:57.0022 0x03c0  Scan finished
15:27:57.0022 0x03c0  ============================================================
15:27:57.0038 0x1900  Detected object count: 1
15:27:57.0038 0x1900  Actual detected object count: 1
15:28:34.0291 0x1900  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
15:28:34.0291 0x1900  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 22 March 2014 - 08:07 PM

Fix with TDSS-Killer

Please read and follow these instructions carefully.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • When the scan is finished, select copy to quarantine for the following entry.

    Rootkit.Boot.SST.b
  • Hit continue.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:09:48 AM

Posted 22 March 2014 - 10:18 PM

Attached (could not copy/paste it as text as I got an error saying it was too long)

Attached Files



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 23 March 2014 - 12:28 PM

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:09:48 AM

Posted 23 March 2014 - 12:38 PM

Here are the logs of the 64-bit version:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by michal (administrator) on INSPIRON on 23-03-2014 10:35:50
Running from C:\Users\michal\Desktop\CleanUp\FRST
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Google Inc.) C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-14] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-08] (Microsoft Corporation)
HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\...\Run: [Google Update] - C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-18] (Google Inc.)
HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\...\Run: [googletalk] - C:\Users\michal\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\...\Run: [PpTwbvAGVRj.exe] - C:\ProgramData\PpTwbvAGVRj.exe
HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\michal\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=c1fca084785f47d38c1a41490800be4a-0da2fa089a937b9c7a2f45fa1aa4c7ff085918a3 /CMPID=1113a
HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://glz.co.il/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070901
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default
FF user.js: detected! => C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\user.js
FF SearchEngineOrder.1: Mysearchdial
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @asperasoft.com/AsperaConnect - c:\Users\michal\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.3.3\npasperaweb.dll (Aspera, Inc. )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\michal\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\michal\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\michal\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\michal\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\michal\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Aspera Installer - C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\Extensions\awi@asperasoft.com [2014-02-06]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-04-15]
FF Extension: MediaBar - C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\Extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} [2009-12-09]
FF Extension: No Name - C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\Extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}chrome [2009-12-10]

Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
CHR DefaultSearchProvider:       "name": "Mysearchdial"
CHR Plugin: (Shockwave Flash) - C:\Users\michal\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\michal\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\michal\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Babylon ToolBar) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\michal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\michal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\michal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-02]
CHR Extension: (Google Search) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-02]
CHR Extension: (weDownload Manager Pro) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2013-11-05]
CHR Extension: (Google Wallet) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-21]
CHR Extension: (Gmail) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-02]
CHR HKLM-x32\...\Chrome\Extension: [aaaanijiojpcccpkjdjjmjghddcgcbfj] - C:\Users\michal\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.17.0.0.crx [2012-10-02]
CHR StartMenuInternet: Google Chrome - C:\Users\michal\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-15] (AVG Technologies)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-23 10:35 - 2014-03-23 10:35 - 00000000 ____D () C:\FRST
2014-03-22 20:10 - 2014-03-22 20:10 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-22 14:28 - 2014-03-22 14:28 - 00000000 ____D () C:\Users\michal\AppData\Roaming\PCDr
2014-03-22 14:26 - 2014-03-22 14:28 - 00000000 ____D () C:\ProgramData\PCDr
2014-03-20 18:15 - 2014-03-20 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-20 18:15 - 2014-03-20 18:15 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-20 18:14 - 2014-03-20 18:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-20 16:40 - 2014-03-20 16:40 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-20 16:40 - 2014-03-20 16:40 - 00000000 ____D () C:\Users\michal\AppData\Roaming\Malwarebytes
2014-03-20 16:39 - 2014-03-20 16:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 16:39 - 2014-03-20 16:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 16:26 - 2014-03-23 10:34 - 00000000 ____D () C:\Users\michal\Desktop\CleanUp
2014-03-20 10:47 - 2014-03-20 10:47 - 00003352 ____N () C:\bootsqm.dat
2014-03-20 10:22 - 2014-03-20 10:22 - 00001211 _____ () C:\Users\michal\Desktop\cmd.exe.lnk
2014-03-18 11:22 - 2014-03-18 11:22 - 00001162 _____ () C:\Users\michal\Desktop\Live PC Help.lnk
2014-03-03 16:46 - 2014-03-03 19:46 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job
2014-03-03 16:46 - 2014-03-03 16:46 - 00003238 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-03-03 16:43 - 2014-03-03 16:43 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-03 16:42 - 2014-03-18 11:22 - 00000000 ____D () C:\Users\michal\AppData\Roaming\systweak
2014-03-03 16:42 - 2014-03-03 16:42 - 00003324 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-03-03 16:42 - 2014-03-03 16:42 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-03-03 16:42 - 2014-03-03 16:42 - 00003030 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-03-03 16:42 - 2014-03-03 16:42 - 00002874 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-03-03 16:42 - 2014-01-21 18:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-03 16:40 - 2014-03-18 11:23 - 00000000 ____D () C:\Program Files (x86)\FindRight

==================== One Month Modified Files and Folders =======

2014-03-23 10:35 - 2014-03-23 10:35 - 00000000 ____D () C:\FRST
2014-03-23 10:35 - 2009-07-13 22:13 - 00728658 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 10:35 - 2009-07-13 21:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 10:35 - 2009-07-13 21:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 10:34 - 2014-03-20 16:26 - 00000000 ____D () C:\Users\michal\Desktop\CleanUp
2014-03-23 10:30 - 2011-03-28 11:01 - 01698769 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 10:28 - 2011-03-28 11:39 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-23 10:27 - 2011-04-17 21:50 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-23 10:27 - 2011-04-17 21:50 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-23 10:25 - 2009-07-13 22:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 10:25 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 10:25 - 2009-07-13 21:51 - 00142353 _____ () C:\Windows\setupact.log
2014-03-23 03:00 - 2011-04-20 07:55 - 00745354 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-22 21:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-22 20:10 - 2014-03-22 20:10 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-22 14:28 - 2014-03-22 14:28 - 00000000 ____D () C:\Users\michal\AppData\Roaming\PCDr
2014-03-22 14:28 - 2014-03-22 14:26 - 00000000 ____D () C:\ProgramData\PCDr
2014-03-22 13:45 - 2012-04-25 23:55 - 00000000 ____D () C:\Users\michal\AppData\Roaming\Apple Computer
2014-03-20 18:50 - 2014-03-20 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-20 18:15 - 2014-03-20 18:15 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-20 18:15 - 2014-03-20 18:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-20 16:40 - 2014-03-20 16:40 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-20 16:40 - 2014-03-20 16:40 - 00000000 ____D () C:\Users\michal\AppData\Roaming\Malwarebytes
2014-03-20 16:40 - 2014-03-20 16:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-20 16:39 - 2014-03-20 16:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-20 11:09 - 2011-04-20 07:55 - 00000000 ____D () C:\Users\michal\AppData\Roaming\SoftGrid Client
2014-03-20 11:05 - 2013-09-01 11:23 - 00000000 ____D () C:\Users\michal\Documents\ITMI
2014-03-20 11:01 - 2007-12-08 19:45 - 00000000 ____D () C:\Users\michal\Documents\accnts
2014-03-20 11:00 - 2007-09-16 15:15 - 00000000 ____D () C:\Users\michal\Documents\writings
2014-03-20 10:47 - 2014-03-20 10:47 - 00003352 ____N () C:\bootsqm.dat
2014-03-20 10:34 - 2013-11-19 13:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-20 10:34 - 2011-03-28 11:23 - 00740468 _____ () C:\Windows\PFRO.log
2014-03-20 10:22 - 2014-03-20 10:22 - 00001211 _____ () C:\Users\michal\Desktop\cmd.exe.lnk
2014-03-18 11:23 - 2014-03-03 16:40 - 00000000 ____D () C:\Program Files (x86)\FindRight
2014-03-18 11:22 - 2014-03-18 11:22 - 00001162 _____ () C:\Users\michal\Desktop\Live PC Help.lnk
2014-03-18 11:22 - 2014-03-03 16:42 - 00000000 ____D () C:\Users\michal\AppData\Roaming\systweak
2014-03-04 09:03 - 2008-02-19 20:47 - 00000000 ____D () C:\Users\michal\Documents\kids +
2014-03-03 19:46 - 2014-03-03 16:46 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job
2014-03-03 19:40 - 2011-04-18 16:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733922419-2874462735-1704666163-1001UA.job
2014-03-03 19:07 - 2012-07-24 06:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-03 16:46 - 2014-03-03 16:46 - 00003238 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-03-03 16:43 - 2014-03-03 16:43 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-03 16:42 - 2014-03-03 16:42 - 00003324 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-03-03 16:42 - 2014-03-03 16:42 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-03-03 16:42 - 2014-03-03 16:42 - 00003030 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-03-03 16:42 - 2014-03-03 16:42 - 00002874 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-03-03 16:40 - 2011-04-18 16:09 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733922419-2874462735-1704666163-1001Core.job
2014-02-26 11:19 - 2007-09-16 15:35 - 00000000 ____D () C:\Users\michal\Documents\school - MK
2014-02-21 14:07 - 2012-07-24 06:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 14:07 - 2012-07-24 06:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 14:07 - 2011-06-29 06:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 14:06 - 2012-10-08 16:11 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

Some content of TEMP:
====================
C:\Users\michal\AppData\Local\Temp\ICReinstall_ICReinstall_YouTubeMP3Setup.exe
C:\Users\michal\AppData\Local\Temp\ICReinstall_YouTubeMP3Setup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-28 13:23

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by michal at 2014-03-23 10:36:20
Running from C:\Users\michal\Desktop\CleanUp\FRST
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aspera Connect 3.3.3.81344 (HKCU\...\Aspera Connect 3.3.3.81344) (Version: 3.3.3.81344 - Aspera, Inc.)
Aspera Connect 3.3.3.81344 (x32 Version: 3.3.3.81344 - Aspera, Inc.) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.1.2.1 - AVG Technologies)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.1008 - ooVoo LLC.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.0 - Dell Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E0011C3-8C49-4783-AD72-CB1E7D6B2457} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {11271A5D-7917-483C-81B1-15C455E2A948} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {12B5D170-D091-434B-99A8-D37E5EFBAA54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1733922419-2874462735-1704666163-1001UA => C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18] (Google Inc.)
Task: {193BD15C-A357-400F-B047-5F981F901B86} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {220CB0D9-C4B7-4350-BA42-B1ABCB0C7B43} - \weDownload Manager Pro-firefoxinstaller No Task File
Task: {45481A4A-9695-4884-A63B-F45A7736E6C6} - System32\Tasks\MySearchDial => C:\Users\michal\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5A6964E8-71C9-427E-A02B-A37461F195DE} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {5C5938BD-D900-4A7D-AE8D-5559FBD0031C} - \Scheduled Update for Ask Toolbar No Task File
Task: {74436904-C806-44E7-80B0-58C6D822D3D3} - \weDownload Manager Pro-codedownloader No Task File
Task: {92E78BA7-AEC0-43D5-8874-A559EC183552} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {9BCFFA44-BDF1-41EA-9799-38DA84F74BEF} - \weDownload Manager Pro-enabler No Task File
Task: {A072F837-159D-4D6B-BD90-466D99B36B03} - \weDownload Manager Pro-chromeinstaller No Task File
Task: {B2E95955-58B0-4873-9880-B441AFEF8CD0} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B72B8D9F-5560-43D6-AEC1-762721BC701B} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {CC68BFCE-A21C-4BB1-A9E1-584BDFA37EB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1733922419-2874462735-1704666163-1001Core => C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18] (Google Inc.)
Task: {D7FAA88A-2B50-4844-B6CE-C295667ACA79} - \weDownload Manager Pro-updater No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733922419-2874462735-1704666163-1001Core.job => C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1733922419-2874462735-1704666163-1001UA.job => C:\Users\michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\michal\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2010-03-05 07:21 - 2010-03-05 07:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2009-12-29 12:19 - 2009-12-29 12:19 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-03-28 11:39 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-03-05 07:21 - 2010-03-05 07:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2009-12-15 21:14 - 2009-12-15 21:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-12-15 21:14 - 2009-12-15 21:14 - 01169904 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-15 21:13 - 2009-12-15 21:13 - 00588272 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
2009-11-15 21:58 - 2009-11-15 21:58 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2013-06-08 23:36 - 2013-06-08 23:36 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bc86836625a08b5af8192179aa3709dd\IsdiInterop.ni.dll
2011-03-28 11:12 - 2010-06-08 08:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2014 10:25:33 AM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (03/23/2014 03:00:55 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSI6791b.LOG.

Error: (03/23/2014 03:00:44 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042308).

Error: (03/23/2014 03:00:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{8ef826b6-5964-11e0-b94f-806e6f6e6963}\
   Snapshot ID: {c04622c3-c0cd-4592-b5bd-e7546ee292f4}

Error: (03/22/2014 09:32:17 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (03/22/2014 09:21:58 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (03/22/2014 02:32:44 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/22/2014 02:28:49 PM) (Source: PC-Doctor) (User: )
Description: (5140) Asapi: (14:28:49:9370)(5140) libMatrix.profiler.ProfilerSnapshots - Error -- 439 getDirectoryContents(C:\ProgramData\PCDr/performance) failed

Error: (03/22/2014 02:28:49 PM) (Source: PC-Doctor) (User: )
Description: (5140) Asapi: (14:28:49:9370)(5140) libMatrix.profiler.ProfilerSnapshots - Error -- 348 getDirectoryContents(C:\ProgramData\PCDr/performance) failed

Error: (03/22/2014 02:28:49 PM) (Source: PC-Doctor) (User: )
Description: (5140) Asapi: (14:28:49:8900)(5140) libMatrix.profiler.ProfilerSnapshots - Error -- 439 getDirectoryContents(C:\ProgramData\PCDr/smartdata) failed

System errors:
=============
Error: (03/23/2014 10:36:18 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (03/23/2014 10:36:18 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (03/23/2014 10:34:23 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (03/23/2014 10:28:29 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (03/23/2014 10:27:59 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (03/23/2014 10:27:15 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (03/23/2014 10:27:14 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.1.2 service failed to start due to the following error:
%%2

Error: (03/23/2014 10:27:13 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/23/2014 10:26:33 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 258

Error: (03/23/2014 10:26:04 AM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 8 service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (03/23/2014 10:25:33 AM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (03/23/2014 03:00:55 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Click-to-Run 2010Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition1603C:\Windows\TEMP\MSI6791b.LOG(NULL)(NULL)

Error: (03/23/2014 03:00:44 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042308

Error: (03/23/2014 03:00:44 AM) (Source: VSS)(User: )
Description: GetComputerNameEx(3, NULL, [0]) [0]

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{8ef826b6-5964-11e0-b94f-806e6f6e6963}\
   Snapshot ID: {c04622c3-c0cd-4592-b5bd-e7546ee292f4}

Error: (03/22/2014 09:32:17 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (03/22/2014 09:21:58 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (03/22/2014 02:32:44 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/22/2014 02:28:49 PM) (Source: PC-Doctor)(User: )
Description: (5140) Asapi: (14:28:49:9370)(5140) libMatrix.profiler.ProfilerSnapshots - Error -- 439 getDirectoryContents(C:\ProgramData\PCDr/performance) failed

Error: (03/22/2014 02:28:49 PM) (Source: PC-Doctor)(User: )
Description: (5140) Asapi: (14:28:49:9370)(5140) libMatrix.profiler.ProfilerSnapshots - Error -- 348 getDirectoryContents(C:\ProgramData\PCDr/performance) failed

Error: (03/22/2014 02:28:49 PM) (Source: PC-Doctor)(User: )
Description: (5140) Asapi: (14:28:49:8900)(5140) libMatrix.profiler.ProfilerSnapshots - Error -- 439 getDirectoryContents(C:\ProgramData\PCDr/smartdata) failed

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 2934.68 MB
Available physical RAM: 1717.61 MB
Total Pagefile: 5867.47 MB
Available Pagefile: 4551.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:189.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 0BD1AED0)

Partition: GPT Partition Type.

==================== End Of Log ============================



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 23 March 2014 - 12:53 PM

ouch - nice collection! o.O

 

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\...\Run: [PpTwbvAGVRj.exe] - C:\ProgramData\PpTwbvAGVRj.exe
    HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\michal\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=c1fca084785f47d38c1a41490800be4a-0da2fa089a937b9c7a2f45fa1aa4c7ff085918a3 /CMPID=1113a
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL =
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
    FF SearchEngineOrder.1: Mysearchdial
    FF SearchPlugin: C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\searchplugins\Mysearchdial.xml
    FF SearchPlugin: C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\searchplugins\safeguard-secure-search.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
    FF Extension: MediaBar - C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\Extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} [2009-12-09]
    FF Extension: No Name - C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\Extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}chrome [2009-12-10]
    CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
    CHR DefaultSearchProvider:       "name": "Mysearchdial"
    CHR Plugin: (Babylon ToolBar) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll No File
    CHR Extension: (weDownload Manager Pro) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2013-11-05]
    CHR HKLM-x32\...\Chrome\Extension: [aaaanijiojpcccpkjdjjmjghddcgcbfj] - C:\Users\michal\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.17.0.0.crx [2012-10-02]
    Task: {193BD15C-A357-400F-B047-5F981F901B86} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {220CB0D9-C4B7-4350-BA42-B1ABCB0C7B43} - \weDownload Manager Pro-firefoxinstaller No Task File
    Task: {45481A4A-9695-4884-A63B-F45A7736E6C6} - System32\Tasks\MySearchDial => C:\Users\michal\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {5A6964E8-71C9-427E-A02B-A37461F195DE} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
    Task: {5C5938BD-D900-4A7D-AE8D-5559FBD0031C} - \Scheduled Update for Ask Toolbar No Task File
    Task: {74436904-C806-44E7-80B0-58C6D822D3D3} - \weDownload Manager Pro-codedownloader No Task File
    Task: {92E78BA7-AEC0-43D5-8874-A559EC183552} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {9BCFFA44-BDF1-41EA-9799-38DA84F74BEF} - \weDownload Manager Pro-enabler No Task File
    Task: {A072F837-159D-4D6B-BD90-466D99B36B03} - \weDownload Manager Pro-chromeinstaller No Task File
    Task: {B2E95955-58B0-4873-9880-B441AFEF8CD0} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {B72B8D9F-5560-43D6-AEC1-762721BC701B} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
    Task: {D7FAA88A-2B50-4844-B6CE-C295667ACA79} - \weDownload Manager Pro-updater No Task File
    Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\michal\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    2014-03-03 16:46 - 2014-03-03 19:46 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job
    2014-03-03 16:46 - 2014-03-03 16:46 - 00003238 _____ () C:\Windows\System32\Tasks\MySearchDial
    2014-03-03 16:43 - 2014-03-03 16:43 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
    2014-03-03 16:42 - 2014-03-18 11:22 - 00000000 ____D () C:\Users\michal\AppData\Roaming\systweak
    2014-03-03 16:42 - 2014-03-03 16:42 - 00003324 _____ () C:\Windows\System32\Tasks\Advanced System Protector
    2014-03-03 16:42 - 2014-03-03 16:42 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
    2014-03-03 16:42 - 2014-03-03 16:42 - 00003030 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
    2014-03-03 16:42 - 2014-03-03 16:42 - 00002874 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
    2014-03-03 16:42 - 2014-01-21 18:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
    2014-03-03 16:40 - 2014-03-18 11:23 - 00000000 ____D () C:\Program Files (x86)\FindRight
    REBOOT:
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:09:48 AM

Posted 24 March 2014 - 12:32 AM

Here are the two logs. Please note that my Internet is still not working properly, so I was not able to update to the latest Mbam ... but was still able to do the full scan, detect and remove some rootkits.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by michal at 2014-03-23 11:01:13 Run:1
Running from C:\Users\michal\Desktop\CleanUp\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\...\Run: [PpTwbvAGVRj.exe] - C:\ProgramData\PpTwbvAGVRj.exe
HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\michal\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=c1fca084785f47d38c1a41490800be4a-0da2fa089a937b9c7a2f45fa1aa4c7ff085918a3 /CMPID=1113a
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
FF SearchEngineOrder.1: Mysearchdial
FF SearchPlugin: C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: MediaBar - C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\Extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} [2009-12-09]
FF Extension: No Name - C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\Extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}chrome [2009-12-10]
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir=
CHR DefaultSearchProvider:       "name": "Mysearchdial"
CHR Plugin: (Babylon ToolBar) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll No File
CHR Extension: (weDownload Manager Pro) - C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2013-11-05]
CHR HKLM-x32\...\Chrome\Extension: [aaaanijiojpcccpkjdjjmjghddcgcbfj] - C:\Users\michal\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.17.0.0.crx [2012-10-02]
Task: {193BD15C-A357-400F-B047-5F981F901B86} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {220CB0D9-C4B7-4350-BA42-B1ABCB0C7B43} - \weDownload Manager Pro-firefoxinstaller No Task File
Task: {45481A4A-9695-4884-A63B-F45A7736E6C6} - System32\Tasks\MySearchDial => C:\Users\michal\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5A6964E8-71C9-427E-A02B-A37461F195DE} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION
Task: {5C5938BD-D900-4A7D-AE8D-5559FBD0031C} - \Scheduled Update for Ask Toolbar No Task File
Task: {74436904-C806-44E7-80B0-58C6D822D3D3} - \weDownload Manager Pro-codedownloader No Task File
Task: {92E78BA7-AEC0-43D5-8874-A559EC183552} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {9BCFFA44-BDF1-41EA-9799-38DA84F74BEF} - \weDownload Manager Pro-enabler No Task File
Task: {A072F837-159D-4D6B-BD90-466D99B36B03} - \weDownload Manager Pro-chromeinstaller No Task File
Task: {B2E95955-58B0-4873-9880-B441AFEF8CD0} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B72B8D9F-5560-43D6-AEC1-762721BC701B} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {D7FAA88A-2B50-4844-B6CE-C295667ACA79} - \weDownload Manager Pro-updater No Task File
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\michal\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
2014-03-03 16:46 - 2014-03-03 19:46 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job
2014-03-03 16:46 - 2014-03-03 16:46 - 00003238 _____ () C:\Windows\System32\Tasks\MySearchDial
2014-03-03 16:43 - 2014-03-03 16:43 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-03 16:42 - 2014-03-18 11:22 - 00000000 ____D () C:\Users\michal\AppData\Roaming\systweak
2014-03-03 16:42 - 2014-03-03 16:42 - 00003324 _____ () C:\Windows\System32\Tasks\Advanced System Protector
2014-03-03 16:42 - 2014-03-03 16:42 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-03-03 16:42 - 2014-03-03 16:42 - 00003030 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-03-03 16:42 - 2014-03-03 16:42 - 00002874 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-03-03 16:42 - 2014-01-21 18:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-03 16:40 - 2014-03-18 11:23 - 00000000 ____D () C:\Program Files (x86)\FindRight
REBOOT:
*****************

HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PpTwbvAGVRj.exe => Value deleted successfully.
HKU\S-1-5-21-1733922419-2874462735-1704666163-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1113a => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\searchplugins\Mysearchdial.xml => Moved successfully.
C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\searchplugins\safeguard-secure-search.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\Extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} => Moved successfully.
C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\ulttp7yw.default\Extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}chrome => Moved successfully.
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0EyEyDyB0BzyzzyC0DyEtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1Czu1L1C1H1B1QtDtBtDtB1O1OtN1L1G1B1V1N2Y1L1Qzu2SyD0DtA0EtByE0AyBtGzz0C0CtBtG0A0AzyyEtGyByEtB0DtGtA0AtCyBtCtA0A0EtAyEtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtCtAtD0FtBtD0DtGtC0EyD0FtGtDzy0EtBtGzy0CtCyDtGtA0CtByDzyyByEtA0Czy0A0C2Q&cr=1273153481&ir= ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider:       "name": "Mysearchdial" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll not found.
C:\Users\michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj => Key deleted successfully.
"C:\Users\michal\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.17.0.0.crx" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{193BD15C-A357-400F-B047-5F981F901B86} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{193BD15C-A357-400F-B047-5F981F901B86} => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro_DEFAULT => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{220CB0D9-C4B7-4350-BA42-B1ABCB0C7B43} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{220CB0D9-C4B7-4350-BA42-B1ABCB0C7B43} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45481A4A-9695-4884-A63B-F45A7736E6C6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45481A4A-9695-4884-A63B-F45A7736E6C6} => Key deleted successfully.
C:\Windows\System32\Tasks\MySearchDial => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A6964E8-71C9-427E-A02B-A37461F195DE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A6964E8-71C9-427E-A02B-A37461F195DE} => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C5938BD-D900-4A7D-AE8D-5559FBD0031C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C5938BD-D900-4A7D-AE8D-5559FBD0031C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74436904-C806-44E7-80B0-58C6D822D3D3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74436904-C806-44E7-80B0-58C6D822D3D3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92E78BA7-AEC0-43D5-8874-A559EC183552} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92E78BA7-AEC0-43D5-8874-A559EC183552} => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9BCFFA44-BDF1-41EA-9799-38DA84F74BEF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BCFFA44-BDF1-41EA-9799-38DA84F74BEF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A072F837-159D-4D6B-BD90-466D99B36B03} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A072F837-159D-4D6B-BD90-466D99B36B03} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2E95955-58B0-4873-9880-B441AFEF8CD0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2E95955-58B0-4873-9880-B441AFEF8CD0} => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro_UPDATES => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B72B8D9F-5560-43D6-AEC1-762721BC701B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B72B8D9F-5560-43D6-AEC1-762721BC701B} => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector_startup => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7FAA88A-2B50-4844-B6CE-C295667ACA79} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7FAA88A-2B50-4844-B6CE-C295667ACA79} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-updater => Key deleted successfully.
C:\Windows\Tasks\MySearchDial.job => Moved successfully.
"C:\Windows\Tasks\MySearchDial.job" => File/Directory not found.
"C:\Windows\System32\Tasks\MySearchDial" => File/Directory not found.
"C:\Windows\System32\Tasks\Advanced System Protector_startup" => File/Directory not found.
C:\Users\michal\AppData\Roaming\systweak => Moved successfully.
"C:\Windows\System32\Tasks\Advanced System Protector" => File/Directory not found.
"C:\Windows\System32\Tasks\RegClean Pro" => File/Directory not found.
"C:\Windows\System32\Tasks\RegClean Pro_UPDATES" => File/Directory not found.
"C:\Windows\System32\Tasks\RegClean Pro_DEFAULT" => File/Directory not found.
C:\Windows\system32\roboot64.exe => Moved successfully.
C:\Program Files (x86)\FindRight => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
michal :: INSPIRON [administrator]

3/23/2014 11:10:08 AM
mbam-log-2014-03-23 (11-10-08).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 398751
Time elapsed: 46 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\TDSSKiller_Quarantine\22.03.2014_15.27.15\mbr0000\tdlfs0000\tsk0005.dta (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\22.03.2014_15.27.15\mbr0000\tdlfs0000\tsk0006.dta (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\22.03.2014_15.27.15\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\22.03.2014_15.27.15\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\22.03.2014_15.27.15\mbr0000\tdlfs0000\tsk0011.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\22.03.2014_15.27.15\mbr0000\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\22.03.2014_15.27.15\mbr0000\tdlfs0000\tsk0014.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\22.03.2014_15.27.15\mbr0000\tdlfs0000\tsk0015.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.

(end)



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 24 March 2014 - 10:43 AM

It didn´t delete active rootkits but the quarantined files! :D

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:09:48 AM

Posted 24 March 2014 - 01:50 PM

Hi Maurice,

 

I wrote to you a few times that I cannot get online at this point. Neither wifi nor LAN connections seem to work at this point. The Internet worked fine before this. So obviously I cannot use ESET Online Scanner ... is there another offline version I can install and run locally?



#12 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:09:48 AM

Posted 24 March 2014 - 04:59 PM

I ended up using an offline installed version of ESET NOD32 ANTIVIRUS7 (trial). First I did a "smart scan" and then ESET started automatically a "first scan". Both scan detected stuff, so I posted both logs + FSS. For whatever reason, my ESET logs are too long to post and add as attachments (185k), so I uploaded them here:

 

http://netvalu.net/temp/log.txt

http://netvalu.net/temp/log2.txt

 

Attached Files

  • Attached File  FSS.txt   2.18KB   3 downloads


#13 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:09:48 AM

Posted 24 March 2014 - 06:53 PM

I just found out that if I try to browse to any url using dns names, it doesn't work (example: www.google.com) but if I ping it from a good pc first and get a reply with its ip address (example: 74.125.224.110) then I'm able to browse it with any of my browsers. So that tells me something in my DNS settings is broken. I found a post where you guys faced a similar situation at http://www.bleepingcomputer.com/forums/t/436472/windows-xp-internet-works-via-ip-address-only-no-dns/ and you suggested to try some command line stuff to reset/renew things that are related to this. I've tried them all and posting the log. I also noticed when I ran RKILL (see history of this post) there was this comment about my hosts file:

 

Checking HOSTS file:

* HOSTS file Registry settings is set to a non standard location: \hosts

 

and then this line regarding the DNS Client:

 

Checking Windows Service Integrity:

* DNS Client (Dnscache) is not running.

  Startup Type set to Automatic

 

This probably explains why I can't use the Internet properly, and therefore cannot follow all your 'onlne' downloads/updates/scans instructions ... can we fix the internet/dns/hosts first so we can use live internet in our future repair?

 

Here's the post of the command line stuff:

 

Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Windows\system32>ipconfig /registerdns

Windows IP Configuration

Registration of DNS records failed: The parameter is incorrect.

C:\Windows\system32>ipconfig /release

Windows IP Configuration

No operation can be performed on Wireless Network Connection 3 while it has its
media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its m
edia disconnected.

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::29ec:c124:1701:e284%13
   Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::4c26:c773:d9ff:c5e2%10
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.EVR100:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

C:\Windows\system32>ipconfig /renew

Windows IP Configuration

No operation can be performed on Wireless Network Connection 3 while it has its
media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its
media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its m
edia disconnected.

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : EVR100
   Link-local IPv6 Address . . . . . : fe80::29ec:c124:1701:e284%13
   IPv4 Address. . . . . . . . . . . : 192.168.0.132
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : EVR100
   Link-local IPv6 Address . . . . . : fe80::4c26:c773:d9ff:c5e2%10
   IPv4 Address. . . . . . . . . . . : 192.168.0.133
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Tunnel adapter isatap.{C91EAA61-0D04-4BD1-943D-F581CC5E0A57}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

C:\Windows\system32>net stop "dns client"
The DNS Client service is stopping.
The DNS Client service was stopped successfully.

C:\Windows\system32>net start "dns client"
The DNS Client service is starting.
The DNS Client service was started successfully.

C:\Windows\system32>



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 25 March 2014 - 09:08 AM

Let´s see:
 
Scan with Mini Toolbox 


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
    • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by TB-Psychotic, 25 March 2014 - 09:09 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 yhelfman

yhelfman
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mountain View, CA
  • Local time:09:48 AM

Posted 25 March 2014 - 12:59 PM

Still no Internet fix:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by michal (administrator) on 25-03-2014 at 10:48:47
Running from "C:\Users\michal\Desktop\CleanUp\MiniToolBox"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Wireless Network Connection 2" address=192.168.16.2

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . :
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.pace.com

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 8C-A9-82-2A-2B-29
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 8C-A9-82-2A-2B-29
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : gateway.pace.com
   Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
   Physical Address. . . . . . . . . : 8C-A9-82-2A-2B-28
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:304:b00b:3380:29ec:c124:1701:e284(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:304:b00b:3380:6c2f:d87:59a:9d7c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::29ec:c124:1701:e284%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.80(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 25, 2014 10:44:47 AM
   Lease Expires . . . . . . . . . . : Wednesday, March 26, 2014 10:44:46 AM
   Default Gateway . . . . . . . . . : fe80::2a16:2eff:fe01:5169%13
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 90-00-4E-E4-57-B9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{61C54621-D6E8-45C5-BA44-4C6A5EDA07FF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E2B3DDCD-7CDF-4B91-9B23-4F87D2438940}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.pace.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.pace.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #9
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9F82D3AC-F084-488E-8EE2-5CD925477FD7}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #10
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  homeportal
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4009:806::1004
   74.125.225.136
   74.125.225.130
   74.125.225.129
   74.125.225.132
   74.125.225.142
   74.125.225.134
   74.125.225.128
   74.125.225.131
   74.125.225.135
   74.125.225.133
   74.125.225.137

Ping request could not find host google.com. Please check the name and try again.
Server:  homeportal
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.183.24
   98.138.253.109
   206.190.36.45

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...8c a9 82 2a 2b 29 ......Microsoft Virtual WiFi Miniport Adapter #2
 14...8c a9 82 2a 2b 29 ......Microsoft Virtual WiFi Miniport Adapter
 13...8c a9 82 2a 2b 28 ......Intel® WiFi Link 1000 BGN
 12...90 00 4e e4 57 b9 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #9
 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #10
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.80     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.80    281
     192.168.1.80  255.255.255.255         On-link      192.168.1.80    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.80    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.80    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.80    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    281 ::/0                     fe80::2a16:2eff:fe01:5169
  1    306 ::1/128                  On-link
 13     33 2602:304:b00b:3380::/64  On-link
 13    281 2602:304:b00b:3380:29ec:c124:1701:e284/128
                                    On-link
 13    281 2602:304:b00b:3380:6c2f:d87:59a:9d7c/128
                                    On-link
 13    281 fe80::/64                On-link
 13    281 fe80::29ec:c124:1701:e284/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/25/2014 10:44:32 AM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (03/25/2014 03:01:04 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSI878ce.LOG.

Error: (03/25/2014 03:00:43 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042308).

Error: (03/25/2014 03:00:43 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: GetComputerNameEx(3, NULL, [0]) [0].

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{8ef826b6-5964-11e0-b94f-806e6f6e6963}\
   Snapshot ID: {737dbab0-0b80-4a59-b4aa-3ea7a07639ff}

Error: (03/24/2014 08:55:25 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (03/24/2014 08:44:51 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (03/24/2014 08:30:14 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\SysWOW64\inetcpl.cpl for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program IE Per-User Initialization Utility because of this error.

Program: IE Per-User Initialization Utility
File: C:\Windows\SysWOW64\inetcpl.cpl

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
 - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
 - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C00000B5
Disk type: 3

Error: (03/24/2014 08:28:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: ie4uinit.exe, version: 9.0.8112.16421, time stamp: 0x4d762546
Faulting module name: ntdll.dll, version: 6.1.7600.21092, time stamp: 0x4ec4b2de
Exception code: 0xc0000006
Fault offset: 0x00059762
Faulting process id: 0x7c0
Faulting application start time: 0xie4uinit.exe0
Faulting application path: ie4uinit.exe1
Faulting module path: ie4uinit.exe2
Report Id: ie4uinit.exe3

Error: (03/24/2014 08:10:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: TOASTER.EXE, version: 1.0.3.50, time stamp: 0x4e6490af
Faulting module name: mscorwks.dll, version: 2.0.50727.4984, time stamp: 0x503f0189
Exception code: 0xc0000006
Fault offset: 0x005013b0
Faulting process id: 0x%9
Faulting application start time: 0xTOASTER.EXE0
Faulting application path: TOASTER.EXE1
Faulting module path: TOASTER.EXE2
Report Id: TOASTER.EXE3

Error: (03/24/2014 06:58:04 PM) (Source: Microsoft-Windows-User Profiles Service) (User: inspiron)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

System errors:
=============
Error: (03/25/2014 10:45:39 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (03/25/2014 10:45:15 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (03/25/2014 10:45:09 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (03/25/2014 10:44:35 AM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater17.1.2 service failed to start due to the following error:
%%2

Error: (03/25/2014 10:44:15 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (03/25/2014 10:44:31 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:41:56 AM on ?3/?25/?2014 was unexpected.

Error: (03/25/2014 10:40:55 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/25/2014 10:38:54 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/25/2014 10:36:53 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/25/2014 10:35:23 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.

Microsoft Office Sessions:
=========================
Error: (03/25/2014 10:44:32 AM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (03/25/2014 03:01:04 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Click-to-Run 2010Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition1603C:\Windows\TEMP\MSI878ce.LOG(NULL)(NULL)

Error: (03/25/2014 03:00:43 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042308

Error: (03/25/2014 03:00:43 AM) (Source: VSS)(User: )
Description: GetComputerNameEx(3, NULL, [0]) [0]

Operation:
   Processing BeginPrepareSnapshot
   Snapshot Context

Context:
   Execution Context: System Provider
   Volume Name: \\?\Volume{8ef826b6-5964-11e0-b94f-806e6f6e6963}\
   Snapshot ID: {737dbab0-0b80-4a59-b4aa-3ea7a07639ff}

Error: (03/24/2014 08:55:25 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (03/24/2014 08:44:51 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (03/24/2014 08:30:14 PM) (Source: Application Error)(User: )
Description: C:\Windows\SysWOW64\inetcpl.cplIE Per-User Initialization UtilityC00000B53

Error: (03/24/2014 08:28:15 PM) (Source: Application Error)(User: )
Description: ie4uinit.exe9.0.8112.164214d762546ntdll.dll6.1.7600.210924ec4b2dec0000006000597627c001cf47cdaca8519dC:\Windows\SysWOW64\ie4uinit.exeC:\Windows\SysWOW64\ntdll.dll7f8c0a37-b3cd-11e3-aedd-90004ee457b9

Error: (03/24/2014 08:10:07 PM) (Source: Application Error)(User: )
Description: TOASTER.EXE1.0.3.504e6490afmscorwks.dll2.0.50727.4984503f0189c0000006005013b0

Error: (03/24/2014 06:58:04 PM) (Source: Microsoft-Windows-User Profiles Service)(User: inspiron)
Description:

=========================== Installed Programs ============================

Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Aspera Connect 3.3.3.81344 (Version: 3.3.3.81344)
AVG SafeGuard toolbar (Version: 17.1.2.1)
Bing Rewards Client Installer (Version: 16.0.345.0)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Home Systems Service Agreement (Version: 2.0.0)
Dell MusicStage (Version: 1.4.162.0)
Dell Perks Webslice IE8 (Version: 8.0)
Dell PhotoStage (Version: 1.5.0.30)
Dell Stage (Version: 1.7.209.0)
Dell Support Center (Version: 3.0.5621.01)
Dell VideoStage (Version: 1.1.1.1408)
Dell Webcam Central (Version: 1.40.05)
ESET NOD32 Antivirus (Version: 7.0.302.26)
Google Chrome (Version: 33.0.1750.117)
Google Talk (remove only)
iCloud (Version: 2.1.2.8)
IDT Audio (Version: 1.0.6289.0)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2202)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.0000)
Intel® Rapid Storage Technology (Version: 9.6.4.1002)
Internet Explorer (Version: 8)
iTunes (Version: 11.0.4.4)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Student 2010 - English (Version: 14.0.5139.5005)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
ooVoo (Version: 3.6.1008)
Quickset64 (Version: 10.5.0)
QuickTime (Version: 7.70.80.34)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30127)
Roxio Burn (Version: 1.01)
Skype™ 6.1 (Version: 6.1.129)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Synaptics Pointing Device Driver (Version: 15.0.0.1)
TeamViewer 8 (Version: 8.0.26038)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
WIDCOMM Bluetooth Software (Version: 6.2.1.1100)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501) (Version: 03/24/2010 6.3.0.2501)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 2934.68 MB
Available physical RAM: 1577.84 MB
Total Pagefile: 5867.47 MB
Available Pagefile: 4368.51 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.65 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:188.69 GB) NTFS

========================= Users: ========================================

User accounts for \\INSPIRON

Administrator            Guest                    michal                  
rani                    

**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users