TechSpot

Svchost -> cpu 100% + various "PUM.dns" issues

Solved
By Kipps00
Aug 6, 2014
  1. Hi, I tried several sws to solve my issues but I wasn't able. Please help me..

    My main problem is a very slow pc, where svchost takes cpu to 100%. Only when I kill it several times the pc backs to normality and to a decent speed.

    Avira Free antivirus didn't catch any virus. Also MBAM gave clean scan result.

    Instead using RogueKiller I find every time various "PUM.dns"


    Report

    RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : MP [Admin rights]
    Mode : Scan -- Date : 08/06/2014 17:19:31

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 16 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 157.27.0.1 157.27.0.10 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 157.27.0.1 157.27.0.10 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 157.27.0.1 157.27.0.10 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Trovato
    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> Trovato
    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> Trovato
    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> Trovato
    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> Trovato

    ¤¤¤ Le attività pianificate : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

    ¤¤¤ I browser Web : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HM500JI +++++
    --- User ---
    [MBR] 2eb8fcbfc0757f4ba6d498cc3c658695
    [BSP] 48884e1b478496022e76d11615da4fef : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13514 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27678720 | Size: 100 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27883520 | Size: 463324 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_06012014_123629.log - RKreport_DEL_08062014_162005.log - RKreport_DEL_08062014_165714.log - RKreport_SCN_06012014_121551.log
    RKreport_SCN_08062014_161836.log - RKreport_SCN_08062014_165646.log
     
  2. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    Thank you for your help!!!

    Step 1: AV scan made, no results

    Step 2: MBAM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 07/08/2014
    Scan Time: 10:04:07
    Logfile: log mbam 07-08.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.07.01
    Rootkit Database: v2014.08.04.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7
    CPU: x64
    File System: NTFS
    User: MP

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 348043
    Time Elapsed: 41 min, 2 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  4. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    DDS

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16540 BrowserJavaVersion: 1.6.0_24
    Run by MP at 10:51:08 on 2014-08-07
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: AutorunsDisabled - <orphaned>
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: DisableStartupSound = dword:1
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: NameServer = 157.27.0.1 157.27.0.10
    TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DHCPNameServer = 157.27.0.1 157.27.0.10
    TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} : DHCPNameServer = 157.27.0.1 157.27.0.10
    TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\346525 : DHCPNameServer = 10.9.29.110 10.9.29.102
    TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\55E49465149425D2F40554E4 : DHCPNameServer = 157.27.0.1 157.27.0.10 157.27.4.1
    TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\D4F6E64716E6162796 : DHCPNameServer = 80.68.177.58 151.99.125.1
    TCP: Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} : DHCPNameServer = 83.224.70.77 83.224.70.54
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com?fr=fp-comodo
    FF - prefs.js: keyword.URL - hxxp://inm.startya.com/s/?src=FF-Address&site=Yahoo!&cfg=2-575-0-0&q=
    FF - prefs.js: network.proxy.gopher -
    FF - prefs.js: network.proxy.gopher_port - 0
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2014-08-06 14:29:21 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-08-06 14:22:47 -------- d-----w- C:\Windows\ERUNT
    2014-08-06 14:08:26 30312 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
    2014-08-06 09:27:43 -------- d-----w- C:\Users\MP\AppData\Roaming\Avira
    2014-08-06 08:34:19 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BAA0E62-2877-41F7-9A34-57AED6C1CEE5}\mpengine.dll
    2014-08-04 09:50:03 -------- d-----w- C:\Users\MP\AppData\Local\Kingsoft
    2014-08-01 13:16:39 -------- d-----w- C:\ProgramData\GlarySoft
    2014-08-01 13:16:32 20160 ----a-w- C:\Windows\System32\drivers\GUBootStartup.sys
    2014-08-01 13:16:28 17600 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
    2014-08-01 13:16:28 118048 ----a-w- C:\Windows\System32\BootDefrag.exe
    2014-08-01 13:16:28 -------- d-----w- C:\Users\MP\AppData\Roaming\DiskDefrag
    2014-08-01 13:15:52 -------- d-----w- C:\Program Files (x86)\Glary Utilities 5
    2014-07-11 13:45:13 -------- d-----w- C:\Users\MP\7kaa
    2014-07-11 13:44:36 -------- d-----w- C:\Program Files (x86)\7kaa2
    2014-07-08 19:04:15 -------- d-----w- C:\Program Files (x86)\Seven Kingdoms
    .
    ==================== Find3M ====================
    .
    2014-08-07 08:04:03 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-07-14 19:03:59 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-07-14 19:03:59 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2014-05-28 13:45:11 0 ----a-w- C:\Windows\ativpsrm.bin
    2014-05-12 05:26:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-05-12 05:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-05-12 05:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 10:54:26.68 ===============
     
  5. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    ATTACH

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/12/2010 19:14:07
    System Uptime: 07/08/2014 09:48:59 (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | N/A | 2399/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 240.67 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Scheda miniport WiFi virtuale Microsoft
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&108D72A9&0&01
    Manufacturer: Microsoft
    Name: Scheda miniport WiFi virtuale Microsoft
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&108D72A9&0&01
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    RP643: 05/08/2014 15:59:29 - Removed Microsoft Office Professional Plus 2013
    RP644: 05/08/2014 16:06:45 - Removed Microsoft Office Professional Plus 2013
    RP645: 05/08/2014 16:18:42 - Removed Microsoft Office Professional Plus 2013
    RP646: 05/08/2014 16:36:05 - Removed Microsoft Office Professional Plus 2013
    RP647: 05/08/2014 16:48:39 - Configured Microsoft Office Professional Plus 2013
    .
    ==== Installed Programs ======================
    .
    Moyea Video4Web Converter version 4.1.0.1
    64 Bit HP CIO Components Installer
    ABBYY FineReader 11
    AC3Filter 1.63b
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.9) - Italiano
    Adobe Shockwave Player 12.0
    Alps Pointing-device for VAIO
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo Burning Studio 10.0.1
    ATI Catalyst Install Manager
    µTorrent
    Auslogics BoostSpeed
    Auslogics Disk Defrag
    AVI to DVD Converter
    Avira Free Antivirus
    AviSynth 2.6
    Bass Audio Decoder (remove only)
    BlueGriffon versione 1.3
    BS.Player FREE
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CD Audio Reader Filter (remove only)
    CDisplayEx 1.8
    CodFree 5.00 - Codice Fiscale
    D3DX10
    DAEMON Tools Lite
    DCoder Image Source (remove only)
    DHTML Editing Component
    DIR2HTML (remove only)
    DirectVobSub (remove only)
    doPDF 7.2 printer
    Dropbox
    DScaler 5 Mpeg Decoders
    EditPlus 3
    eMail Extractor 3.6.6
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Event Manager
    Epson Print CD
    EPSON PX720WD Series Manuale
    EPSON PX720WD Series Printer Uninstall
    EPSON Scan
    EpsonNet Config V3
    EpsonNet Print
    EpsonNet Setup 3.3
    Everything 1.2.1.371
    ffdshow v1.1.3760 [2011-02-18]
    FFMPEG Core Files (remove only)
    FileZilla Client 3.5.1
    Formulario Immobiliare
    Glary Utilities 5.4
    Google Chrome
    Google Drive
    Google Update Helper
    Guida di rete EPSON PX720WD Series
    Helix YUV Codecs (remove only)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    iCloud
    iConvert
    ImgBurn
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 20 (64-bit)
    Java(TM) 6 Update 24
    K-Lite Codec Pack 7.6.0 (Basic)
    Kingsoft Writer (8.1.0.3019)
    Light Image Resizer 4.0.6.8
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware versione 2.0.2.1012
    Manuale VAIO
    Media Gallery
    Media Player Classic - Home Cinema v1.5.0.2827 x64
    Medieval CUE Splitter
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Access MUI (English) 2013
    Microsoft Access Setup Metadata MUI (English) 2013
    Microsoft Application Error Reporting
    Microsoft DCF MUI (English) 2013
    Microsoft Excel MUI (English) 2013
    Microsoft Groove MUI (English) 2013
    Microsoft InfoPath MUI (English) 2013
    Microsoft Lync MUI (English) 2013
    Microsoft Office 32-bit Components 2013
    Microsoft Office OSM MUI (English) 2013
    Microsoft Office OSM UX MUI (English) 2013
    Microsoft Office Professional Plus 2013
    Microsoft Office Proofing (English) 2013
    Microsoft Office Proofing Tools 2013 - English
    Microsoft Office Proofing Tools 2013 - Español
    Microsoft Office Shared 32-bit MUI (English) 2013
    Microsoft Office Shared MUI (English) 2013
    Microsoft Office Shared Setup Metadata MUI (English) 2013
    Microsoft OneNote MUI (English) 2013
    Microsoft Outlook MUI (English) 2013
    Microsoft PowerPoint MUI (English) 2013
    Microsoft Publisher MUI (English) 2013
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Word MUI (English) 2013
    Microsoft WSE 3.0 Runtime
    Microsoft XML Parser
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    mIRC
    Mozilla Firefox 30.0 (x86 it)
    Mozilla Maintenance Service
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML4 Parser
    OpenOffice.org 3.2
    OpenSource AVI Splitter (remove only)
    OpenSource DTS/AC3/DD+ Source Filter (remove only)
    OpenSource Flash Video Splitter (remove only)
    Opera 12.10
    Orca Browser
    Outils de vérification linguistique 2013 de Microsoft Office - Français
    PDF Merge Tool-1.0.0
    PDF Split And Merge Basic
    PMB VAIO Edition plug-in (Click to Disc)
    PMB VAIO Edition plug-in (VAIO Image Optimizer)
    PMB VAIO Edition plug-in (VAIO Movie Story)
    QuickTime
    RealMedia (remove only)
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Seven Kingdoms AA
    Skype Click to Call
    Skype™ 6.11
    SmartsysSoft Business Card Maker v3.00
    Spybot - Search & Destroy
    Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
    Supporto applicazioni Apple
    Supporto trasferimento VAIO
    swMSM
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VAIO - Media Gallery
    VAIO - PMB VAIO Edition plug-in (Click to Disc)
    VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
    VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
    VAIO Data Restore Tool
    VAIO DVD Menu Data
    VAIO Hardware Diagnostics
    VAIO Sample Contents
    VAIO Update
    VLC media player 1.1.10
    VMware Player
    VoiceOver Kit
    WIDCOMM Bluetooth Software
    WinDirStat 1.1.2
    WinRAR gestione archivi
    WPS Office (9.1.0.4746)
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  7. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    RK 1

    RogueKiller V9.2.6.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : MP [Admin rights]
    Mode : Remove -- Date : 08/07/2014 22:55:14

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 16 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Sostituito ()
    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> Cancellato
    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> Cancellato
    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]

    ¤¤¤ Le attività pianificate : 1 ¤¤¤
    [Suspicious.Path] WpsNotifyTask_MP.job -- C:\Users\MP\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe (-from=task) -> Cancellato

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

    ¤¤¤ I browser Web : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HM500JI +++++
    --- User ---
    [MBR] 2eb8fcbfc0757f4ba6d498cc3c658695
    [BSP] 48884e1b478496022e76d11615da4fef : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13514 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27678720 | Size: 100 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27883520 | Size: 463324 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_06012014_123629.log - RKreport_DEL_08062014_162005.log - RKreport_DEL_08062014_165714.log - RKreport_DEL_08062014_182927.log
    RKreport_SCN_06012014_121551.log - RKreport_SCN_08062014_161836.log - RKreport_SCN_08062014_165646.log - RKreport_SCN_08062014_171931.log
    RKreport_SCN_08072014_225051.log
     
  8. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    RK 2

    RogueKiller V9.2.6.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : MP [Admin rights]
    Mode : Remove -- Date : 08/07/2014 23:06:23

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()

    ¤¤¤ Le attività pianificate : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

    ¤¤¤ I browser Web : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HM500JI +++++
    --- User ---
    [MBR] 2eb8fcbfc0757f4ba6d498cc3c658695
    [BSP] 48884e1b478496022e76d11615da4fef : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13514 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27678720 | Size: 100 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27883520 | Size: 463324 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_06012014_123629.log - RKreport_DEL_08062014_162005.log - RKreport_DEL_08062014_165714.log - RKreport_DEL_08062014_182927.log
    RKreport_SCN_06012014_121551.log - RKreport_SCN_08062014_161836.log - RKreport_SCN_08062014_165646.log - RKreport_SCN_08062014_171931.log
    RKreport_SCN_08072014_225051.log - RKreport_DEL_08072014_225514.log - RKreport_SCN_08072014_230209.log - RKreport_DEL_08072014_230220.log
    RKreport_SCN_08072014_230614.log
     
  9. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    mbar log

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.08.07.09

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    MP :: MP-VAIO [administrator]

    07/08/2014 23:10:10
    mbar-log-2014-08-07 (23-10-10).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 350041
    Time elapsed: 18 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  10. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    system log

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7600 Windows 7 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_24

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 4141977600, free: 2693791744

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7600 Windows 7 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_24

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 4141977600, free: 2699456512

    Downloaded database version: v2014.08.07.09
    Downloaded database version: v2014.08.04.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    08/07/2014 23:09:26
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\DRIVERS\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\drivers\BootDefragDriver.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \??\C:\Windows\System32\drivers\GUBootStartup.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avkmgr.sys
    \SystemRoot\system32\DRIVERS\avipbb.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\drivers\rimssne64.sys
    \SystemRoot\system32\drivers\risdsne64.sys
    \SystemRoot\system32\DRIVERS\yk62x64.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\drivers\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\SFEP.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\intelppm.sys
    \SystemRoot\system32\drivers\CmBatt.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
    \SystemRoot\system32\DRIVERS\vmnetadapter.sys
    \SystemRoot\system32\DRIVERS\VMNET.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RtHDMIVX.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\system32\drivers\btwampfl.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\btwavdt.sys
    \SystemRoot\system32\drivers\btwaudio.sys
    \SystemRoot\system32\DRIVERS\btwl2cap.sys
    \SystemRoot\system32\DRIVERS\btwrchid.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\avgntflt.sys
    \SystemRoot\system32\DRIVERS\vmnetbridge.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\hcmon.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Windows\system32\drivers\vmnetuserif.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Windows\System32\drivers\TrueSight.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006431060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa800445a050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006431060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006431b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006431060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004459830, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa800445a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: DC153B7C

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 27676672

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 27678720 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 27883520 Numsec = 948887600

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-27678720-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  11. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    (RK showed again [PUM.DNS] and now a new " [PUM.Policies] " ... good or bad??)

    I'm ready for next step... :'(, meanwhile... I have to thank u a lot for your help.. you're great :cool::cool::cool:
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  13. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    Report TDSSKiller PART 1

    17:29:39.0571 0x07a0 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
    17:30:20.0958 0x07a0 ============================================================
    17:30:20.0958 0x07a0 Current date / time: 2014/08/08 17:30:20.0958
    17:30:20.0958 0x07a0 SystemInfo:
    17:30:20.0958 0x07a0
    17:30:20.0958 0x07a0 OS Version: 6.1.7600 ServicePack: 0.0
    17:30:20.0958 0x07a0 Product type: Workstation
    17:30:20.0958 0x07a0 ComputerName: MP-VAIO
    17:30:20.0958 0x07a0 UserName: MP
    17:30:20.0958 0x07a0 Windows directory: C:\Windows
    17:30:20.0958 0x07a0 System windows directory: C:\Windows
    17:30:20.0958 0x07a0 Running under WOW64
    17:30:20.0958 0x07a0 Processor architecture: Intel x64
    17:30:20.0958 0x07a0 Number of processors: 4
    17:30:20.0958 0x07a0 Page size: 0x1000
    17:30:20.0958 0x07a0 Boot type: Normal boot
    17:30:20.0958 0x07a0 ============================================================
    17:30:21.0379 0x07a0 KLMD registered as C:\Windows\system32\drivers\63524284.sys
    17:30:21.0863 0x07a0 System UUID: {E17BA3AB-10E5-C207-F82D-1569C2693A29}
    17:30:23.0673 0x07a0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:30:23.0891 0x07a0 ============================================================
    17:30:23.0891 0x07a0 \Device\Harddisk0\DR0:
    17:30:23.0953 0x07a0 MBR partitions:
    17:30:23.0953 0x07a0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A65800, BlocksNum 0x32000
    17:30:23.0953 0x07a0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A97800, BlocksNum 0x388EE030
    17:30:23.0969 0x07a0 ============================================================
    17:30:24.0016 0x07a0 C: <-> \Device\Harddisk0\DR0\Partition2
    17:30:24.0016 0x07a0 ============================================================
    17:30:24.0016 0x07a0 Initialize success
    17:30:24.0016 0x07a0 ============================================================
    17:30:27.0760 0x097c ============================================================
    17:30:27.0760 0x097c Scan started
    17:30:27.0760 0x097c Mode: Manual;
    17:30:27.0760 0x097c ============================================================
    17:30:27.0760 0x097c KSN ping started
    17:30:37.0432 0x097c KSN ping finished: true
    17:30:38.0196 0x097c ================ Scan system memory ========================
    17:30:38.0196 0x097c System memory - ok
    17:30:38.0212 0x097c ================ Scan services =============================
    17:30:38.0415 0x097c [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    17:30:38.0555 0x097c 1394ohci - ok
    17:30:38.0664 0x097c [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    17:30:38.0695 0x097c ACPI - ok
    17:30:38.0711 0x097c [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    17:30:38.0727 0x097c AcpiPmi - ok
    17:30:38.0961 0x097c [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:30:38.0976 0x097c AdobeARMservice - ok
    17:30:39.0023 0x097c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    17:30:39.0070 0x097c adp94xx - ok
    17:30:39.0117 0x097c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
    17:30:39.0148 0x097c adpahci - ok
    17:30:39.0210 0x097c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    17:30:39.0226 0x097c adpu320 - ok
    17:30:39.0382 0x097c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    17:30:39.0397 0x097c AeLookupSvc - ok
    17:30:39.0475 0x097c [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD C:\Windows\system32\drivers\afd.sys
    17:30:39.0522 0x097c AFD - ok
    17:30:39.0569 0x097c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    17:30:39.0585 0x097c agp440 - ok
    17:30:39.0600 0x097c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    17:30:39.0616 0x097c ALG - ok
    17:30:39.0631 0x097c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    17:30:39.0647 0x097c aliide - ok
    17:30:39.0694 0x097c [ 3F9B03B72577A6A7405BF30801CBD159, BBB2A26136D6F9BBE0D2982689797C6FF89E2026589CCFBB35D9B845C88472DD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    17:30:39.0819 0x097c AMD External Events Utility - ok
    17:30:39.0865 0x097c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    17:30:39.0865 0x097c amdide - ok
    17:30:39.0912 0x097c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    17:30:39.0928 0x097c AmdK8 - ok
    17:30:40.0396 0x097c [ EA244A8B88DE8B5986BF3B7903B063AF, 44BB9CCCB9A15BF64494318CE047017AF27B373FB5B57E5D05C88A16AE913672 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    17:30:40.0957 0x097c amdkmdag - ok
    17:30:41.0082 0x097c [ DCA6E341A4A7C31EA8A14C6166C9B249, 35319D428DD5BC055DC1E9B17BFC56C339E408929E9BC83878975DD01A68D652 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    17:30:41.0098 0x097c amdkmdap - ok
    17:30:41.0129 0x097c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    17:30:41.0145 0x097c AmdPPM - ok
    17:30:41.0191 0x097c [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
    17:30:41.0207 0x097c amdsata - ok
    17:30:41.0269 0x097c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    17:30:41.0285 0x097c amdsbs - ok
    17:30:41.0332 0x097c [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
    17:30:41.0332 0x097c amdxata - ok
    17:30:41.0519 0x097c [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    17:30:41.0550 0x097c AntiVirSchedulerService - ok
    17:30:41.0613 0x097c [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    17:30:41.0659 0x097c AntiVirService - ok
    17:30:41.0691 0x097c [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38, 916CA4FE1899609AB36E66CB90D69EC487C1913C9C542760564BCFFF1B6E8070 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
    17:30:41.0706 0x097c ApfiltrService - ok
    17:30:41.0737 0x097c [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
    17:30:41.0753 0x097c AppID - ok
    17:30:41.0800 0x097c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    17:30:41.0815 0x097c AppIDSvc - ok
    17:30:41.0831 0x097c [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
    17:30:41.0862 0x097c Appinfo - ok
    17:30:41.0987 0x097c [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:30:42.0003 0x097c Apple Mobile Device - ok
    17:30:42.0049 0x097c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
    17:30:42.0065 0x097c arc - ok
    17:30:42.0221 0x097c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
    17:30:42.0237 0x097c arcsas - ok
    17:30:42.0346 0x097c [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    17:30:42.0408 0x097c aspnet_state - ok
    17:30:42.0439 0x097c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    17:30:42.0455 0x097c AsyncMac - ok
    17:30:42.0580 0x097c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    17:30:42.0595 0x097c atapi - ok
    17:30:42.0751 0x097c [ CCA705CDF038D5BC243203CE4416B345, C907A4022411D9FDFD5FCEA8D067CF1713F786351FAFA739EDC5B5C3E66B1BAD ] athr C:\Windows\system32\DRIVERS\athrx.sys
    17:30:42.0923 0x097c athr - ok
    17:30:43.0531 0x097c [ EA244A8B88DE8B5986BF3B7903B063AF, 44BB9CCCB9A15BF64494318CE047017AF27B373FB5B57E5D05C88A16AE913672 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    17:30:43.0906 0x097c atikmdag - ok
    17:30:44.0421 0x097c [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:30:44.0592 0x097c AudioEndpointBuilder - ok
    17:30:44.0639 0x097c [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    17:30:44.0670 0x097c AudioSrv - ok
    17:30:44.0717 0x097c [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
    17:30:44.0733 0x097c avgntflt - ok
    17:30:44.0779 0x097c [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
    17:30:44.0795 0x097c avipbb - ok
    17:30:44.0826 0x097c [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
    17:30:44.0842 0x097c avkmgr - ok
    17:30:44.0857 0x097c [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    17:30:44.0998 0x097c AxInstSV - ok
    17:30:45.0060 0x097c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    17:30:45.0107 0x097c b06bdrv - ok
    17:30:45.0138 0x097c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:30:45.0169 0x097c b57nd60a - ok
    17:30:45.0201 0x097c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    17:30:45.0232 0x097c BDESVC - ok
    17:30:45.0247 0x097c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    17:30:45.0263 0x097c Beep - ok
    17:30:45.0450 0x097c [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
    17:30:45.0513 0x097c BFE - ok
    17:30:45.0606 0x097c [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\system32\qmgr.dll
    17:30:45.0684 0x097c BITS - ok
    17:30:45.0715 0x097c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    17:30:45.0731 0x097c blbdrive - ok
    17:30:45.0934 0x097c [ 369D7E0E01117A1A4A23C9C6A04EED06, 000793ECF7BF88A108A9FF623AF03508AD360854D08BD70DF32C22EBFE78E119 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys
    17:30:45.0949 0x097c BootDefragDriver - ok
    17:30:45.0996 0x097c [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    17:30:46.0012 0x097c bowser - ok
    17:30:46.0043 0x097c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    17:30:46.0043 0x097c BrFiltLo - ok
    17:30:46.0074 0x097c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    17:30:46.0090 0x097c BrFiltUp - ok
    17:30:46.0121 0x097c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    17:30:46.0137 0x097c BridgeMP - ok
    17:30:46.0293 0x097c [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser C:\Windows\System32\browser.dll
    17:30:46.0324 0x097c Browser - ok
    17:30:46.0371 0x097c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    17:30:46.0402 0x097c Brserid - ok
    17:30:46.0433 0x097c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    17:30:46.0433 0x097c BrSerWdm - ok
    17:30:46.0480 0x097c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:30:46.0495 0x097c BrUsbMdm - ok
    17:30:46.0511 0x097c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    17:30:46.0527 0x097c BrUsbSer - ok
    17:30:46.0667 0x097c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    17:30:46.0807 0x097c BthEnum - ok
    17:30:46.0839 0x097c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    17:30:46.0870 0x097c BTHMODEM - ok
    17:30:47.0026 0x097c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    17:30:47.0057 0x097c BthPan - ok
    17:30:47.0119 0x097c [ D59773C7FDD3D795D6FE402EEEA8D71E, 9A26A1A3254D7BCDFADFFC9FD5D1A53A3DF12AC874FB2525AD33B87E42EFC5B1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    17:30:47.0182 0x097c BTHPORT - ok
    17:30:47.0229 0x097c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    17:30:47.0260 0x097c bthserv - ok
    17:30:47.0307 0x097c [ 8504842634DD144C075B6B0C982CCEC4, BFBB8D67F146FBD4813BB8B29A3865C222966DA2B043732A5BCD759A40F4E5CE ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    17:30:47.0322 0x097c BTHUSB - ok
    17:30:47.0385 0x097c [ 59E3510784548C6939C1B3B985C232E3, 7284A4A880307A88C431DE8BA9195C2B256C8598757958B02DB6A80EBB57698E ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
    17:30:47.0416 0x097c btwampfl - ok
    17:30:47.0447 0x097c [ 1872074ED0A3FB22E3F1E3197B984BFA, 112F289BFE63B46D1E007E3C6761B5C5C8F499B6638CE896DF528FDDBBC1EA12 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    17:30:47.0478 0x097c btwaudio - ok
    17:30:47.0650 0x097c [ 691CF076C33AB1C3A5B2FD5450300733, C2C943D42B0A135BD255FA8985A00D36B0DD91546291E2D819FACE7C0B08287D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
    17:30:47.0681 0x097c btwavdt - ok
    17:30:48.0071 0x097c [ 8BA6E93A182126781952A7895EC1E4B2, C11F7187278BA72016D2168E653D6C904E0DFB5B173E4DFBF7D86AD73631D5A6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    17:30:48.0180 0x097c btwdins - ok
    17:30:48.0196 0x097c [ 07096D2BC22CCB6CEA5A532DF0BE8A75, A9B7F2EFFDF1E4EC0A5DC098F0ED2BE44E271844A4F1CBAD2FA1655DE1E03F6E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    17:30:48.0211 0x097c btwl2cap - ok
    17:30:48.0243 0x097c [ C9273B20DEC8CE38DBCE5D29DE63C907, 71D67A1A2EDA81351E8D8129824565E2ECA0CFA4DC844CE12F90AB7906ABA737 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    17:30:48.0258 0x097c btwrchid - ok
    17:30:48.0508 0x097c [ 72551A9AE5F68905DFC3CBA0D5242566, 15C273519C3AD1B2AF68F669125AFE607A86A60D680E299631D5E893C3CAA7E7 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    17:30:49.0600 0x097c c2cautoupdatesvc - ok
    17:30:49.0803 0x097c [ 6B669A00A431FF6CDCE67458933F5F0F, 81419EB18BB4EB96E48C99A1D45B0267E779E135427B3AEC872A1A5DD810B23F ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    17:30:49.0990 0x097c c2cpnrsvc - ok
    17:30:50.0239 0x097c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    17:30:50.0255 0x097c cdfs - ok
    17:30:50.0286 0x097c [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    17:30:50.0317 0x097c cdrom - ok
    17:30:50.0349 0x097c [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
    17:30:50.0364 0x097c CertPropSvc - ok
    17:30:50.0395 0x097c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
    17:30:50.0411 0x097c circlass - ok
    17:30:50.0458 0x097c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
    17:30:50.0520 0x097c CLFS - ok
    17:30:50.0583 0x097c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:30:50.0614 0x097c clr_optimization_v2.0.50727_32 - ok
    17:30:50.0661 0x097c [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:30:50.0676 0x097c clr_optimization_v2.0.50727_64 - ok
    17:30:51.0441 0x097c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:30:51.0581 0x097c clr_optimization_v4.0.30319_32 - ok
    17:30:51.0612 0x097c [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:30:51.0690 0x097c clr_optimization_v4.0.30319_64 - ok
    17:30:51.0737 0x097c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    17:30:51.0737 0x097c CmBatt - ok
    17:30:51.0768 0x097c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    17:30:51.0784 0x097c cmdide - ok
    17:30:51.0862 0x097c [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG C:\Windows\system32\Drivers\cng.sys
    17:30:52.0018 0x097c CNG - ok
    17:30:52.0049 0x097c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    17:30:52.0065 0x097c Compbatt - ok
    17:30:52.0221 0x097c [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    17:30:52.0314 0x097c CompositeBus - ok
    17:30:52.0330 0x097c COMSysApp - ok
    17:30:52.0611 0x097c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    17:30:52.0626 0x097c crcdisk - ok
    17:30:52.0704 0x097c [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    17:30:52.0845 0x097c CryptSvc - ok
    17:30:52.0907 0x097c [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
    17:30:52.0969 0x097c DcomLaunch - ok
    17:30:53.0110 0x097c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
    17:30:53.0203 0x097c defragsvc - ok
    17:30:53.0281 0x097c [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    17:30:53.0313 0x097c DfsC - ok
    17:30:53.0344 0x097c [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
    17:30:53.0625 0x097c Dhcp - ok
    17:30:53.0656 0x097c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
    17:30:53.0671 0x097c discache - ok
    17:30:53.0827 0x097c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
    17:30:53.0843 0x097c Disk - ok
    17:30:53.0890 0x097c [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    17:30:54.0046 0x097c Dnscache - ok
    17:30:54.0108 0x097c [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
    17:30:54.0155 0x097c dot3svc - ok
    17:30:54.0202 0x097c [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    17:30:54.0217 0x097c Dot4 - ok
    17:30:54.0264 0x097c [ 85135AD27E79B689335C08167D917CDE, B023ABF4CC71862AE107B27D3CD698517074A97FA76A8AE18058ACF39AC1E786 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    17:30:54.0280 0x097c Dot4Print - ok
    17:30:54.0311 0x097c [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    17:30:54.0327 0x097c dot4usb - ok
    17:30:54.0373 0x097c [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
    17:30:54.0405 0x097c DPS - ok
    17:30:54.0436 0x097c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    17:30:54.0467 0x097c drmkaud - ok
    17:30:54.0529 0x097c [ D3D64CF7B2BCEAA34A270F45A3FFFB36, 4374D4FB081A004C610707669F7817C55F247D1EB3DDA012CCDF080FF39BFAD2 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    17:30:54.0561 0x097c dtsoftbus01 - ok
    17:30:55.0590 0x097c [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    17:30:55.0668 0x097c DXGKrnl - ok
    17:30:55.0731 0x097c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
    17:30:55.0762 0x097c EapHost - ok
    17:30:56.0043 0x097c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
    17:30:56.0776 0x097c ebdrv - ok
    17:30:56.0869 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS C:\Windows\System32\lsass.exe
    17:30:56.0885 0x097c EFS - ok
    17:30:57.0010 0x097c [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    17:30:57.0088 0x097c ehRecvr - ok
    17:30:57.0135 0x097c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    17:30:57.0166 0x097c ehSched - ok
    17:30:57.0244 0x097c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    17:30:57.0306 0x097c elxstor - ok
    17:30:57.0322 0x097c EMSUSB2 - ok
    17:30:57.0353 0x097c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    17:30:57.0431 0x097c ErrDev - ok
    17:30:57.0618 0x097c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    17:30:57.0681 0x097c EventSystem - ok
    17:30:57.0727 0x097c [ 53913561A7089C9A4649CE4E42F6101B, A3806C76A179017EB7B51BBDFF9507C740BBBA7697819B2FD79E4B2D57E3130E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
    17:30:57.0759 0x097c ewusbnet - ok
    17:30:57.0805 0x097c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    17:30:57.0837 0x097c exfat - ok
    17:30:57.0868 0x097c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    17:30:57.0899 0x097c fastfat - ok
    17:30:58.0102 0x097c [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
    17:30:58.0195 0x097c Fax - ok
    17:30:58.0211 0x097c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
    17:30:58.0336 0x097c fdc - ok
    17:30:58.0367 0x097c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    17:30:58.0383 0x097c fdPHost - ok
    17:30:58.0398 0x097c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    17:30:58.0414 0x097c FDResPub - ok
    17:30:58.0445 0x097c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    17:30:58.0461 0x097c FileInfo - ok
    17:30:58.0476 0x097c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    17:30:58.0492 0x097c Filetrace - ok
    17:30:58.0601 0x097c [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    17:30:58.0679 0x097c FLEXnet Licensing Service - ok
    17:30:58.0773 0x097c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    17:30:58.0788 0x097c flpydisk - ok
    17:30:58.0819 0x097c [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    17:30:58.0851 0x097c FltMgr - ok
    17:30:59.0007 0x097c [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache C:\Windows\system32\FntCache.dll
    17:30:59.0163 0x097c FontCache - ok
    17:30:59.0225 0x097c [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:30:59.0303 0x097c FontCache3.0.0.0 - ok
    17:30:59.0350 0x097c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    17:30:59.0365 0x097c FsDepends - ok
    17:30:59.0537 0x097c [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    17:30:59.0537 0x097c Fs_Rec - ok
    17:30:59.0584 0x097c [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    17:30:59.0615 0x097c fvevol - ok
    17:30:59.0646 0x097c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    17:30:59.0662 0x097c gagp30kx - ok
    17:30:59.0709 0x097c [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:30:59.0724 0x097c GEARAspiWDM - ok
    17:30:59.0740 0x097c gfiark - ok
    17:30:59.0865 0x097c [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
    17:30:59.0943 0x097c gpsvc - ok
    17:31:00.0021 0x097c [ 9C5AAE8DF0FFF251FA8BF435E594C271, 4D36E0DF98643D8F1026E928ADECC7C9F4F5FDD3F1ED930845B38C84ACD96E89 ] GUBootStartup C:\Windows\System32\drivers\GUBootStartup.sys
    17:31:00.0036 0x097c GUBootStartup - ok
    17:31:00.0114 0x097c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:31:00.0161 0x097c gupdate - ok
    17:31:00.0177 0x097c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:31:00.0177 0x097c gupdatem - ok
    17:31:00.0301 0x097c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    17:31:00.0348 0x097c gusvc - ok
    17:31:00.0489 0x097c [ ADB4348DA1345877B04E22203AFC8993, D85FC268D1994944CED570A84B0B2E4F3EBFBE59823BE57285CB6CDDDF607358 ] hcmon C:\Windows\system32\drivers\hcmon.sys
    17:31:00.0504 0x097c hcmon - ok
    17:31:00.0535 0x097c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    17:31:00.0551 0x097c hcw85cir - ok
    17:31:00.0613 0x097c [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    17:31:00.0660 0x097c HdAudAddService - ok
    17:31:00.0707 0x097c [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    17:31:00.0723 0x097c HDAudBus - ok
    17:31:00.0769 0x097c [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
    17:31:00.0785 0x097c HECIx64 - ok
    17:31:00.0816 0x097c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    17:31:00.0816 0x097c HidBatt - ok
    17:31:00.0847 0x097c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    17:31:00.0863 0x097c HidBth - ok
    17:31:00.0894 0x097c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
    17:31:00.0910 0x097c HidIr - ok
    17:31:00.0941 0x097c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
    17:31:00.0972 0x097c hidserv - ok
    17:31:01.0191 0x097c [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    17:31:01.0315 0x097c HidUsb - ok
    17:31:01.0440 0x097c [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
    17:31:01.0565 0x097c hkmsvc - ok
    17:31:01.0705 0x097c [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:31:01.0861 0x097c HomeGroupListener - ok
    17:31:01.0893 0x097c [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:31:01.0939 0x097c HomeGroupProvider - ok
    17:31:01.0971 0x097c [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    17:31:01.0986 0x097c HpSAMD - ok
    17:31:02.0080 0x097c [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
    17:31:02.0173 0x097c HTTP - ok
    17:31:02.0205 0x097c [ D96A290F699081AE737390C0FE329D7C, 11D69424AD08AEA58AA546883535E6D8E51E2F3D0B5299549DC0B7A31498E982 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
    17:31:02.0236 0x097c hwdatacard - ok
    17:31:02.0251 0x097c [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    17:31:02.0267 0x097c hwpolicy - ok
    17:31:02.0517 0x097c [ E0C7255498640FC64B19AAE17FD6F965, 10BCE55F36A36F962A7BA774B8B4C0F07081EA1EAB0FD3B8C57AA01FE8CFDF48 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
    17:31:02.0532 0x097c hwusbfake - ok
    17:31:02.0563 0x097c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    17:31:02.0595 0x097c i8042prt - ok
    17:31:02.0657 0x097c [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\drivers\iaStor.sys
    17:31:02.0688 0x097c iaStor - ok
    17:31:02.0766 0x097c [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    17:31:02.0782 0x097c IAStorDataMgrSvc - ok
    17:31:02.0844 0x097c [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
    17:31:02.0907 0x097c iaStorV - ok
    17:31:03.0000 0x097c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    17:31:03.0156 0x097c IDriverT - ok
    17:31:03.0250 0x097c [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:31:03.0328 0x097c idsvc - ok
    17:31:04.0123 0x097c [ 2A22AB054F4630D2EF4BAB2853F6D5F6, 9CD7A5FFB7E25B51E9D311531EE5EC20CEAC356C7A27D52B61DA810DB412437B ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:31:04.0903 0x097c igfx - ok
    17:31:04.0981 0x097c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    17:31:04.0981 0x097c iirsp - ok
    17:31:05.0075 0x097c [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
    17:31:05.0137 0x097c IKEEXT - ok
    17:31:05.0278 0x097c [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\drivers\Impcd.sys
    17:31:05.0293 0x097c Impcd - ok
    17:31:05.0512 0x097c [ 526E482AFB586CB1CDD687869DECF686, DCF1D4772181AD14E8846C9B34387ADB6A8D56BE305A8926896AE35D3496A49F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    17:31:05.0652 0x097c IntcAzAudAddService - ok
    17:31:05.0715 0x097c [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:31:05.0746 0x097c IntcDAud - ok
    17:31:05.0777 0x097c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    17:31:05.0793 0x097c intelide - ok
    17:31:05.0839 0x097c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    17:31:05.0855 0x097c intelppm - ok
    17:31:05.0886 0x097c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    17:31:05.0917 0x097c IPBusEnum - ok
    17:31:05.0949 0x097c [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:31:05.0964 0x097c IpFilterDriver - ok
    17:31:06.0167 0x097c [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    17:31:06.0261 0x097c iphlpsvc - ok
    17:31:06.0292 0x097c [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    17:31:06.0354 0x097c IPMIDRV - ok
    17:31:06.0385 0x097c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    17:31:06.0417 0x097c IPNAT - ok
    17:31:06.0619 0x097c [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    17:31:06.0682 0x097c iPod Service - ok
    17:31:06.0713 0x097c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    17:31:06.0713 0x097c IRENUM - ok
    17:31:06.0760 0x097c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    17:31:06.0807 0x097c isapnp - ok
    17:31:06.0869 0x097c [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    17:31:06.0900 0x097c iScsiPrt - ok
    17:31:06.0931 0x097c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    17:31:06.0947 0x097c kbdclass - ok
    17:31:06.0978 0x097c [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    17:31:06.0994 0x097c kbdhid - ok
    17:31:07.0009 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso C:\Windows\system32\lsass.exe
    17:31:07.0009 0x097c KeyIso - ok
    17:31:07.0025 0x097c KMService - ok
    17:31:07.0087 0x097c [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    17:31:07.0103 0x097c KSecDD - ok
    17:31:07.0243 0x097c [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    17:31:07.0259 0x097c KSecPkg - ok
    17:31:07.0275 0x097c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    17:31:07.0290 0x097c ksthunk - ok
    17:31:07.0337 0x097c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    17:31:07.0384 0x097c KtmRm - ok
    17:31:07.0446 0x097c [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer C:\Windows\System32\srvsvc.dll
    17:31:07.0477 0x097c LanmanServer - ok
    17:31:07.0540 0x097c [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:31:07.0555 0x097c LanmanWorkstation - ok
    17:31:07.0696 0x097c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    17:31:07.0711 0x097c lltdio - ok
    17:31:07.0743 0x097c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    17:31:07.0774 0x097c lltdsvc - ok
    17:31:07.0836 0x097c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    17:31:07.0852 0x097c lmhosts - ok
    17:31:07.0930 0x097c [ 3D23191672D83E90D1CF63927EE98136, 90EC8E0E0FCC838B7D258C76A5C92335A2F2B7AE36BD87B3BB4BCF187770B6DE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    17:31:07.0961 0x097c LMS - ok
    17:31:07.0992 0x097c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    17:31:08.0008 0x097c LSI_FC - ok
    17:31:08.0117 0x097c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    17:31:08.0148 0x097c LSI_SAS - ok
    17:31:08.0164 0x097c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    17:31:08.0179 0x097c LSI_SAS2 - ok
    17:31:08.0211 0x097c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    17:31:08.0226 0x097c LSI_SCSI - ok
    17:31:08.0289 0x097c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    17:31:08.0304 0x097c luafv - ok
    17:31:08.0398 0x097c [ 1A243DAD23BB639D47F25AB9EC51FCAD, 596A9676F38730B520F36BDA964C555F31FD9CD1A45CD5280A534C6336E344AF ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
    17:31:08.0429 0x097c mbamchameleon - ok
    17:31:08.0569 0x097c [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    17:31:08.0601 0x097c mcdbus - ok
    17:31:08.0679 0x097c [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    17:31:08.0710 0x097c Mcx2Svc - ok
    17:31:08.0741 0x097c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
    17:31:08.0757 0x097c megasas - ok
    17:31:08.0803 0x097c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    17:31:08.0835 0x097c MegaSR - ok
    17:31:08.0866 0x097c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    17:31:08.0881 0x097c MMCSS - ok
    17:31:09.0006 0x097c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    17:31:09.0022 0x097c Modem - ok
    17:31:09.0053 0x097c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    17:31:09.0069 0x097c monitor - ok
    17:31:09.0084 0x097c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    17:31:09.0100 0x097c mouclass - ok
    17:31:09.0131 0x097c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    17:31:09.0131 0x097c mouhid - ok
    17:31:09.0162 0x097c [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    17:31:09.0178 0x097c mountmgr - ok
    17:31:09.0271 0x097c [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:31:09.0303 0x097c MozillaMaintenance - ok
    17:31:09.0490 0x097c [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\drivers\mpio.sys
    17:31:09.0521 0x097c mpio - ok
    17:31:09.0537 0x097c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    17:31:09.0552 0x097c mpsdrv - ok
    17:31:09.0630 0x097c [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
     
  14. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    Part 2

    17:31:09.0693 0x097c MpsSvc - ok
    17:31:09.0724 0x097c [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    17:31:09.0755 0x097c MRxDAV - ok
    17:31:09.0880 0x097c [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:31:09.0895 0x097c mrxsmb - ok
    17:31:09.0958 0x097c [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:31:09.0989 0x097c mrxsmb10 - ok
    17:31:10.0005 0x097c [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:31:10.0020 0x097c mrxsmb20 - ok
    17:31:10.0051 0x097c [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\drivers\msahci.sys
    17:31:10.0067 0x097c msahci - ok
    17:31:10.0114 0x097c [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    17:31:10.0129 0x097c msdsm - ok
    17:31:10.0161 0x097c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    17:31:10.0192 0x097c MSDTC - ok
    17:31:10.0239 0x097c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    17:31:10.0239 0x097c Msfs - ok
    17:31:10.0348 0x097c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    17:31:10.0348 0x097c mshidkmdf - ok
    17:31:10.0363 0x097c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    17:31:10.0379 0x097c msisadrv - ok
    17:31:10.0426 0x097c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    17:31:10.0441 0x097c MSiSCSI - ok
    17:31:10.0457 0x097c msiserver - ok
    17:31:10.0473 0x097c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    17:31:10.0488 0x097c MSKSSRV - ok
    17:31:10.0504 0x097c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    17:31:10.0519 0x097c MSPCLOCK - ok
    17:31:10.0535 0x097c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    17:31:10.0551 0x097c MSPQM - ok
    17:31:10.0597 0x097c [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    17:31:10.0629 0x097c MsRPC - ok
    17:31:10.0660 0x097c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    17:31:10.0660 0x097c mssmbios - ok
    17:31:10.0785 0x097c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    17:31:10.0800 0x097c MSTEE - ok
    17:31:10.0816 0x097c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    17:31:10.0831 0x097c MTConfig - ok
    17:31:10.0847 0x097c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    17:31:10.0863 0x097c Mup - ok
    17:31:10.0925 0x097c [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
    17:31:10.0972 0x097c napagent - ok
    17:31:11.0034 0x097c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    17:31:11.0065 0x097c NativeWifiP - ok
    17:31:11.0143 0x097c [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
    17:31:11.0237 0x097c NDIS - ok
    17:31:11.0253 0x097c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    17:31:11.0268 0x097c NdisCap - ok
    17:31:11.0299 0x097c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    17:31:11.0299 0x097c NdisTapi - ok
    17:31:11.0331 0x097c [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    17:31:11.0346 0x097c Ndisuio - ok
    17:31:11.0377 0x097c [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    17:31:11.0409 0x097c NdisWan - ok
    17:31:11.0424 0x097c [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    17:31:11.0440 0x097c NDProxy - ok
    17:31:11.0487 0x097c [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    17:31:11.0502 0x097c Net Driver HPZ12 - ok
    17:31:11.0533 0x097c [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
    17:31:11.0658 0x097c Netaapl - ok
    17:31:11.0674 0x097c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    17:31:11.0689 0x097c NetBIOS - ok
    17:31:11.0721 0x097c [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    17:31:11.0752 0x097c NetBT - ok
    17:31:11.0799 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon C:\Windows\system32\lsass.exe
    17:31:11.0814 0x097c Netlogon - ok
    17:31:11.0861 0x097c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    17:31:11.0908 0x097c Netman - ok
    17:31:11.0970 0x097c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:31:12.0111 0x097c NetMsmqActivator - ok
    17:31:12.0142 0x097c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:31:12.0142 0x097c NetPipeActivator - ok
    17:31:12.0189 0x097c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    17:31:12.0235 0x097c netprofm - ok
    17:31:12.0251 0x097c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:31:12.0267 0x097c NetTcpActivator - ok
    17:31:12.0282 0x097c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:31:12.0298 0x097c NetTcpPortSharing - ok
    17:31:12.0313 0x097c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    17:31:12.0329 0x097c nfrd960 - ok
    17:31:12.0391 0x097c [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
    17:31:12.0547 0x097c NlaSvc - ok
    17:31:12.0594 0x097c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    17:31:12.0594 0x097c Npfs - ok
    17:31:12.0641 0x097c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    17:31:12.0657 0x097c nsi - ok
    17:31:12.0688 0x097c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    17:31:12.0688 0x097c nsiproxy - ok
    17:31:12.0844 0x097c [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    17:31:13.0078 0x097c Ntfs - ok
    17:31:13.0094 0x097c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    17:31:13.0109 0x097c Null - ok
    17:31:13.0140 0x097c [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
    17:31:13.0172 0x097c nvraid - ok
    17:31:13.0218 0x097c [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
    17:31:13.0250 0x097c nvstor - ok
    17:31:13.0281 0x097c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    17:31:13.0421 0x097c nv_agp - ok
    17:31:13.0468 0x097c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    17:31:13.0499 0x097c ohci1394 - ok
    17:31:13.0577 0x097c [ B9C125314A025127FE562C116D614AA3, 79C46C0BACEBBB5B8E1C162766B21587365A100BBAD01171C77B995C514BC7D6 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:31:13.0593 0x097c ose64 - ok
    17:31:13.0952 0x097c [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    17:31:14.0529 0x097c osppsvc - ok
    17:31:14.0700 0x097c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    17:31:14.0747 0x097c p2pimsvc - ok
    17:31:14.0810 0x097c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    17:31:14.0856 0x097c p2psvc - ok
    17:31:14.0888 0x097c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
    17:31:14.0903 0x097c Parport - ok
    17:31:14.0966 0x097c [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    17:31:14.0981 0x097c partmgr - ok
    17:31:15.0122 0x097c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
    17:31:15.0153 0x097c PcaSvc - ok
    17:31:15.0200 0x097c [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\drivers\pci.sys
    17:31:15.0231 0x097c pci - ok
    17:31:15.0278 0x097c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    17:31:15.0278 0x097c pciide - ok
    17:31:15.0324 0x097c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    17:31:15.0340 0x097c pcmcia - ok
    17:31:15.0387 0x097c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    17:31:15.0402 0x097c pcw - ok
    17:31:15.0465 0x097c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    17:31:15.0605 0x097c PEAUTH - ok
    17:31:15.0746 0x097c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    17:31:15.0746 0x097c PerfHost - ok
    17:31:15.0886 0x097c [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
    17:31:16.0058 0x097c pla - ok
    17:31:16.0151 0x097c [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    17:31:16.0198 0x097c PlugPlay - ok
    17:31:16.0229 0x097c [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    17:31:16.0245 0x097c Pml Driver HPZ12 - ok
    17:31:16.0276 0x097c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    17:31:16.0292 0x097c PNRPAutoReg - ok
    17:31:16.0323 0x097c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    17:31:16.0354 0x097c PNRPsvc - ok
    17:31:16.0463 0x097c [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    17:31:16.0510 0x097c PolicyAgent - ok
    17:31:16.0572 0x097c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
    17:31:16.0604 0x097c Power - ok
    17:31:16.0650 0x097c [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    17:31:16.0666 0x097c PptpMiniport - ok
    17:31:16.0697 0x097c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
    17:31:16.0713 0x097c Processor - ok
    17:31:16.0775 0x097c [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc C:\Windows\system32\profsvc.dll
    17:31:16.0869 0x097c ProfSvc - ok
    17:31:16.0900 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
    17:31:16.0916 0x097c ProtectedStorage - ok
    17:31:16.0947 0x097c [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    17:31:16.0962 0x097c Psched - ok
    17:31:17.0087 0x097c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    17:31:17.0181 0x097c ql2300 - ok
    17:31:17.0337 0x097c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    17:31:17.0352 0x097c ql40xx - ok
    17:31:17.0415 0x097c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    17:31:17.0446 0x097c QWAVE - ok
    17:31:17.0493 0x097c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    17:31:17.0508 0x097c QWAVEdrv - ok
    17:31:17.0540 0x097c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    17:31:17.0540 0x097c RasAcd - ok
    17:31:17.0586 0x097c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:31:17.0602 0x097c RasAgileVpn - ok
    17:31:17.0727 0x097c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    17:31:17.0742 0x097c RasAuto - ok
    17:31:17.0774 0x097c [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:31:17.0789 0x097c Rasl2tp - ok
    17:31:17.0836 0x097c [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
    17:31:17.0867 0x097c RasMan - ok
    17:31:17.0898 0x097c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    17:31:17.0914 0x097c RasPppoe - ok
    17:31:17.0945 0x097c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    17:31:17.0961 0x097c RasSstp - ok
    17:31:17.0992 0x097c [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    17:31:18.0023 0x097c rdbss - ok
    17:31:18.0054 0x097c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    17:31:18.0179 0x097c rdpbus - ok
    17:31:18.0195 0x097c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:31:18.0210 0x097c RDPCDD - ok
    17:31:18.0242 0x097c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    17:31:18.0242 0x097c RDPENCDD - ok
    17:31:18.0273 0x097c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    17:31:18.0273 0x097c RDPREFMP - ok
    17:31:18.0335 0x097c [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    17:31:18.0366 0x097c RDPWD - ok
    17:31:18.0413 0x097c [ E5DC9BA9E439D6DBDD79F8CAACB5BF01, 70CE6EAC4226A51508A469B3473E7A7C969E59AC50FF4076BE477DD7CCE0CB18 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    17:31:18.0444 0x097c rdyboost - ok
    17:31:18.0585 0x097c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    17:31:18.0616 0x097c RemoteAccess - ok
    17:31:18.0647 0x097c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    17:31:18.0678 0x097c RemoteRegistry - ok
    17:31:18.0710 0x097c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    17:31:18.0725 0x097c RFCOMM - ok
    17:31:18.0772 0x097c [ FA6ABC06B629DA29634D31F1FE0347BD, 6469EB5C43CFBF9D774DE09042E3E0B4A08B8A146A43450F591725418BF5104E ] rimspci C:\Windows\system32\drivers\rimssne64.sys
    17:31:18.0788 0x097c rimspci - ok
    17:31:18.0803 0x097c RimUsb - ok
    17:31:18.0834 0x097c [ 4AAFFFA67AC4DFA3D9985D78573887E2, A2A4623A1DFA3C1BF0B09390F3731AFF5616BF9E9144F5DEEAA89B37E445D834 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    17:31:18.0850 0x097c RimVSerPort - ok
    17:31:18.0897 0x097c [ 8F8539A7F5C117D4407B2985995671F2, D598C2F1F7B20E88386EADAFCA2616C3E4277521DDADF05C54933CCD9F5CA39B ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
    17:31:18.0912 0x097c risdsnpe - ok
    17:31:19.0037 0x097c [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    17:31:19.0053 0x097c ROOTMODEM - ok
    17:31:19.0084 0x097c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    17:31:19.0100 0x097c RpcEptMapper - ok
    17:31:19.0146 0x097c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    17:31:19.0146 0x097c RpcLocator - ok
    17:31:19.0209 0x097c [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
    17:31:19.0240 0x097c RpcSs - ok
    17:31:19.0256 0x097c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    17:31:19.0271 0x097c rspndr - ok
    17:31:19.0318 0x097c [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
    17:31:19.0349 0x097c RTHDMIAzAudService - ok
    17:31:19.0490 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs C:\Windows\system32\lsass.exe
    17:31:19.0490 0x097c SamSs - ok
    17:31:19.0521 0x097c sbapifs - ok
    17:31:19.0568 0x097c [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    17:31:19.0599 0x097c sbp2port - ok
    17:31:19.0739 0x097c [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    17:31:19.0958 0x097c SBSDWSCService - ok
    17:31:20.0020 0x097c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    17:31:20.0051 0x097c SCardSvr - ok
    17:31:20.0082 0x097c [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    17:31:20.0098 0x097c scfilter - ok
    17:31:20.0192 0x097c [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule C:\Windows\system32\schedsvc.dll
    17:31:20.0394 0x097c Schedule - ok
    17:31:20.0441 0x097c [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
    17:31:20.0441 0x097c SCPolicySvc - ok
    17:31:20.0472 0x097c [ 2C8D162EFAF73ABD36D8BCBB6340CAE7, DC40B08D39941D4FD0C3D5BEF279F50B66FE2D5859A0C85EF0DB11F91289DA9E ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    17:31:20.0504 0x097c sdbus - ok
    17:31:20.0535 0x097c [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    17:31:20.0566 0x097c SDRSVC - ok
    17:31:20.0613 0x097c [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
    17:31:20.0613 0x097c seclogon - ok
    17:31:20.0644 0x097c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
    17:31:20.0660 0x097c SENS - ok
    17:31:20.0800 0x097c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    17:31:20.0816 0x097c SensrSvc - ok
    17:31:20.0862 0x097c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
    17:31:20.0878 0x097c Serenum - ok
    17:31:20.0894 0x097c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
    17:31:20.0925 0x097c Serial - ok
    17:31:20.0956 0x097c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
    17:31:20.0972 0x097c sermouse - ok
    17:31:21.0018 0x097c [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE
     
  15. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    Part 3 (end)

    0 ] SessionEnv C:\Windows\system32\sessenv.dll
    17:31:21.0050 0x097c SessionEnv - ok
    17:31:21.0096 0x097c [ 286D3889E6AB5589646FF8A63CB928AE, 98D9D34521328F4F0B0B7C2CAB97BA0EC998B9F3F996B5ED08E17292F1CD9452 ] SFEP C:\Windows\system32\drivers\SFEP.sys
    17:31:21.0096 0x097c SFEP - ok
    17:31:21.0128 0x097c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    17:31:21.0237 0x097c sffdisk - ok
    17:31:21.0268 0x097c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    17:31:21.0284 0x097c sffp_mmc - ok
    17:31:21.0299 0x097c [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    17:31:21.0299 0x097c sffp_sd - ok
    17:31:21.0330 0x097c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    17:31:21.0346 0x097c sfloppy - ok
    17:31:21.0424 0x097c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    17:31:21.0471 0x097c SharedAccess - ok
    17:31:21.0564 0x097c [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    17:31:21.0736 0x097c ShellHWDetection - ok
    17:31:21.0752 0x097c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    17:31:21.0767 0x097c SiSRaid2 - ok
    17:31:21.0798 0x097c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    17:31:21.0814 0x097c SiSRaid4 - ok
    17:31:21.0923 0x097c [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    17:31:22.0079 0x097c SkypeUpdate - ok
    17:31:22.0142 0x097c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    17:31:22.0157 0x097c Smb - ok
    17:31:22.0204 0x097c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    17:31:22.0220 0x097c SNMPTRAP - ok
    17:31:22.0313 0x097c [ C3E69DB0A4E59564230E053232F39AC7, D7E4AC42C0731F69869E96F3AE9021ABD968E17C92283A54F265E73E6BD60ED5 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    17:31:22.0344 0x097c SOHCImp - ok
    17:31:22.0407 0x097c [ 65CC4779A29C3E82B987BD4961790DFF, 91D072ADBCD4AEB2E10D0CC97E89E92099E8061A601F1A88425B4A20FC50FF78 ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    17:31:22.0438 0x097c SOHDms - ok
    17:31:22.0500 0x097c [ F47D75CEE1844EEF4A9EA6EE768828FB, 242550EB5879476DD2CFC0E38FAF3C6D0263FEA7504BD73ED3B004E274D7CDF6 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    17:31:22.0578 0x097c SOHDs - ok
    17:31:22.0672 0x097c [ 5449FC97476F52E027409E703791E6A9, 88AFFBD1970575AB0E16B07AC7C6364879298320540F3451603DCBF54D551273 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    17:31:22.0703 0x097c SpfService - ok
    17:31:22.0750 0x097c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
    17:31:22.0750 0x097c spldr - ok
    17:31:22.0812 0x097c [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler C:\Windows\System32\spoolsv.exe
    17:31:22.0859 0x097c Spooler - ok
    17:31:23.0218 0x097c [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
    17:31:23.0421 0x097c sppsvc - ok
    17:31:23.0468 0x097c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    17:31:23.0499 0x097c sppuinotify - ok
    17:31:23.0577 0x097c [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv C:\Windows\system32\DRIVERS\srv.sys
    17:31:23.0624 0x097c srv - ok
    17:31:23.0655 0x097c [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    17:31:23.0702 0x097c srv2 - ok
    17:31:23.0858 0x097c [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    17:31:23.0873 0x097c srvnet - ok
    17:31:23.0920 0x097c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    17:31:23.0951 0x097c SSDPSRV - ok
    17:31:23.0967 0x097c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
    17:31:23.0998 0x097c SstpSvc - ok
    17:31:24.0029 0x097c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
    17:31:24.0045 0x097c stexstor - ok
    17:31:24.0107 0x097c [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
    17:31:24.0170 0x097c stisvc - ok
    17:31:24.0216 0x097c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
    17:31:24.0216 0x097c swenum - ok
    17:31:24.0310 0x097c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
    17:31:24.0357 0x097c swprv - ok
    17:31:24.0513 0x097c [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
    17:31:24.0638 0x097c SysMain - ok
    17:31:24.0716 0x097c [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
    17:31:24.0747 0x097c TabletInputService - ok
    17:31:24.0778 0x097c [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
    17:31:24.0825 0x097c TapiSrv - ok
    17:31:24.0872 0x097c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
    17:31:24.0887 0x097c TBS - ok
    17:31:25.0059 0x097c [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    17:31:25.0293 0x097c Tcpip - ok
    17:31:25.0418 0x097c [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    17:31:25.0527 0x097c TCPIP6 - ok
    17:31:25.0636 0x097c [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    17:31:25.0652 0x097c tcpipreg - ok
    17:31:25.0698 0x097c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    17:31:25.0714 0x097c TDPIPE - ok
    17:31:25.0761 0x097c [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    17:31:25.0761 0x097c TDTCP - ok
    17:31:25.0808 0x097c [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    17:31:25.0823 0x097c tdx - ok
    17:31:25.0854 0x097c [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\drivers\termdd.sys
    17:31:25.0870 0x097c TermDD - ok
    17:31:25.0948 0x097c [ 2556685956B353597B44B94B97CB3C9F, 71B0A3FC8C2646E05B4F082DFE199469D573476DB3DF3A34BA6BB5B151598F51 ] TermService C:\Windows\System32\termsrv.dll
    17:31:26.0088 0x097c TermService - ok
    17:31:26.0135 0x097c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
    17:31:26.0151 0x097c Themes - ok
    17:31:26.0198 0x097c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
    17:31:26.0213 0x097c THREADORDER - ok
    17:31:26.0244 0x097c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
    17:31:26.0276 0x097c TrkWks - ok
    17:31:26.0354 0x097c [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    17:31:26.0478 0x097c TrustedInstaller - ok
    17:31:26.0525 0x097c [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:31:26.0525 0x097c tssecsrv - ok
    17:31:26.0556 0x097c [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    17:31:26.0588 0x097c tunnel - ok
    17:31:26.0619 0x097c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    17:31:26.0634 0x097c uagp35 - ok
    17:31:26.0666 0x097c [ 0E5E962B5649D544BE54E8C90761EA2B, E595930B1B2F7E870A33D857047A53CA3EE63048C6CAE069633864B4C9888DDD ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    17:31:26.0697 0x097c udfs - ok
    17:31:26.0759 0x097c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
    17:31:26.0775 0x097c UI0Detect - ok
    17:31:26.0822 0x097c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    17:31:26.0837 0x097c uliagpkx - ok
    17:31:26.0946 0x097c [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    17:31:26.0962 0x097c umbus - ok
    17:31:26.0993 0x097c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
    17:31:27.0009 0x097c UmPass - ok
    17:31:27.0243 0x097c [ 11A559E0F10CC5E788984023DF400A6F, B16B6C2305B421402C2FA4D4D32A8359C4A5B5F14D14C04A1AE7BEC7EEA13047 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    17:31:27.0461 0x097c UNS - ok
    17:31:27.0524 0x097c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
    17:31:27.0570 0x097c upnphost - ok
    17:31:27.0602 0x097c [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    17:31:27.0602 0x097c USBAAPL64 - ok
    17:31:27.0648 0x097c [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    17:31:27.0664 0x097c usbccgp - ok
    17:31:27.0804 0x097c [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    17:31:27.0836 0x097c usbcir - ok
    17:31:27.0867 0x097c [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci C:\Windows\system32\drivers\usbehci.sys
    17:31:27.0882 0x097c usbehci - ok
    17:31:27.0945 0x097c [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    17:31:27.0976 0x097c usbhub - ok
    17:31:28.0007 0x097c [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    17:31:28.0023 0x097c usbohci - ok
    17:31:28.0070 0x097c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    17:31:28.0070 0x097c usbprint - ok
    17:31:28.0116 0x097c [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    17:31:28.0241 0x097c usbscan - ok
    17:31:28.0272 0x097c [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:31:28.0304 0x097c USBSTOR - ok
    17:31:28.0335 0x097c [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    17:31:28.0350 0x097c usbuhci - ok
    17:31:28.0397 0x097c [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    17:31:28.0413 0x097c usbvideo - ok
    17:31:28.0460 0x097c [ E388D1507E779D0B499A1D87476E4230, 9818AA09BFBCB5C26B13EF1B0F3702678CA5C5C284A9480E7DF31AFD9DC93197 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
    17:31:28.0475 0x097c usb_rndisx - ok
    17:31:28.0631 0x097c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
    17:31:28.0647 0x097c UxSms - ok
    17:31:28.0740 0x097c [ A60605FC66552B421EE1F3D4EBB9A4E0, DCAC76EACAABD38E3896F78B56F51D08ECCC46E360DC29857526929900455E07 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    17:31:28.0881 0x097c VAIO Event Service - ok
    17:31:28.0990 0x097c [ D469BE2723F79CF4B384680B1FDC577D, 8967D83D7A59E1C04F1A252246ABD7B64ABEC36BF02E3CA5BD672ABCA36E2BE0 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    17:31:29.0068 0x097c VAIO Power Management - ok
    17:31:29.0099 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc C:\Windows\system32\lsass.exe
    17:31:29.0115 0x097c VaultSvc - ok
    17:31:29.0271 0x097c [ 6888526AEB8DDABDE6F778FD40FC0693, 1559979A440559C1227F5CE30CC6351A3DE12E49B7222DC94A571CF61ADC9BEA ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    17:31:29.0583 0x097c VCFw - ok
    17:31:29.0692 0x097c [ F0672B2368E859284A4C44AE2CCA4C72, D7C8CF82658FE2BC040EF842AA682AC4BF9A9D006D36490B7A09083E7F8E1E3D ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    17:31:29.0786 0x097c VcmIAlzMgr - ok
    17:31:29.0864 0x097c [ E005B04DFCA99F5880C5111933194CA9, 9F3F48B3BA74DF5073D2A9767EB11B28CF54E01BA12FD269771187FB4BC26A3D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    17:31:30.0347 0x097c VcmINSMgr - ok
    17:31:30.0722 0x097c [ C8E3BA694CC5EACEC4C01660ACE40D56, 3090D939B8A6CB67E3393EE9B6EB3375A7EC8F6E9F0A350803C0EE4E7FD3B3BF ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
    17:31:30.0846 0x097c VcmXmlIfHelper - ok
    17:31:30.0878 0x097c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    17:31:30.0893 0x097c vdrvroot - ok
    17:31:30.0956 0x097c [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
    17:31:31.0002 0x097c vds - ok
    17:31:31.0065 0x097c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    17:31:31.0080 0x097c vga - ok
    17:31:31.0112 0x097c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
    17:31:31.0221 0x097c VgaSave - ok
    17:31:31.0268 0x097c [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    17:31:31.0283 0x097c vhdmp - ok
    17:31:31.0314 0x097c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
    17:31:31.0330 0x097c viaide - ok
    17:31:31.0346 0x097c vmci - ok
    17:31:31.0377 0x097c [ B259C31378BC855AFD1B53F59311C251, 5FEDEC6EBA72652B89F57E275B25CC6333BE78FB2B74DEADDD588CE1089DCE89 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
    17:31:31.0392 0x097c VMnetAdapter - ok
    17:31:31.0424 0x097c [ DEC4CE720FFEDA939CF1BA315CFBD993, B06BB836B824FC682F5FD84E1D6B313A4E99089A5CED2C14CC721D172C1E3C51 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
    17:31:31.0439 0x097c VMnetBridge - ok
    17:31:31.0470 0x097c [ B6A3766C3E99FB1F6663C6B4B7C3F3A1, 030361CEBB9C0D4185EE5DEBC851E1F61AB23ED19E610CE5C3E809AB52FBC25D ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
    17:31:31.0486 0x097c VMnetuserif - ok
    17:31:31.0517 0x097c [ 415B167695C4B5960A13098622EF3D80, E68AE845A6967E68FB22EB0F4D95631D041DA906801202F7662B22EAD34B2371 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
    17:31:31.0533 0x097c vmusb - ok
    17:31:31.0689 0x097c [ 8E06CA41344B90BF60701CA61515C3C4, 97D791A1545049C8106FE61A72CC6524DDFF5F0BF186932445A3F61AA46E4B6D ] vodafone_K3805-z_cdc_acm C:\Windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys
    17:31:31.0704 0x097c vodafone_K3805-z_cdc_acm - ok
    17:31:31.0736 0x097c [ EC1DF5164B659C59EA796843A9D290DD, 51A19B701460D928B2FD13749BFDDED1C27994CC9B4EE670E775267ED17814E6 ] vodafone_K3805-z_cdc_ecm C:\Windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys
    17:31:31.0751 0x097c vodafone_K3805-z_cdc_ecm - ok
    17:31:31.0782 0x097c [ CBEAE8F0FE727386DA202E67B3760294, A46A5A26000F4D492F15E848F2BA3479ED82E3B8CBEBD5283C6F4FEBFBEA40E7 ] vodafone_K3805-z_cpo C:\Windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys
    17:31:31.0782 0x097c vodafone_K3805-z_cpo - ok
    17:31:31.0814 0x097c [ 1E4D31FEC921300C5F262C52F5FCC666, 19FF08BD37908C1C49427DE8E6E69AA84E8EEEBD5A4B0F2226ED1A73C862D63D ] vodafone_K3805-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
    17:31:31.0829 0x097c vodafone_K3805-z_dc_enum - ok
    17:31:31.0860 0x097c [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    17:31:31.0876 0x097c volmgr - ok
    17:31:31.0938 0x097c [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    17:31:31.0970 0x097c volmgrx - ok
    17:31:32.0110 0x097c [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    17:31:32.0141 0x097c volsnap - ok
    17:31:32.0204 0x097c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    17:31:32.0219 0x097c vsmraid - ok
    17:31:32.0360 0x097c [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
    17:31:32.0484 0x097c VSS - ok
    17:31:32.0609 0x097c [ E55A44D8F9F713D5F5D5BBAEF2BA0A34, 2EB5AF46BD1EE7F8BE9BC53D9CA65D0A181522BF40248F8ED0A5F924E946D13F ] VUAgent C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
    17:31:32.0718 0x097c VUAgent - ok
    17:31:32.0750 0x097c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    17:31:32.0765 0x097c vwifibus - ok
    17:31:32.0796 0x097c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    17:31:32.0812 0x097c vwififlt - ok
    17:31:32.0843 0x097c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    17:31:32.0843 0x097c vwifimp - ok
    17:31:33.0015 0x097c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
    17:31:33.0062 0x097c W32Time - ok
    17:31:33.0233 0x097c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    17:31:33.0249 0x097c WacomPen - ok
    17:31:33.0296 0x097c [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    17:31:33.0311 0x097c WANARP - ok
    17:31:33.0342 0x097c [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    17:31:33.0342 0x097c Wanarpv6 - ok
    17:31:33.0530 0x097c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    17:31:33.0748 0x097c WatAdminSvc - ok
    17:31:33.0998 0x097c [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
    17:31:34.0122 0x097c wbengine - ok
    17:31:34.0169 0x097c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    17:31:34.0325 0x097c WbioSrvc - ok
    17:31:34.0372 0x097c [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc C:\Windows\System32\wcncsvc.dll
    17:31:34.0434 0x097c wcncsvc - ok
    17:31:34.0481 0x097c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    17:31:34.0715 0x097c WcsPlugInService - ok
    17:31:34.0746 0x097c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
    17:31:34.0762 0x097c Wd - ok
    17:31:34.0856 0x097c [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    17:31:34.0949 0x097c Wdf01000 - ok
    17:31:35.0074 0x097c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
    17:31:35.0105 0x097c WdiServiceHost - ok
    17:31:35.0136 0x097c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
    17:31:35.0152 0x097c WdiSystemHost - ok
    17:31:35.0230 0x097c [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient C:\Windows\System32\webclnt.dll
    17:31:35.0261 0x097c WebClient - ok
    17:31:35.0417 0x097c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    17:31:35.0480 0x097c Wecsvc - ok
    17:31:35.0526 0x097c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    17:31:35.0558 0x097c wercplsupport - ok
    17:31:35.0589 0x097c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
    17:31:35.0604 0x097c WerSvc - ok
    17:31:35.0667 0x097c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    17:31:35.0667 0x097c WfpLwf - ok
    17:31:35.0698 0x097c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    17:31:35.0714 0x097c WIMMount - ok
    17:31:35.0823 0x097c WinDefend - ok
    17:31:35.0885 0x097c WinHttpAutoProxySvc - ok
    17:31:35.0994 0x097c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    17:31:36.0041 0x097c Winmgmt - ok
    17:31:36.0057 0x097c WinRing0_1_2_0 - ok
    17:31:36.0993 0x097c [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
    17:31:37.0258 0x097c WinRM - ok
    17:31:37.0320 0x097c [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    17:31:37.0336 0x097c WinUsb - ok
    17:31:37.0445 0x097c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
    17:31:37.0554 0x097c Wlansvc - ok
    17:31:37.0679 0x097c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    17:31:37.0695 0x097c WmiAcpi - ok
    17:31:37.0757 0x097c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    17:31:37.0773 0x097c wmiApSrv - ok
    17:31:37.0944 0x097c WMPNetworkSvc - ok
    17:31:37.0976 0x097c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    17:31:37.0991 0x097c WPCSvc - ok
    17:31:38.0022 0x097c [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    17:31:38.0054 0x097c WPDBusEnum - ok
    17:31:38.0085 0x097c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    17:31:38.0100 0x097c ws2ifsl - ok
    17:31:38.0147 0x097c [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc C:\Windows\system32\wscsvc.dll
    17:31:38.0178 0x097c wscsvc - ok
    17:31:38.0194 0x097c WSearch - ok
    17:31:38.0490 0x097c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
    17:31:38.0678 0x097c wuauserv - ok
    17:31:38.0740 0x097c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    17:31:38.0771 0x097c WudfPf - ok
    17:31:38.0802 0x097c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:31:38.0834 0x097c WUDFRd - ok
    17:31:38.0880 0x097c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    17:31:38.0912 0x097c wudfsvc - ok
    17:31:38.0974 0x097c [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
    17:31:39.0021 0x097c WwanSvc - ok
    17:31:39.0114 0x097c [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
    17:31:39.0177 0x097c xnacc - ok
    17:31:39.0239 0x097c [ 5250193EF8E173AA7491250F00EB367F, FF33B5112C5702CBD8EF2B0B5E49428973054B961F3B105419F7A47E2057B8A6 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    17:31:39.0286 0x097c yukonw7 - ok
    17:31:39.0442 0x097c ================ Scan global ===============================
    17:31:39.0504 0x097c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    17:31:39.0567 0x097c [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
    17:31:39.0629 0x097c [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
    17:31:39.0676 0x097c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    17:31:39.0754 0x097c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    17:31:39.0785 0x097c [ Global ] - ok
    17:31:39.0801 0x097c ================ Scan MBR ==================================
    17:31:39.0816 0x097c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    17:31:40.0206 0x097c \Device\Harddisk0\DR0 - ok
    17:31:40.0206 0x097c ================ Scan VBR ==================================
    17:31:40.0206 0x097c [ F211BF92F1BF8A193339BFDFFA5163DC ] \Device\Harddisk0\DR0\Partition1
    17:31:40.0316 0x097c \Device\Harddisk0\DR0\Partition1 - ok
    17:31:40.0347 0x097c [ C1D620299A3A02654CEE33671C852163 ] \Device\Harddisk0\DR0\Partition2
    17:31:40.0347 0x097c \Device\Harddisk0\DR0\Partition2 - ok
    17:31:40.0347 0x097c ================ Scan generic autorun ======================
    17:31:41.0049 0x097c [ CAF4777D51A4DC6B62219A0C579F8723, 84BBF7625656BB3B10C0C4CEDEE539F044335CEEEFECFDD78CE908DBFF13F9A3 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    17:31:41.0938 0x097c RtHDVCpl - ok
    17:31:42.0110 0x097c [ 1A87CB56BB2385657C7808F876902C20, 277A36F3262BEF0B6FA24381BA09685B1C9E3B1A75C47D6E7C96DBBA4CAB41D1 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    17:31:42.0234 0x097c RtHDVBg - ok
    17:31:42.0234 0x097c Apoint - ok
    17:31:42.0468 0x097c [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    17:31:42.0531 0x097c avgnt - ok
    17:31:42.0671 0x097c [ FF6E979F2AD888C417B8A5476484F43B, 8967190A45CB6D8155285C01C0E45B35D60CF62B6800FF7006488AE2A5B81D15 ] C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
    17:31:42.0671 0x097c GUDelayStartup - ok
    17:31:42.0687 0x097c Waiting for KSN requests completion. In queue: 71
    17:31:43.0701 0x097c Waiting for KSN requests completion. In queue: 71
    17:31:44.0730 0x097c Waiting for KSN requests completion. In queue: 71
    17:31:45.0744 0x097c Waiting for KSN requests completion. In queue: 71
    17:31:46.0758 0x097c Waiting for KSN requests completion. In queue: 71
    17:31:47.0772 0x097c Waiting for KSN requests completion. In queue: 71
    17:31:48.0786 0x097c Waiting for KSN requests completion. In queue: 71
    17:31:49.0800 0x097c Waiting for KSN requests completion. In queue: 71
    17:31:50.0814 0x097c Waiting for KSN requests completion. In queue: 71
    17:31:51.0828 0x097c Waiting for KSN requests completion. In queue: 71
    17:31:53.0108 0x097c AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
    17:31:53.0170 0x097c Win FW state via NFP2: disabled
    17:32:02.0530 0x097c ============================================================
    17:32:02.0530 0x097c Scan finished
    17:32:02.0530 0x097c ============================================================
    17:32:02.0530 0x08a0 Detected object count: 0
    17:32:02.0530 0x08a0 Actual detected object count: 0
     
  16. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  17. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    Combofix log

    ComboFix 14-08-06.02 - MP 08/08/2014 19:27:01.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3950.2811 [GMT 2:00]
    Eseguito da: c:\users\MP\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Windows6.1-KB2750090-x64.msu
    C:\Windows6.1-KB2889748-x64.msu
    .
    ---- Esecuzione precedente -------
    .
    c:\users\MP\AppData\Local\Google\Chrome\User Data\Default\Preferences
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_PCSUService
    -------\Legacy_ACEDRV11
    .
    .
    ((((((((((((((((((((((((( Files Creati Da 2014-07-08 al 2014-08-08 )))))))))))))))))))))))))))))))))))
    .
    .
    2014-08-08 17:36 . 2014-08-08 17:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2014-08-07 21:09 . 2014-08-07 21:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-08-07 20:41 . 2014-08-07 20:41 29160 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
    2014-08-06 14:29 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-08-06 14:22 . 2014-08-06 14:22 -------- d-----w- c:\windows\ERUNT
    2014-08-06 14:08 . 2014-08-06 15:10 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-08-06 09:27 . 2014-08-06 09:27 -------- d-----w- c:\users\MP\AppData\Roaming\Avira
    2014-08-04 09:50 . 2014-08-04 09:51 -------- d-----w- c:\users\MP\AppData\Local\Kingsoft
    2014-08-01 13:16 . 2014-08-01 13:16 -------- d-----w- c:\programdata\GlarySoft
    2014-08-01 13:16 . 2014-08-01 13:16 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
    2014-08-01 13:16 . 2014-08-01 13:21 -------- d-----w- c:\users\MP\AppData\Roaming\DiskDefrag
    2014-08-01 13:16 . 2014-07-21 03:01 118048 ----a-w- c:\windows\system32\BootDefrag.exe
    2014-08-01 13:16 . 2014-07-18 07:11 17600 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
    2014-08-01 13:15 . 2014-08-06 08:28 -------- d-----w- c:\program files (x86)\Glary Utilities 5
    2014-07-11 13:45 . 2014-08-08 16:03 -------- d-----w- c:\users\MP\7kaa
    2014-07-11 13:44 . 2014-07-11 13:44 -------- d-----w- c:\program files (x86)\7kaa2
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-08-07 21:09 . 2014-06-01 08:38 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-07 21:09 . 2014-06-01 08:38 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-07-14 19:03 . 2013-05-13 13:46 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
    2014-07-14 19:03 . 2013-03-28 10:20 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2014-07-14 02:12 . 2014-08-06 08:34 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BAA0E62-2877-41F7-9A34-57AED6C1CEE5}\mpengine.dll
    2014-06-03 12:17 . 2013-03-28 10:20 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2014-05-12 05:26 . 2014-06-01 08:38 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-12 05:25 . 2014-06-01 08:38 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* I valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-07-21 37152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-14 750160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "DisableStartupSound"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
    "MobileBroadband"=c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    "IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    "Everything"="c:\program files (x86)\Everything\Everything.exe" -startup
    .
    R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    R3 EMSUSB2;EMSUSB2;c:\windows\system32\Drivers\EMSUSB2.SYS;c:\windows\SYSNATIVE\Drivers\EMSUSB2.SYS [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
    R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
    R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cdc_acm.sys [x]
    R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [x]
    R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cpo.sys [x]
    R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R4 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
    R4 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
    R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
    R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
    R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
    R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
    R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
    R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
    R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
    R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
    R4 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe;c:\program files\Sony\VAIO Update 5\VUAgent.exe [x]
    S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
    S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
    S3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-07-21 09:08 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
    .
    Contenuto della cartella 'Scheduled Tasks'
    .
    2014-08-08 c:\windows\Tasks\GlaryInitialize 5.job
    - c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21 03:00]
    .
    2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 02:06]
    .
    2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 02:06]
    .
    2014-08-01 c:\windows\Tasks\GU5SkipUAC.job
    - c:\program files (x86)\Glary Utilities 5\Integrator.exe [2014-07-21 03:00]
    .
    2014-08-08 c:\windows\Tasks\WpsNotifyTask_MP.job
    - c:\users\MP\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-08-04 09:50]
    .
    2013-01-30 c:\windows\Tasks\WpsUpdateTask_MP.job
    - c:\program files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe [2011-10-29 16:00]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
    "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
    .
    ------- Scansione supplementare -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.254 62.101.93.101 83.103.25.250
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com?fr=fp-comodo
    FF - prefs.js: keyword.URL - hxxp://inm.startya.com/s/?src=FF-Address&site=Yahoo!&cfg=2-575-0-0&q=
    FF - prefs.js: network.proxy.gopher -
    FF - prefs.js: network.proxy.gopher_port - 0
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - CHIAVI ORFANE RIMOSSE - - - -
    .
    AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
    .
    .
    .
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Altri processi in esecuzione ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Ora fine scansione: 2014-08-08 20:03:38 - Il pc è stato riavviato
    ComboFix-quarantined-files.txt 2014-08-08 18:03
    ComboFix2.txt 2013-03-05 10:27
    .
    Pre-Run: 258534449152 byte disponibili
    Post-Run: 258230382592 byte disponibili
    .
    - - End Of File - - 092158B552A2C264ED875CD77B9F180B
     
  18. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  19. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    ADWCleaner

    # AdwCleaner v3.304 - Rapporto creato 08/08/2014 in 21:24:14
    # Aggiornato 08/08/2014 di Xplode
    # Sistema operativo : Windows 7 Home Premium (64 bits)
    # Nome utente : MP - MP-VAIO
    # In esecuzione da : C:\Users\MP\Desktop\adwcleaner_3.304.exe
    # Opzione : Pulisci

    ***** [ Servizi ] *****


    ***** [ File / Cartelle ] *****


    ***** [ Compiti ] *****


    ***** [ Collegamenti ] *****


    ***** [ Registro ] *****


    ***** [ Browser ] *****

    -\\ Internet Explorer v9.0.8112.16540


    -\\ Mozilla Firefox v30.0 (it)

    [ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hu3f24gr.default\prefs.js ]


    [ File : C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\prefs.js ]


    -\\ Google Chrome v36.0.1985.125

    [ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    [ File : C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Eliminati [Search Provider] : hxxp://www.kelkoo.it/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true
    Eliminati [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    Eliminati [Search Provider] : hxxp://portale.provincia.vr.it/search?SearchableText={searchTerms}
    Eliminati [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10401&locale=it_IT&apn_uid=50383dfd-2961-41a5-8467-e40bb0125633&apn_ptnrs=%5EABZ&apn_sauid=A388D2A8-3D37-4F9E-807E-6AD77C6F0D09&apn_dtid=%5EYYYYYY%5EYY%5EIT&q={searchTerms}
    Eliminati [Search Provider] : hxxp://www2.comune.bolzanovicentino.vi.it/search?SearchableText={searchTerms}
    Eliminati [Search Provider] : hxxp://www.softonic.it/s/{searchTerms}
    Eliminati [Search Provider] : hxxp://isearch.glarysoft.com/?q={searchTerms}&src=gcsearch

    *************************

    AdwCleaner[R0].txt - [4789 octets] - [11/10/2013 09:39:32]
    AdwCleaner[R1].txt - [2870 octets] - [06/08/2014 16:28:13]
    AdwCleaner[R2].txt - [2150 octets] - [08/08/2014 21:22:04]
    AdwCleaner[S0].txt - [4702 octets] - [11/10/2013 09:42:47]
    AdwCleaner[S1].txt - [2804 octets] - [06/08/2014 16:36:00]
    AdwCleaner[S2].txt - [2082 octets] - [08/08/2014 21:24:14]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2142 octets] ##########
     
  20. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    JRT

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by MP on 08/08/2014 at 21:41:18.69
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6D0C0BC5-3DDF-4730-8244-0248F460353E}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\1oy0wvkw.default\minidumps [5 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 08/08/2014 at 21:56:43.04
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  21. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2014
    Ran by MP (administrator) on MP-VAIO on 08-08-2014 22:11:21
    Running from C:\Users\MP\Desktop
    Platform: Windows 7 Home Premium (X64) OS Language: Italiano (Italia)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-14] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3738606585-3584510924-2974000002-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-21] (Glarysoft Ltd)
    BootExecute: autocheck autochk * BootDefrag.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
    SearchScopes: HKCU - {1B4B4F9A-82A5-45CF-8DFE-8641164B34FB} URL = http://rover.ebay.com/rover/1/724-42445-16445-16/4?satitle={searchTerms}
    SearchScopes: HKCU - {3D5AB27F-4C60-4EB7-A007-627B01C2B3B8} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
    SearchScopes: HKCU - {A89CA510-D2CE-B184-4A81-8F61AD65D953} URL = http://it.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    SearchScopes: HKCU - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

    FireFox:
    ========
    FF ProfilePath: C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default
    FF SelectedSearchEngine: Google
    FF Homepage: hxxp://it.yahoo.com?fr=fp-comodo
    FF Keyword.URL: hxxp://inm.startya.com/s/?src=FF-Address&site=Yahoo!&cfg=2-575-0-0&q=
    FF NetworkProxy: "gopher", ""
    FF NetworkProxy: "gopher_port", 0
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xml
    FF Extension: Password Exporter - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13]
    FF Extension: Elite Proxy Switcher - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\Extensions\eliteproxyswitcher@my-proxy.com.xpi [2012-01-10]
    FF Extension: Free Hide IP - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\Extensions\support@free-hideip.com.xpi [2012-01-10]
    FF Extension: PDF Download - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2012-02-22]
    FF Extension: Adblock Plus - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-15]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-27]
    FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

    Chrome:
    =======
    CHR HomePage: chrome://newtab
    CHR Extension: (Documenti Google) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-22]
    CHR Extension: (Google Drive) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-22]
    CHR Extension: (YouTube) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-22]
    CHR Extension: (Ricerca Google) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-22]
    CHR Extension: (Skype Click to Call) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-22]
    CHR Extension: (Google Wallet) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
    CHR Extension: (Gmail) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-22]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-14] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-14] (Avira Operations GmbH & Co. KG)
    S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
    S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S4 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-06] () [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
    S4 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1250160 2010-05-31] (Sony Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-14] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
    R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-09] (DT Soft Ltd)
    S3 EMSUSB2; C:\Windows\SysWOW64\Drivers\EMSUSB2.SYS [9728 2007-01-03] () [File not signed]
    S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-07-23] (Huawei Technologies Co., Ltd.)
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-08-01] (Glarysoft Ltd)
    S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-06-24] (Intel Corporation) [File not signed]
    S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-24] (Intel(R) Corporation) [File not signed]
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-08-07] (Malwarebytes Corporation)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
    S3 vodafone_K3805-z_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [78336 2010-09-01] (Vodafone)
    S3 vodafone_K3805-z_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [88064 2010-09-01] (Vodafone)
    S3 vodafone_K3805-z_cpo; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cpo.sys [13824 2010-09-01] (Vodafone)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 gfiark; system32\drivers\gfiark.sys [X]
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
    S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
    S0 vmci; system32\DRIVERS\vmci.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-08 22:11 - 2014-08-08 22:12 - 00014260 _____ () C:\Users\MP\Desktop\FRST.txt
    2014-08-08 22:11 - 2014-08-08 22:11 - 00000000 ____D () C:\FRST
    2014-08-08 22:09 - 2014-08-08 22:09 - 02094080 _____ (Farbar) C:\Users\MP\Desktop\FRST64.exe
    2014-08-08 22:08 - 2014-08-08 22:09 - 02094080 _____ (Farbar) C:\Users\MP\Downloads\FRST64.exe
    2014-08-08 21:56 - 2014-08-08 21:56 - 00001031 _____ () C:\Users\MP\Desktop\JRT.txt
    2014-08-08 21:39 - 2014-08-08 21:39 - 01016261 _____ (Thisisu) C:\Users\MP\Desktop\JRT.exe
    2014-08-08 21:31 - 2014-08-08 21:31 - 00002222 _____ () C:\Users\MP\Desktop\AdwCleaner[S2].txt
    2014-08-08 21:20 - 2014-08-08 21:21 - 01366203 _____ () C:\Users\MP\Desktop\adwcleaner_3.304.exe
    2014-08-08 20:03 - 2014-08-08 20:03 - 00020031 _____ () C:\ComboFix.txt
    2014-08-08 19:47 - 2014-08-08 22:08 - 00032551 _____ () C:\Windows\WindowsUpdate.log
    2014-08-08 19:24 - 2014-08-08 20:04 - 00000000 ____D () C:\ComboFix
    2014-08-08 19:18 - 2014-08-08 19:19 - 05568206 ____R (Swearware) C:\Users\MP\Desktop\ComboFix.exe
    2014-08-08 18:10 - 2014-08-08 18:10 - 00000376 _____ () C:\Windows\Tasks\WpsNotifyTask_MP.job
    2014-08-08 17:39 - 2014-08-08 17:39 - 00108504 _____ () C:\Users\MP\Desktop\report tdsskiller.txt
    2014-08-08 17:25 - 2014-08-08 17:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\MP\Desktop\tdsskiller (1).exe
    2014-08-07 23:09 - 2014-08-07 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-07 23:08 - 2014-08-07 23:08 - 00000000 ____D () C:\Users\MP\Desktop\mbar-1.07.0.1012
    2014-08-07 23:06 - 2014-08-07 23:06 - 00002876 _____ () C:\Users\MP\Desktop\RKreport_DEL_08072014_230623___03.txt
    2014-08-07 22:57 - 2014-08-07 22:57 - 14349744 _____ (Malwarebytes Corp.) C:\Users\MP\Desktop\mbar-1.07.0.1012.exe
    2014-08-07 22:55 - 2014-08-07 22:55 - 00004771 _____ () C:\Users\MP\Desktop\RKreport_DEL_08072014_225514___002.txt
    2014-08-07 22:51 - 2014-08-07 22:51 - 00004650 _____ () C:\Users\MP\Desktop\RKreport_SCN_08072014_225051.log
    2014-08-07 22:41 - 2014-08-07 22:41 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-08-07 22:39 - 2014-08-07 22:40 - 04817496 _____ () C:\Users\MP\Desktop\RogueKiller (1).exe
    2014-08-07 10:54 - 2014-08-07 10:54 - 00010288 _____ () C:\Users\MP\Desktop\attach.txt
    2014-08-07 10:54 - 2014-08-07 10:54 - 00007352 _____ () C:\Users\MP\Desktop\dds.txt
    2014-08-07 10:48 - 2014-08-07 10:48 - 00688992 ____R (Swearware) C:\Users\MP\Downloads\dds.com
    2014-08-06 17:10 - 2014-08-06 17:15 - 00000293 _____ () C:\Users\MP\Desktop\help request.txt
    2014-08-06 16:37 - 2014-08-08 21:26 - 00001162 _____ () C:\Windows\PFRO.log
    2014-08-06 16:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-08-06 16:22 - 2014-08-06 16:22 - 00000000 ____D () C:\Windows\ERUNT
    2014-08-06 16:08 - 2014-08-06 17:10 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-08-06 16:08 - 2014-08-06 16:09 - 01361309 _____ () C:\Users\MP\Downloads\adwcleaner_3.302.exe
    2014-08-06 16:08 - 2014-08-06 16:09 - 01016261 _____ (Thisisu) C:\Users\MP\Downloads\JRT.exe
    2014-08-06 16:06 - 2014-08-06 16:06 - 05379160 _____ () C:\Users\MP\Downloads\RogueKillerX64.exe
    2014-08-06 16:05 - 2014-08-06 16:07 - 00003062 _____ () C:\Users\MP\Desktop\Rkill.txt
    2014-08-06 16:04 - 2014-08-06 16:04 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\MP\Downloads\iExplore.exe
    2014-08-06 16:01 - 2014-08-06 16:01 - 00000000 ____D () C:\Users\MP\Downloads\tdsskiller
    2014-08-06 16:00 - 2014-08-06 16:00 - 04161313 _____ () C:\Users\MP\Downloads\tdsskiller.zip
    2014-08-06 16:00 - 2014-08-06 16:00 - 00074604 _____ () C:\Users\MP\Downloads\How to remove SvcHost.exe virus (Malware Removal Guide).htm
    2014-08-06 16:00 - 2014-08-06 16:00 - 00000000 ____D () C:\Users\MP\Downloads\How to remove SvcHost.exe virus (Malware Removal Guide)_files
    2014-08-06 15:54 - 2014-08-06 15:54 - 00559063 _____ () C:\Users\MP\Downloads\Everything-1.3.4.686.x64-Setup.exe
    2014-08-06 12:22 - 2014-08-08 21:58 - 00000784 _____ () C:\Windows\setupact.log
    2014-08-06 12:22 - 2014-08-06 12:22 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-06 11:44 - 2014-08-06 11:44 - 00022410 _____ () C:\Users\MP\Downloads\Richiesta MODALITà DI INTEGRAZIONE AI SENSI DELLA LR 14 -09_02 (1).odt
    2014-08-06 11:27 - 2014-08-06 11:27 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Avira
    2014-08-04 17:55 - 2014-08-04 17:57 - 00000133 _____ () C:\Users\MP\Desktop\la scossa snc.txt
    2014-08-04 15:07 - 2014-08-04 16:04 - 00003696 _____ () C:\Users\MP\Desktop\mail punto per punto.txt
    2014-08-04 14:39 - 2014-08-04 14:39 - 00021600 _____ () C:\Users\MP\Downloads\Ministero della Giustizia. Patrocinio a spese dello Stato nei giudizi civili e amministrativi.xhtml
    2014-08-04 14:39 - 2014-08-04 14:39 - 00000000 ____D () C:\Users\MP\Downloads\Ministero della Giustizia. Patrocinio a spese dello Stato nei giudizi civili e amministrativi_files
    2014-08-04 13:23 - 2014-08-04 13:23 - 01318090 _____ () C:\Users\MP\Downloads\ACER_OP_DO_03_2014_Tender_documentation.zip
    2014-08-04 11:51 - 2014-08-04 11:51 - 00001543 _____ () C:\Users\MP\Desktop\WPS Writer.lnk
    2014-08-04 11:51 - 2014-08-04 11:51 - 00001541 _____ () C:\Users\MP\Desktop\WPS Presentation.lnk
    2014-08-04 11:51 - 2014-08-04 11:51 - 00001522 _____ () C:\Users\MP\Desktop\WPS Spreadsheets.lnk
    2014-08-04 11:51 - 2014-08-04 11:51 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
    2014-08-04 11:50 - 2014-08-04 11:51 - 00000000 ____D () C:\Users\MP\AppData\Local\Kingsoft
    2014-08-03 14:17 - 2014-08-03 14:17 - 00064300 _____ () C:\Users\MP\Downloads\allegati269705.zip
    2014-08-01 15:35 - 2014-08-01 15:35 - 00002610 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
    2014-08-01 15:21 - 2014-08-05 16:58 - 05125944 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-01 15:19 - 2014-08-01 15:19 - 00000000 ___HD () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
    2014-08-01 15:16 - 2014-08-08 22:01 - 00000322 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
    2014-08-01 15:16 - 2014-08-01 15:21 - 00000000 ____D () C:\Users\MP\AppData\Roaming\DiskDefrag
    2014-08-01 15:16 - 2014-08-01 15:16 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
    2014-08-01 15:16 - 2014-08-01 15:16 - 00001056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    2014-08-01 15:16 - 2014-08-01 15:16 - 00001044 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
    2014-08-01 15:16 - 2014-08-01 15:16 - 00000250 _____ () C:\Windows\Tasks\GU5SkipUAC.job
    2014-08-01 15:16 - 2014-08-01 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
    2014-08-01 15:16 - 2014-08-01 15:16 - 00000000 ____D () C:\ProgramData\GlarySoft
    2014-08-01 15:16 - 2014-07-21 05:01 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
    2014-08-01 15:16 - 2014-07-18 09:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
    2014-08-01 15:15 - 2014-08-06 10:28 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
    2014-08-01 15:15 - 2014-08-01 15:17 - 64044040 _____ (Kingsoft Corp. Ltd.) C:\Users\MP\Downloads\wps2014_9.1.0.4746_21.107.exe
    2014-08-01 15:13 - 2014-08-01 15:14 - 14094456 _____ () C:\Users\MP\Downloads\Glary_Utilities_v5.4.0.11.exe
    2014-08-01 15:12 - 2014-08-06 10:28 - 00147792 _____ () C:\Users\MP\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-07-31 22:05 - 2014-07-31 22:08 - 00000000 ____D () C:\Users\MP\Desktop\MC 2014
    2014-07-30 17:22 - 2014-07-30 17:22 - 00000047 _____ () C:\Users\MP\Desktop\progetto.txt
    2014-07-30 10:16 - 2014-07-30 10:16 - 09358015 _____ () C:\Users\MP\Downloads\foto zanon luca.zip
    2014-07-30 10:14 - 2014-07-30 10:14 - 00030264 _____ () C:\Users\MP\Downloads\OHSAS 18001.emf
    2014-07-30 10:10 - 2014-07-30 10:10 - 08424554 _____ () C:\Users\MP\Downloads\foto-corso-mirco.zip
    2014-07-25 12:50 - 2014-07-25 12:50 - 00021458 _____ () C:\Users\MP\Downloads\Bilancio 2013 per presentazione rev 25 luglio.odt
    2014-07-25 12:35 - 2014-07-25 12:35 - 00175020 _____ () C:\Users\MP\Downloads\viewNews.htm
    2014-07-25 12:35 - 2014-07-25 12:35 - 00000047 _____ () C:\Users\MP\Desktop\selezione aster eib.txt
    2014-07-25 12:35 - 2014-07-25 12:35 - 00000000 ____D () C:\Users\MP\Downloads\viewNews_files
    2014-07-21 17:43 - 2014-07-21 17:43 - 00039937 _____ () C:\Users\MP\Downloads\Regione Veneto - Riferimenti Uffici.htm
    2014-07-21 17:43 - 2014-07-21 17:43 - 00000000 ____D () C:\Users\MP\Downloads\Regione Veneto - Riferimenti Uffici_files
    2014-07-18 16:26 - 2014-07-18 16:26 - 02929152 _____ () C:\Users\MP\Downloads\Slides_23_marzo_2012.ppt
    2014-07-17 15:48 - 2014-07-17 15:48 - 00000095 _____ () C:\Users\MP\Desktop\ecampus novedrate.txt
    2014-07-17 12:41 - 2014-07-17 12:41 - 00006448 _____ () C:\Users\MP\Downloads\tariffe amministratore di condominio.com.htm
    2014-07-17 12:41 - 2014-07-17 12:41 - 00000000 ____D () C:\Users\MP\Downloads\tariffe amministratore di condominio.com_files
    2014-07-16 17:47 - 2014-07-16 17:47 - 00000085 _____ () C:\Users\MP\Desktop\email.txt
    2014-07-16 17:33 - 2014-07-16 18:12 - 00013375 _____ () C:\Users\MP\Documents\calendario pas.xlsx
    2014-07-16 17:17 - 2014-07-16 17:34 - 00001016 _____ () C:\Users\MP\Desktop\email nikolli.txt
    2014-07-15 14:41 - 2014-07-15 14:41 - 00056887 _____ () C:\Users\MP\Downloads\CCNL economico 2008 – 2009.htm
    2014-07-15 14:41 - 2014-07-15 14:41 - 00000000 ____D () C:\Users\MP\Downloads\CCNL economico 2008 – 2009_files
    2014-07-15 12:35 - 2014-07-15 12:35 - 00000497 _____ () C:\Users\MP\Desktop\rtd.txt
    2014-07-14 18:51 - 2014-07-14 18:51 - 00000084 _____ () C:\Users\MP\Desktop\to do list 14-07.txt
    2014-07-14 18:18 - 2014-07-14 18:18 - 00785418 _____ () C:\Users\MP\Downloads\Relazioni Relatori Benavente Ferrera.zip
    2014-07-14 18:16 - 2014-07-14 18:16 - 00991131 _____ () C:\Users\MP\Downloads\Margarita Checa Fortes.zip
    2014-07-13 14:28 - 2014-07-13 14:28 - 00292718 _____ () C:\Users\MP\Downloads\Relazione finale Leali Luisella Maria.7z
    2014-07-13 14:28 - 2014-07-13 14:28 - 00292718 _____ () C:\Users\MP\Downloads\Relazione finale Leali Luisella Maria (1).7z
    2014-07-13 14:28 - 2014-07-13 14:28 - 00092427 _____ () C:\Users\MP\Downloads\Tesina Francesca Libralato.7z
    2014-07-11 15:45 - 2014-08-08 21:11 - 00000000 ____D () C:\Users\MP\7kaa
    2014-07-11 15:44 - 2014-07-11 15:44 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seven Kingdoms AA
    2014-07-11 15:44 - 2014-07-11 15:44 - 00000000 ____D () C:\Program Files (x86)\7kaa2
    2014-07-11 15:38 - 2014-07-11 15:39 - 31018563 _____ () C:\Users\MP\Downloads\7kaa-install-win32-2.14.4.exe
    2014-07-11 15:27 - 2014-07-11 15:28 - 05513976 _____ (ReviverSoft LLC) C:\Users\MP\Downloads\RegistryReviverSetup.exe
    2014-07-09 18:53 - 2014-07-09 19:15 - 00048128 _____ () C:\Users\MP\Downloads\PASCalendarioEsami345 (1).xls
    2014-07-09 18:53 - 2014-07-09 18:54 - 00047616 _____ () C:\Users\MP\Downloads\PASCalendarioEsami545.xls
    2014-07-09 18:53 - 2014-07-09 18:53 - 00055808 _____ () C:\Users\MP\Downloads\PASCalendarioEsami345.xls
    2014-07-09 15:03 - 2014-07-09 18:50 - 00000442 _____ () C:\Users\MP\Desktop\idea incarico.txt
    2014-07-09 11:37 - 2014-07-09 11:37 - 00010189 _____ () C:\Users\MP\Downloads\VOTI DIDATTICA GENERALE E PEDAGOGIA SPECIALE A445 - A245.xlsx

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-08 22:12 - 2014-08-08 22:11 - 00014260 _____ () C:\Users\MP\Desktop\FRST.txt
    2014-08-08 22:12 - 2009-07-14 06:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-08 22:12 - 2009-07-14 06:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-08 22:11 - 2014-08-08 22:11 - 00000000 ____D () C:\FRST
    2014-08-08 22:09 - 2014-08-08 22:09 - 02094080 _____ (Farbar) C:\Users\MP\Desktop\FRST64.exe
    2014-08-08 22:09 - 2014-08-08 22:08 - 02094080 _____ (Farbar) C:\Users\MP\Downloads\FRST64.exe
    2014-08-08 22:08 - 2014-08-08 19:47 - 00032551 _____ () C:\Windows\WindowsUpdate.log
    2014-08-08 22:01 - 2014-08-01 15:16 - 00000322 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
    2014-08-08 22:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-08 21:58 - 2014-08-06 12:22 - 00000784 _____ () C:\Windows\setupact.log
    2014-08-08 21:56 - 2014-08-08 21:56 - 00001031 _____ () C:\Users\MP\Desktop\JRT.txt
    2014-08-08 21:39 - 2014-08-08 21:39 - 01016261 _____ (Thisisu) C:\Users\MP\Desktop\JRT.exe
    2014-08-08 21:31 - 2014-08-08 21:31 - 00002222 _____ () C:\Users\MP\Desktop\AdwCleaner[S2].txt
    2014-08-08 21:26 - 2014-08-06 16:37 - 00001162 _____ () C:\Windows\PFRO.log
    2014-08-08 21:25 - 2013-10-11 09:39 - 00000000 ____D () C:\AdwCleaner
    2014-08-08 21:21 - 2014-08-08 21:20 - 01366203 _____ () C:\Users\MP\Desktop\adwcleaner_3.304.exe
    2014-08-08 21:21 - 2014-04-03 09:34 - 00000000 ____D () C:\Program Files (x86)\Everything
    2014-08-08 21:11 - 2014-07-11 15:45 - 00000000 ____D () C:\Users\MP\7kaa
    2014-08-08 20:04 - 2014-08-08 19:24 - 00000000 ____D () C:\ComboFix
    2014-08-08 20:03 - 2014-08-08 20:03 - 00020031 _____ () C:\ComboFix.txt
    2014-08-08 20:03 - 2013-03-05 11:36 - 00000000 ____D () C:\Qoobox
    2014-08-08 19:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
    2014-08-08 19:37 - 2009-07-14 04:34 - 96206848 _____ () C:\Windows\system32\config\SOFTWARE.bak
    2014-08-08 19:37 - 2009-07-14 04:34 - 61865984 _____ () C:\Windows\system32\config\SYSTEM.bak
    2014-08-08 19:37 - 2009-07-14 04:34 - 04907008 _____ () C:\Windows\system32\config\DEFAULT.bak
    2014-08-08 19:37 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\SAM.bak
    2014-08-08 19:37 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
    2014-08-08 19:36 - 2013-03-05 11:23 - 00000000 ____D () C:\Windows\erdnt
    2014-08-08 19:19 - 2014-08-08 19:18 - 05568206 ____R (Swearware) C:\Users\MP\Desktop\ComboFix.exe
    2014-08-08 18:10 - 2014-08-08 18:10 - 00000376 _____ () C:\Windows\Tasks\WpsNotifyTask_MP.job
    2014-08-08 17:39 - 2014-08-08 17:39 - 00108504 _____ () C:\Users\MP\Desktop\report tdsskiller.txt
    2014-08-08 17:26 - 2014-08-08 17:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\MP\Desktop\tdsskiller (1).exe
    2014-08-07 23:28 - 2014-08-07 23:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-07 23:09 - 2014-06-01 10:38 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-07 23:09 - 2014-06-01 10:38 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-08-07 23:08 - 2014-08-07 23:08 - 00000000 ____D () C:\Users\MP\Desktop\mbar-1.07.0.1012
    2014-08-07 23:06 - 2014-08-07 23:06 - 00002876 _____ () C:\Users\MP\Desktop\RKreport_DEL_08072014_230623___03.txt
    2014-08-07 22:57 - 2014-08-07 22:57 - 14349744 _____ (Malwarebytes Corp.) C:\Users\MP\Desktop\mbar-1.07.0.1012.exe
    2014-08-07 22:55 - 2014-08-07 22:55 - 00004771 _____ () C:\Users\MP\Desktop\RKreport_DEL_08072014_225514___002.txt
    2014-08-07 22:51 - 2014-08-07 22:51 - 00004650 _____ () C:\Users\MP\Desktop\RKreport_SCN_08072014_225051.log
    2014-08-07 22:41 - 2014-08-07 22:41 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-08-07 22:40 - 2014-08-07 22:39 - 04817496 _____ () C:\Users\MP\Desktop\RogueKiller (1).exe
    2014-08-07 18:09 - 2012-02-03 17:11 - 00000000 ____D () C:\Users\Public\Documents\MP
    2014-08-07 14:23 - 2009-07-14 07:08 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-08-07 11:56 - 2012-07-01 19:54 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Kingsoft
    2014-08-07 11:54 - 2010-12-12 17:09 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Mozilla
    2014-08-07 10:54 - 2014-08-07 10:54 - 00010288 _____ () C:\Users\MP\Desktop\attach.txt
    2014-08-07 10:54 - 2014-08-07 10:54 - 00007352 _____ () C:\Users\MP\Desktop\dds.txt
    2014-08-07 10:48 - 2014-08-07 10:48 - 00688992 ____R (Swearware) C:\Users\MP\Downloads\dds.com
    2014-08-06 17:15 - 2014-08-06 17:10 - 00000293 _____ () C:\Users\MP\Desktop\help request.txt
    2014-08-06 17:10 - 2014-08-06 16:08 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-08-06 16:22 - 2014-08-06 16:22 - 00000000 ____D () C:\Windows\ERUNT
    2014-08-06 16:09 - 2014-08-06 16:08 - 01361309 _____ () C:\Users\MP\Downloads\adwcleaner_3.302.exe
    2014-08-06 16:09 - 2014-08-06 16:08 - 01016261 _____ (Thisisu) C:\Users\MP\Downloads\JRT.exe
    2014-08-06 16:08 - 2014-06-01 12:06 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-06 16:07 - 2014-08-06 16:05 - 00003062 _____ () C:\Users\MP\Desktop\Rkill.txt
    2014-08-06 16:06 - 2014-08-06 16:06 - 05379160 _____ () C:\Users\MP\Downloads\RogueKillerX64.exe
    2014-08-06 16:04 - 2014-08-06 16:04 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\MP\Downloads\iExplore.exe
    2014-08-06 16:01 - 2014-08-06 16:01 - 00000000 ____D () C:\Users\MP\Downloads\tdsskiller
    2014-08-06 16:00 - 2014-08-06 16:00 - 04161313 _____ () C:\Users\MP\Downloads\tdsskiller.zip
    2014-08-06 16:00 - 2014-08-06 16:00 - 00074604 _____ () C:\Users\MP\Downloads\How to remove SvcHost.exe virus (Malware Removal Guide).htm
    2014-08-06 16:00 - 2014-08-06 16:00 - 00000000 ____D () C:\Users\MP\Downloads\How to remove SvcHost.exe virus (Malware Removal Guide)_files
    2014-08-06 15:55 - 2010-07-30 13:41 - 00750866 _____ () C:\Windows\system32\perfh010.dat
    2014-08-06 15:55 - 2010-07-30 13:41 - 00151574 _____ () C:\Windows\system32\perfc010.dat
    2014-08-06 15:55 - 2009-07-14 07:13 - 01687854 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-06 15:54 - 2014-08-06 15:54 - 00559063 _____ () C:\Users\MP\Downloads\Everything-1.3.4.686.x64-Setup.exe
    2014-08-06 12:22 - 2014-08-06 12:22 - 00000000 _____ () C:\Windows\setuperr.log
    2014-08-06 11:44 - 2014-08-06 11:44 - 00022410 _____ () C:\Users\MP\Downloads\Richiesta MODALITà DI INTEGRAZIONE AI SENSI DELLA LR 14 -09_02 (1).odt
    2014-08-06 11:36 - 2010-12-11 20:22 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Adobe
    2014-08-06 11:27 - 2014-08-06 11:27 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Avira
    2014-08-06 10:49 - 2014-06-29 14:47 - 00000000 ____D () C:\Users\MP\AppData\Roaming\calibre
    2014-08-06 10:49 - 2014-04-07 19:45 - 00000000 ____D () C:\Users\MP\Documents\CAM Development
    2014-08-06 10:49 - 2013-11-27 15:54 - 00000000 ____D () C:\Users\MP\Documents\CentroStudi
    2014-08-06 10:49 - 2013-10-29 15:39 - 00000000 ____D () C:\Users\MP\Documents\New Star Soccer 5
    2014-08-06 10:49 - 2013-09-20 21:35 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Foxit Software
    2014-08-06 10:49 - 2013-09-13 16:00 - 00000000 ____D () C:\Users\MP\Downloads\eMule AdunanzA
    2014-08-06 10:49 - 2013-09-13 09:15 - 00000000 ____D () C:\Users\MP\AppData\Local\NPE
    2014-08-06 10:49 - 2013-08-20 13:59 - 00000000 ____D () C:\ebook
    2014-08-06 10:49 - 2013-07-26 16:42 - 00000000 ____D () C:\Users\MP\Documents\Chameleon files
    2014-08-06 10:49 - 2012-09-11 16:54 - 00000000 ____D () C:\Users\MP\Documents\Fum
    2014-08-06 10:49 - 2012-01-30 15:19 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Dropbox
    2014-08-06 10:49 - 2011-11-03 12:16 - 00000000 ____D () C:\Users\MP\AppData\Roaming\HandBrake
    2014-08-06 10:49 - 2011-09-11 12:25 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Apple Computer
    2014-08-06 10:49 - 2011-07-30 16:10 - 00000000 ____D () C:\Users\MP\AppData\Local\SKIDROW
    2014-08-06 10:49 - 2011-05-22 13:21 - 00000000 ____D () C:\Users\MP\AppData\Local\Sports Interactive
    2014-08-06 10:49 - 2011-05-15 16:38 - 00000000 ____D () C:\Users\MP\AppData\Roaming\vlc
    2014-08-06 10:49 - 2011-03-04 16:12 - 00000000 ____D () C:\Users\MP\Documents\BabasChess
    2014-08-06 10:49 - 2010-12-31 18:57 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Epson
    2014-08-06 10:49 - 2010-12-28 16:28 - 00000000 ____D () C:\Users\MP\AppData\Roaming\InstallShield
    2014-08-06 10:49 - 2010-12-24 17:39 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Skype
    2014-08-06 10:49 - 2010-12-18 21:28 - 00000000 ____D () C:\Users\MP\AppData\Roaming\ArcSoft
    2014-08-06 10:49 - 2010-12-17 00:09 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Ashampoo
    2014-08-06 10:49 - 2010-12-17 00:07 - 00000000 ____D () C:\Users\MP\AppData\Local\ashampoo
    2014-08-06 10:49 - 2010-12-16 23:31 - 00000000 ____D () C:\Users\MP\AppData\Roaming\uTorrent
    2014-08-06 10:49 - 2010-12-12 15:25 - 00000000 ____D () C:\Users\MP\Documents\Falegname
    2014-08-06 10:49 - 2010-12-12 14:38 - 00000000 ____D () C:\Users\MP\Documents\EURO VERONA
    2014-08-06 10:49 - 2010-12-12 13:27 - 00000000 ____D () C:\Users\MP\AppData\Roaming\EditPlus 3
    2014-08-06 10:49 - 2010-12-11 20:41 - 00000000 ____D () C:\Users\MP\AppData\Roaming\BSplayer
    2014-08-06 10:49 - 2010-12-11 20:14 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Sony Corporation
    2014-08-06 10:48 - 2014-06-27 16:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-08-06 10:48 - 2014-05-31 17:24 - 00000000 ____D () C:\NPE
    2014-08-06 10:48 - 2013-09-17 10:05 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
    2014-08-06 10:48 - 2013-06-03 13:38 - 00000000 ____D () C:\QuickOrganizer
    2014-08-06 10:48 - 2013-05-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
    2014-08-06 10:48 - 2012-12-30 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War
    2014-08-06 10:48 - 2012-10-25 22:34 - 00000000 ____D () C:\Program Files (x86)\Paradox Interactive
    2014-08-06 10:48 - 2012-07-01 19:54 - 00000000 ____D () C:\ProgramData\Kingsoft
    2014-08-06 10:48 - 2012-05-09 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-08-06 10:48 - 2012-02-01 16:42 - 00000000 ____D () C:\Program Files (x86)\BlueGriffon
    2014-08-06 10:48 - 2012-01-27 13:03 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
    2014-08-06 10:48 - 2011-07-22 01:41 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
    2014-08-06 10:48 - 2011-07-18 18:59 - 00000000 ____D () C:\Program Files (x86)\Radio Decoder
    2014-08-06 10:48 - 2011-06-25 18:00 - 00000000 ____D () C:\Program Files (x86)\Orca Browser
    2014-08-06 10:48 - 2011-04-15 14:37 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
    2014-08-06 10:48 - 2011-02-21 21:35 - 00000000 ____D () C:\ProgramData\FLEXnet
    2014-08-06 10:48 - 2010-12-31 17:02 - 00000000 ____D () C:\Users\MP\AppData\Local\ABBYY
    2014-08-06 10:48 - 2010-12-31 17:02 - 00000000 ____D () C:\ProgramData\ABBYY
    2014-08-06 10:48 - 2010-12-31 17:01 - 00000000 ____D () C:\Program Files\EpsonNet
    2014-08-06 10:48 - 2010-12-18 21:28 - 00000000 ___HD () C:\ProgramData\ArcSoft
    2014-08-06 10:48 - 2010-12-12 13:30 - 00000000 ____D () C:\Users\MP\AppData\Local\Adobe
    2014-08-06 10:48 - 2010-12-11 20:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-08-06 10:48 - 2010-12-11 20:22 - 00000000 ____D () C:\Users\MP\AppData\Local\Google
    2014-08-06 10:48 - 2010-07-30 03:56 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-08-06 10:48 - 2010-07-30 03:54 - 00000000 ____D () C:\ProgramData\Adobe
    2014-08-06 10:48 - 2010-07-13 00:47 - 00000000 ____D () C:\ProgramData\Sony Corporation
    2014-08-06 10:48 - 2010-07-12 23:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-08-06 10:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
    2014-08-06 10:36 - 2014-07-08 21:05 - 00002952 _____ () C:\Windows\System32\Tasks\{8C2C436B-4ABE-46C7-A51E-2477DD990866}
    2014-08-06 10:28 - 2014-08-01 15:15 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
    2014-08-06 10:28 - 2014-08-01 15:12 - 00147792 _____ () C:\Users\MP\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-08-05 16:58 - 2014-08-01 15:21 - 05125944 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-05 16:52 - 2013-04-02 16:52 - 00000000 ____D () C:\Program Files\Microsoft Office
    2014-08-05 16:52 - 2010-12-12 13:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-08-05 16:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-08-05 16:51 - 2013-04-02 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2014-08-05 16:49 - 2010-07-13 20:20 - 00000000 ____D () C:\Windows\ShellNew
    2014-08-05 16:49 - 2009-07-14 04:34 - 00000670 _____ () C:\Windows\win.ini
    2014-08-05 15:52 - 2010-12-12 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-08-04 17:57 - 2014-08-04 17:55 - 00000133 _____ () C:\Users\MP\Desktop\la scossa snc.txt
    2014-08-04 16:04 - 2014-08-04 15:07 - 00003696 _____ () C:\Users\MP\Desktop\mail punto per punto.txt
    2014-08-04 14:39 - 2014-08-04 14:39 - 00021600 _____ () C:\Users\MP\Downloads\Ministero della Giustizia. Patrocinio a spese dello Stato nei giudizi civili e amministrativi.xhtml
    2014-08-04 14:39 - 2014-08-04 14:39 - 00000000 ____D () C:\Users\MP\Downloads\Ministero della Giustizia. Patrocinio a spese dello Stato nei giudizi civili e amministrativi_files
    2014-08-04 13:23 - 2014-08-04 13:23 - 01318090 _____ () C:\Users\MP\Downloads\ACER_OP_DO_03_2014_Tender_documentation.zip
    2014-08-04 11:51 - 2014-08-04 11:51 - 00001543 _____ () C:\Users\MP\Desktop\WPS Writer.lnk
    2014-08-04 11:51 - 2014-08-04 11:51 - 00001541 _____ () C:\Users\MP\Desktop\WPS Presentation.lnk
    2014-08-04 11:51 - 2014-08-04 11:51 - 00001522 _____ () C:\Users\MP\Desktop\WPS Spreadsheets.lnk
    2014-08-04 11:51 - 2014-08-04 11:51 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
    2014-08-04 11:51 - 2014-08-04 11:50 - 00000000 ____D () C:\Users\MP\AppData\Local\Kingsoft
    2014-08-03 14:17 - 2014-08-03 14:17 - 00064300 _____ () C:\Users\MP\Downloads\allegati269705.zip
    2014-08-01 15:49 - 2013-10-09 09:20 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-01 15:49 - 2013-10-01 20:28 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-01 15:43 - 2014-07-08 21:03 - 00003134 _____ () C:\Windows\System32\Tasks\{80771E02-4D41-44FD-8B55-D45A10191996}
    2014-08-01 15:43 - 2013-05-07 21:41 - 00003424 _____ () C:\Windows\System32\Tasks\{29775616-2C34-4845-BB65-77D75FF574C7}
    2014-08-01 15:43 - 2013-04-02 19:54 - 00003234 _____ () C:\Windows\System32\Tasks\{2837CD6F-CD83-453B-BC88-D5BF5DF867DA}
    2014-08-01 15:41 - 2013-10-09 09:20 - 00004158 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-08-01 15:41 - 2013-10-09 09:20 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-08-01 15:41 - 2013-01-22 21:52 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-08-01 15:35 - 2014-08-01 15:35 - 00002610 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
    2014-08-01 15:21 - 2014-08-01 15:16 - 00000000 ____D () C:\Users\MP\AppData\Roaming\DiskDefrag
    2014-08-01 15:19 - 2014-08-01 15:19 - 00000000 ___HD () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
    2014-08-01 15:18 - 2014-05-14 10:52 - 00000000 ____D () C:\Users\MP\AppData\Roaming\DropboxMaster
    2014-08-01 15:18 - 2012-01-30 15:21 - 00000000 ___RD () C:\Users\MP\Dropbox
    2014-08-01 15:18 - 2011-06-13 23:57 - 00000000 ____D () C:\Users\MP\AppData\Roaming\GlarySoft
    2014-08-01 15:18 - 2011-06-13 23:53 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities
    2014-08-01 15:17 - 2014-08-01 15:15 - 64044040 _____ (Kingsoft Corp. Ltd.) C:\Users\MP\Downloads\wps2014_9.1.0.4746_21.107.exe
    2014-08-01 15:16 - 2014-08-01 15:16 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
    2014-08-01 15:16 - 2014-08-01 15:16 - 00001056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    2014-08-01 15:16 - 2014-08-01 15:16 - 00001044 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
    2014-08-01 15:16 - 2014-08-01 15:16 - 00000250 _____ () C:\Windows\Tasks\GU5SkipUAC.job
    2014-08-01 15:16 - 2014-08-01 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
    2014-08-01 15:16 - 2014-08-01 15:16 - 00000000 ____D () C:\ProgramData\GlarySoft
    2014-08-01 15:14 - 2014-08-01 15:13 - 14094456 _____ () C:\Users\MP\Downloads\Glary_Utilities_v5.4.0.11.exe
    2014-07-31 22:30 - 2010-12-11 20:40 - 00000000 ____D () C:\Users\MP\AppData\Roaming\mIRC
    2014-07-31 22:08 - 2014-07-31 22:05 - 00000000 ____D () C:\Users\MP\Desktop\MC 2014
    2014-07-30 17:22 - 2014-07-30 17:22 - 00000047 _____ () C:\Users\MP\Desktop\progetto.txt
    2014-07-30 12:16 - 2011-12-14 13:45 - 00000000 ____D () C:\Users\MP\Documents\GP
    2014-07-30 10:16 - 2014-07-30 10:16 - 09358015 _____ () C:\Users\MP\Downloads\foto zanon luca.zip
    2014-07-30 10:14 - 2014-07-30 10:14 - 00030264 _____ () C:\Users\MP\Downloads\OHSAS 18001.emf
    2014-07-30 10:10 - 2014-07-30 10:10 - 08424554 _____ () C:\Users\MP\Downloads\foto-corso-mirco.zip
    2014-07-26 08:57 - 2014-06-29 14:48 - 00000000 ____D () C:\Biblioteca di Calibre 02
    2014-07-25 12:50 - 2014-07-25 12:50 - 00021458 _____ () C:\Users\MP\Downloads\Bilancio 2013 per presentazione rev 25 luglio.odt
    2014-07-25 12:35 - 2014-07-25 12:35 - 00175020 _____ () C:\Users\MP\Downloads\viewNews.htm
    2014-07-25 12:35 - 2014-07-25 12:35 - 00000047 _____ () C:\Users\MP\Desktop\selezione aster eib.txt
    2014-07-25 12:35 - 2014-07-25 12:35 - 00000000 ____D () C:\Users\MP\Downloads\viewNews_files
    2014-07-21 17:43 - 2014-07-21 17:43 - 00039937 _____ () C:\Users\MP\Downloads\Regione Veneto - Riferimenti Uffici.htm
    2014-07-21 17:43 - 2014-07-21 17:43 - 00000000 ____D () C:\Users\MP\Downloads\Regione Veneto - Riferimenti Uffici_files
    2014-07-21 11:13 - 2013-10-15 16:26 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-07-21 05:01 - 2014-08-01 15:16 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
    2014-07-18 16:26 - 2014-07-18 16:26 - 02929152 _____ () C:\Users\MP\Downloads\Slides_23_marzo_2012.ppt
    2014-07-18 09:11 - 2014-08-01 15:16 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
    2014-07-17 15:48 - 2014-07-17 15:48 - 00000095 _____ () C:\Users\MP\Desktop\ecampus novedrate.txt
    2014-07-17 12:41 - 2014-07-17 12:41 - 00006448 _____ () C:\Users\MP\Downloads\tariffe amministratore di condominio.com.htm
    2014-07-17 12:41 - 2014-07-17 12:41 - 00000000 ____D () C:\Users\MP\Downloads\tariffe amministratore di condominio.com_files
    2014-07-16 18:12 - 2014-07-16 17:33 - 00013375 _____ () C:\Users\MP\Documents\calendario pas.xlsx
    2014-07-16 17:47 - 2014-07-16 17:47 - 00000085 _____ () C:\Users\MP\Desktop\email.txt
    2014-07-16 17:34 - 2014-07-16 17:17 - 00001016 _____ () C:\Users\MP\Desktop\email nikolli.txt
    2014-07-15 14:41 - 2014-07-15 14:41 - 00056887 _____ () C:\Users\MP\Downloads\CCNL economico 2008 – 2009.htm
    2014-07-15 14:41 - 2014-07-15 14:41 - 00000000 ____D () C:\Users\MP\Downloads\CCNL economico 2008 – 2009_files
    2014-07-15 12:35 - 2014-07-15 12:35 - 00000497 _____ () C:\Users\MP\Desktop\rtd.txt
    2014-07-14 21:03 - 2013-05-13 15:46 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
    2014-07-14 21:03 - 2013-03-28 12:20 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
    2014-07-14 18:51 - 2014-07-14 18:51 - 00000084 _____ () C:\Users\MP\Desktop\to do list 14-07.txt
    2014-07-14 18:18 - 2014-07-14 18:18 - 00785418 _____ () C:\Users\MP\Downloads\Relazioni Relatori Benavente Ferrera.zip
    2014-07-14 18:16 - 2014-07-14 18:16 - 00991131 _____ () C:\Users\MP\Downloads\Margarita Checa Fortes.zip
    2014-07-13 14:28 - 2014-07-13 14:28 - 00292718 _____ () C:\Users\MP\Downloads\Relazione finale Leali Luisella Maria.7z
    2014-07-13 14:28 - 2014-07-13 14:28 - 00292718 _____ () C:\Users\MP\Downloads\Relazione finale Leali Luisella Maria (1).7z
    2014-07-13 14:28 - 2014-07-13 14:28 - 00092427 _____ () C:\Users\MP\Downloads\Tesina Francesca Libralato.7z
    2014-07-11 16:41 - 2014-06-30 16:39 - 00051712 _____ () C:\Users\MP\Downloads\PAS Calendario esami stato A245 _03.xls
    2014-07-11 16:40 - 2014-06-28 15:37 - 00052736 _____ () C:\Users\MP\Downloads\PAS Calendario esami stato A445.xls
    2014-07-11 15:45 - 2010-12-11 20:14 - 00000000 ____D () C:\Users\MP
    2014-07-11 15:44 - 2014-07-11 15:44 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seven Kingdoms AA
    2014-07-11 15:44 - 2014-07-11 15:44 - 00000000 ____D () C:\Program Files (x86)\7kaa2
    2014-07-11 15:39 - 2014-07-11 15:38 - 31018563 _____ () C:\Users\MP\Downloads\7kaa-install-win32-2.14.4.exe
    2014-07-11 15:37 - 2014-07-08 21:04 - 00000000 ____D () C:\Program Files (x86)\Seven Kingdoms
    2014-07-11 15:28 - 2014-07-11 15:27 - 05513976 _____ (ReviverSoft LLC) C:\Users\MP\Downloads\RegistryReviverSetup.exe
    2014-07-09 19:15 - 2014-07-09 18:53 - 00048128 _____ () C:\Users\MP\Downloads\PASCalendarioEsami345 (1).xls
    2014-07-09 18:54 - 2014-07-09 18:53 - 00047616 _____ () C:\Users\MP\Downloads\PASCalendarioEsami545.xls
    2014-07-09 18:53 - 2014-07-09 18:53 - 00055808 _____ () C:\Users\MP\Downloads\PASCalendarioEsami345.xls
    2014-07-09 18:50 - 2014-07-09 15:03 - 00000442 _____ () C:\Users\MP\Desktop\idea incarico.txt
    2014-07-09 11:37 - 2014-07-09 11:37 - 00010189 _____ () C:\Users\MP\Downloads\VOTI DIDATTICA GENERALE E PEDAGOGIA SPECIALE A445 - A245.xlsx

    Files to move or delete:
    ====================
    C:\ProgramData\SMRResults410.dat


    Some content of TEMP:
    ====================
    C:\Users\MP\AppData\Local\Temp\avgnt.exe
    C:\Users\MP\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-31 20:18

    ==================== End Of Log ============================
     
  22. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    Addition

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2014
    Ran by MP at 2014-08-08 22:15:40
    Running from C:\Users\MP\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Moyea Video4Web Converter version 4.1.0.1 (HKLM-x32\...\{6E637484-7ED6-4AA5-BEDC-FD821F64D372}_is1) (Version: - )
    µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.31893 - BitTorrent Inc.)
    64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
    ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0009-0000-0001-074957833700}) (Version: 11.0.376 - ABBYY)
    AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
    Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ashampoo Burning Studio 10.0.1 (HKLM-x32\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.1 - ashampoo GmbH & Co. KG)
    ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
    Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.4 - Auslogics Software Pty Ltd)
    Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
    AVI to DVD Converter (HKLM-x32\...\AVI to DVD Converter) (Version: 3.0.26.0314 - Xilisoft)
    Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
    AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.2 - GPL Public release.)
    Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version: - )
    BlueGriffon versione 1.3 (HKLM-x32\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 1.3 - Disruptive Innovations SAS)
    BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
    Catalyst Control Center Core Implementation (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
    Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
    Catalyst Control Center Graphics Full New (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
    Catalyst Control Center Graphics Light (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
    Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0209.16.306 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2010.0920.2143.37117 - ATI Technologies, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
    CCC Help Chinese Standard (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Chinese Traditional (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Czech (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Danish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Dutch (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help English (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Finnish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help French (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help German (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Greek (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Hungarian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Italian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Japanese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Korean (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Norwegian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Polish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Portuguese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Russian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Spanish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Swedish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Thai (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    CCC Help Turkish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
    ccc-core-static (x32 Version: 2010.0920.2143.37117 - Nome società) Hidden
    ccc-utility64 (Version: 2010.0920.2143.37117 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
    CD Audio Reader Filter (remove only) (HKLM-x32\...\CD Audio Reader Filter) (Version: - )
    CDisplayEx 1.8 (HKLM-x32\...\CDisplayEx_is1) (Version: - Henri Gourvest.)
    CodFree 5.00 - Codice Fiscale (HKLM-x32\...\CodFree 5.00_is1) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
    DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version: - )
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    DIR2HTML (remove only) (HKLM-x32\...\DIR2HTML) (Version: - )
    DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version: - )
    doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
    Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
    DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version: - )
    EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version: - )
    eMail Extractor 3.6.6 (HKLM-x32\...\eMail Extractor_is1) (Version: - Max Programming LLC)
    Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
    Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
    EPSON PX720WD Series Manuale (HKLM-x32\...\EPSON PX720WD Series Manual) (Version: - )
    EPSON PX720WD Series Printer Uninstall (HKLM\...\EPSON PX720WD Series) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EpsonNet Config V3 (HKLM-x32\...\{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}) (Version: 3.5b - SEIKO EPSON CORPORATION)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
    EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
    Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - )
    ffdshow v1.1.3760 [2011-02-18] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3760.0 - )
    FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version: - )
    FileZilla Client 3.5.1 (HKLM-x32\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
    Formulario Immobiliare (HKLM-x32\...\{9F9CBCCA-738E-42E0-9AB9-8649B81C20C4}) (Version: 1.00.00 - Il Sole 24 Ore)
    Glary Utilities 5.4 (HKLM-x32\...\Glary Utilities 5) (Version: 5.4.0.11 - Glarysoft Ltd)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
    Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Guida di rete EPSON PX720WD Series (HKLM-x32\...\EPSON PX720WD Series Network Guide) (Version: - )
    Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version: - )
    iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
    iConvert (HKLM-x32\...\{843B8FEC-47AD-4EC8-AFCD-CB46ABA779BC}) (Version: 1.0.0 - TJ)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
    Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java Auto Updater (x32 Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
    Kingsoft Writer (8.1.0.3019) (HKLM-x32\...\Kingsoft Writer) (Version: 8.1.0.3019 - Kingsoft Corp.)
    K-Lite Codec Pack 7.6.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
    Light Image Resizer 4.0.6.8 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.0.6.8 - ObviousIdea)
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
    MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
    Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Manuale VAIO (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.1.0.05280 - Sony Corporation)
    Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
    Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
    Media Player Classic - Home Cinema v1.5.0.2827 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.0.2827 - MPC-HC Team) <==== ATTENTION
    Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
    Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft XML Parser (x32 Version: 8.20.8730.4 - Microsoft Corporation) Hidden
    Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
    Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    mIRC (HKLM-x32\...\mIRC) (Version: 7.17 - mIRC Co. Ltd.)
    Mozilla Firefox 30.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 it)) (Version: 30.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
    OpenOffice.org 3.2 (HKLM-x32\...\{691BD252-796D-4AE3-924C-C48A1CD4BEDF}) (Version: 3.2.9502 - OpenOffice.org)
    OpenSource AVI Splitter (remove only) (HKLM-x32\...\OpenSource AVI Splitter) (Version: - )
    OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM-x32\...\OpenSource DTS/AC3/DD+ Source Filter) (Version: - )
    OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: - )
    Opera 12.10 (HKLM-x32\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA)
    Orca Browser (HKLM-x32\...\OrcaBrowser) (Version: - )
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    PDF Merge Tool-1.0.0 (HKLM-x32\...\PDF Merge Tool) (Version: 1.0.0 - Darren Wurf)
    PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
    PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.4.00.12020 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.4.00.12020 - Sony Corporation) Hidden
    PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.4.00.12130 - Sony Corporation) Hidden
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    RealMedia (remove only) (HKLM-x32\...\RealMedia) (Version: - )
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
    Seven Kingdoms AA (HKLM-x32\...\7kaa) (Version: - )
    Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    SmartsysSoft Business Card Maker v3.00 (HKLM-x32\...\SmartsysSoft Business Card Maker v3.003.00) (Version: 3.00 - Friends in War)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
    Supporto applicazioni Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Supporto trasferimento VAIO (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.2.0.06230 - Sony Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
    VAIO - Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.3.0.06230 - Sony Corporation)
    VAIO - PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.3.00.06180 - Sony Corporation)
    VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{9CCA7C1A-6308-4F12-AEDD-D230CAAF847E}) (Version: 1.4.00.12020 - Sony Corporation)
    VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{5078F3C0-4920-49BB-8FF8-F4794D5BEA95}) (Version: 2.4.00.12130 - Sony Corporation)
    VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.4.0.05240 - Sony Corporation)
    VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
    VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.2.00.05120 - Sony Corporation)
    VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
    VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.3.0.06041 - Sony Corporation)
    VAIO Update (HKLM-x32\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.2.0.05310 - Sony Corporation)
    VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
    VMware Player (x32 Version: 4.0.1.27038 - VMware, Inc.) Hidden
    VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
    WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
    WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
    WinRAR gestione archivi (HKLM\...\WinRAR archiver) (Version: - )
    WPS Office (9.1.0.4746) (HKCU\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\MP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{87ACD5E9-0063-03CC-068E-3239BFEB73CA}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MP\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MP\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MP\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MP\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    05-08-2014 13:59:29 Removed Microsoft Office Professional Plus 2013
    05-08-2014 14:06:45 Removed Microsoft Office Professional Plus 2013
    05-08-2014 14:18:42 Removed Microsoft Office Professional Plus 2013
    05-08-2014 14:36:05 Removed Microsoft Office Professional Plus 2013
    05-08-2014 14:48:39 Configured Microsoft Office Professional Plus 2013
    07-08-2014 21:08:01 root 01

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2010-12-12 13:29 - 2014-08-08 19:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {069169D4-2CDE-4992-BA7B-AA573477E102} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
    Task: {1E5327DB-9502-4B43-BDCC-2D810E70FAB0} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
    Task: {21BDC277-7228-41ED-AA88-191DE01D2629} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe
    Task: {2ACB57E7-A225-4F27-BB7A-BC4470BE292E} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21] (Glarysoft Ltd)
    Task: {2B02A597-9667-4A79-8028-CD833BD79EDB} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
    Task: {3ED05737-EED4-4618-99AD-5660BB380571} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30] (Google Inc.)
    Task: {4FEB59B3-E6B6-4C8E-AE91-0CA0C137BB48} - System32\Tasks\SONY\VAIO Update\Launch Application => C:\Program Files\Sony\VAIO Update 5\ShellExeProxy.exe [2010-05-31] (Sony Corporation)
    Task: {54A9F159-F810-4EDD-A315-6A9ADF31F983} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
    Task: {5DA2BE8F-5721-4B97-AE65-51C51DC44E41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
    Task: {7833CF4B-8A2E-41FE-A62E-E7B99E76A7E0} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-05-31] (Sony Corporation)
    Task: {829799F7-0F8E-4999-8008-3F1A311A7DF9} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
    Task: {87FB807F-D02D-487A-A59D-47FDCA89214C} - System32\Tasks\{8C2C436B-4ABE-46C7-A51E-2477DD990866} => C:\Program Files (x86)\Seven Kingdoms\7kaa.exe [2009-12-09] ()
    Task: {8C27F551-1164-4FF6-9623-AA6E0F3B4099} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30] (Google Inc.)
    Task: {A96D3616-AE70-4DCA-AE7D-2835E26001EB} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
    Task: {B7F60148-CE45-49A0-82E1-9F3B4FBF779F} - \SUPERAntiSpyware Scheduled Task 36137c05-a6f8-4690-a2a6-dff9c2929dbf No Task File <==== ATTENTION
    Task: {C24F2A77-216E-4F73-A2C5-B23A60557E82} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-03-29] (Glarysoft Ltd)
    Task: {D29E34B5-8D92-40B2-8AEE-BEA51FA61CC3} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe
    Task: {DE5CC440-46D3-42DC-933D-1A6EBB7CF5F0} - \SUPERAntiSpyware Scheduled Task 0940fc3a-a121-4809-8a39-11c2ffdcdcd2 No Task File <==== ATTENTION
    Task: {F718F065-32AA-420C-8FFF-51AFCE6E220A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
    Task: {F8BFE429-0D92-424C-8686-BFE3E210A274} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe
    Task: {FA68AB10-7C2D-401A-9D86-C49D1174A159} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
    Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GU5SkipUAC.job => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    Task: C:\Windows\Tasks\WpsNotifyTask_MP.job => C:\Users\MP\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe
    Task: C:\Windows\Tasks\WpsUpdateTask_MP.job => C:\Program Files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2010-12-11 20:44 - 2010-03-28 13:26 - 00167424 _____ () C:\Program Files\WinRAR\rarext.dll
    2013-10-15 20:02 - 2013-10-15 20:02 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
    2010-07-12 23:29 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2014-01-03 08:59 - 2014-02-10 19:04 - 00430080 _____ () C:\Windows\mod_frst.exe

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\MP\Downloads\postacert.eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07328577.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07328577.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    HKU\.DEFAULT\Software\Classes\.exe: exefile => <===== ATTENTION!
    HKU\.DEFAULT\Software\Classes\exefile: <===== ATTENTION!

    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
    MSCONFIG\Services: ACDaemon => 3
    MSCONFIG\Services: AdobeActiveFileMonitor8.0 => 3
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AeLookupSvc => 3
    MSCONFIG\Services: ALG => 3
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: BDESVC => 3
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: btwdins => 2
    MSCONFIG\Services: cmdAgent => 2
    MSCONFIG\Services: Fax => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: ose64 => 3
    MSCONFIG\Services: osppsvc => 3
    MSCONFIG\Services: PcaSvc => 2
    MSCONFIG\Services: PMBDeviceInfoProvider => 2
    MSCONFIG\Services: RasMan => 3
    MSCONFIG\Services: SampleCollector => 2
    MSCONFIG\Services: SDRSVC => 3
    MSCONFIG\Services: SENS => 2
    MSCONFIG\Services: SessionEnv => 3
    MSCONFIG\Services: SOHCImp => 3
    MSCONFIG\Services: SOHDms => 3
    MSCONFIG\Services: SOHDs => 3
    MSCONFIG\Services: SpfService => 3
    MSCONFIG\Services: TomTomHOMEService => 2
    MSCONFIG\Services: VAIO Event Service => 2
    MSCONFIG\Services: VCFw => 3
    MSCONFIG\Services: VcmIAlzMgr => 3
    MSCONFIG\Services: VcmINSMgr => 3
    MSCONFIG\Services: VcmXmlIfHelper => 3
    MSCONFIG\Services: wlidsvc => 2
    MSCONFIG\Services: WMPNetworkSvc => 2
    MSCONFIG\Services: WPCSvc => 3
    MSCONFIG\Services: wuauserv => 2
    MSCONFIG\Services: wudfsvc => 3

    ==================== Faulty Device Manager Devices =============

    Name: Dispositivo Bluetooth (Personal Area Network)
    Description: Dispositivo Bluetooth (Personal Area Network)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: BthPan
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Scheda miniport WiFi virtuale Microsoft
    Description: Scheda miniport WiFi virtuale Microsoft
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (08/08/2014 10:01:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Il servizio Condivisione connessione Internet (ICS) dipende dal servizio Connection Manager di Accesso remoto che non è stato avviato per il seguente errore:
    %%1058

    Error: (08/08/2014 10:00:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio Dnscache.

    Error: (08/08/2014 09:59:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio Dnscache.

    Error: (08/08/2014 09:58:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Il servizio sbapifs non è stato avviato per il seguente errore:
    %%2


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-08-08 19:36:01.374
    Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

    Date: 2014-08-08 19:36:01.280
    Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.


    ==================== Memory info ===========================

    Percentage of memory in use: 28%
    Total physical RAM: 3950.1 MB
    Available physical RAM: 2821.8 MB
    Total Pagefile: 7898.33 MB
    Available Pagefile: 6711.09 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:452.46 GB) (Free:240.45 GB) NTFS
    Drive d: (HEROES2) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DC153B7C)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  23. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  24. Kipps00

    Kipps00 TS Rookie Topic Starter Posts: 22

    Fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2014
    Ran by MP at 2014-08-08 23:50:18 Run:1
    Running from C:\Users\MP\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 gfiark; system32\drivers\gfiark.sys [X]
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
    S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
    S0 vmci; system32\DRIVERS\vmci.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [X]
    C:\ProgramData\SMRResults410.dat
    C:\Users\MP\AppData\Local\Temp\avgnt.exe
    C:\Users\MP\AppData\Local\Temp\Quarantine.exe
    Task: {B7F60148-CE45-49A0-82E1-9F3B4FBF779F} - \SUPERAntiSpyware Scheduled Task 36137c05-a6f8-4690-a2a6-dff9c2929dbf No Task File <==== ATTENTION
    Task: {DE5CC440-46D3-42DC-933D-1A6EBB7CF5F0} - \SUPERAntiSpyware Scheduled Task 0940fc3a-a121-4809-8a39-11c2ffdcdcd2 No Task File <==== ATTENTION
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\MP\Downloads\postacert.eml:OECustomProperty
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07328577.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07328577.sys => ""="Driver"
    HKU\.DEFAULT\Software\Classes\.exe: exefile => <===== ATTENTION!
    HKU\.DEFAULT\Software\Classes\exefile: <===== ATTENTION!

    *****************

    catchme => Service deleted successfully.
    gfiark => Service deleted successfully.
    RimUsb => Service deleted successfully.
    sbapifs => Service deleted successfully.
    vmci => Service deleted successfully.
    WinRing0_1_2_0 => Service deleted successfully.
    C:\ProgramData\SMRResults410.dat => Moved successfully.
    C:\Users\MP\AppData\Local\Temp\avgnt.exe => Moved successfully.
    C:\Users\MP\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7F60148-CE45-49A0-82E1-9F3B4FBF779F}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7F60148-CE45-49A0-82E1-9F3B4FBF779F}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 36137c05-a6f8-4690-a2a6-dff9c2929dbf" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE5CC440-46D3-42DC-933D-1A6EBB7CF5F0}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE5CC440-46D3-42DC-933D-1A6EBB7CF5F0}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 0940fc3a-a121-4809-8a39-11c2ffdcdcd2" => Key deleted successfully.
    "C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
    "C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
    C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
    C:\Users\MP\Downloads\postacert.eml => ":OECustomProperty" ADS removed successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\07328577.sys" => Key deleted successfully.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\07328577.sys" => Key deleted successfully.
    "HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
    "HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
    "HKU\.DEFAULT\Software\Classes\exefile" => Key not found.

    ==== End of Fixlog ====
     
  25. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.