Solved Svchost -> cpu 100% + various "PUM.dns" issues

K

Kipps00

Posts: 22   +0
Hi, I tried several sws to solve my issues but I wasn't able. Please help me..

My main problem is a very slow pc, where svchost takes cpu to 100%. Only when I kill it several times the pc backs to normality and to a decent speed.

Avira Free antivirus didn't catch any virus. Also MBAM gave clean scan result.

Instead using RogueKiller I find every time various "PUM.dns"


Report

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : MP [Admin rights]
Mode : Scan -- Date : 08/06/2014 17:19:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 157.27.0.1 157.27.0.10 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 157.27.0.1 157.27.0.10 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 157.27.0.1 157.27.0.10 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Trovato
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Trovato
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> Trovato
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> Trovato
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> Trovato
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> Trovato

¤¤¤ Le attività pianificate : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM500JI +++++
--- User ---
[MBR] 2eb8fcbfc0757f4ba6d498cc3c658695
[BSP] 48884e1b478496022e76d11615da4fef : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13514 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27678720 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27883520 | Size: 463324 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_06012014_123629.log - RKreport_DEL_08062014_162005.log - RKreport_DEL_08062014_165714.log - RKreport_SCN_06012014_121551.log
RKreport_SCN_08062014_161836.log - RKreport_SCN_08062014_165646.log
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thank you for your help!!!

Step 1: AV scan made, no results

Step 2: MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07/08/2014
Scan Time: 10:04:07
Logfile: log mbam 07-08.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.07.01
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: MP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348043
Time Elapsed: 41 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16540 BrowserJavaVersion: 1.6.0_24
Run by MP at 10:51:08 on 2014-08-07
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableStartupSound = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 157.27.0.1 157.27.0.10
TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DHCPNameServer = 157.27.0.1 157.27.0.10
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} : DHCPNameServer = 157.27.0.1 157.27.0.10
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\346525 : DHCPNameServer = 10.9.29.110 10.9.29.102
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\55E49465149425D2F40554E4 : DHCPNameServer = 157.27.0.1 157.27.0.10 157.27.4.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\D4F6E64716E6162796 : DHCPNameServer = 80.68.177.58 151.99.125.1
TCP: Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} : DHCPNameServer = 83.224.70.77 83.224.70.54
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - hxxp://inm.startya.com/s/?src=FF-Address&site=Yahoo!&cfg=2-575-0-0&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-08-06 14:29:21 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-06 14:22:47 -------- d-----w- C:\Windows\ERUNT
2014-08-06 14:08:26 30312 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-08-06 09:27:43 -------- d-----w- C:\Users\MP\AppData\Roaming\Avira
2014-08-06 08:34:19 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BAA0E62-2877-41F7-9A34-57AED6C1CEE5}\mpengine.dll
2014-08-04 09:50:03 -------- d-----w- C:\Users\MP\AppData\Local\Kingsoft
2014-08-01 13:16:39 -------- d-----w- C:\ProgramData\GlarySoft
2014-08-01 13:16:32 20160 ----a-w- C:\Windows\System32\drivers\GUBootStartup.sys
2014-08-01 13:16:28 17600 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
2014-08-01 13:16:28 118048 ----a-w- C:\Windows\System32\BootDefrag.exe
2014-08-01 13:16:28 -------- d-----w- C:\Users\MP\AppData\Roaming\DiskDefrag
2014-08-01 13:15:52 -------- d-----w- C:\Program Files (x86)\Glary Utilities 5
2014-07-11 13:45:13 -------- d-----w- C:\Users\MP\7kaa
2014-07-11 13:44:36 -------- d-----w- C:\Program Files (x86)\7kaa2
2014-07-08 19:04:15 -------- d-----w- C:\Program Files (x86)\Seven Kingdoms
.
==================== Find3M ====================
.
2014-08-07 08:04:03 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-14 19:03:59 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-07-14 19:03:59 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-05-28 13:45:11 0 ----a-w- C:\Windows\ativpsrm.bin
2014-05-12 05:26:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-12 05:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-12 05:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 10:54:26.68 ===============
 
ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/12/2010 19:14:07
System Uptime: 07/08/2014 09:48:59 (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | N/A | 2399/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 240.67 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Scheda miniport WiFi virtuale Microsoft
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&108D72A9&0&01
Manufacturer: Microsoft
Name: Scheda miniport WiFi virtuale Microsoft
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&108D72A9&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP643: 05/08/2014 15:59:29 - Removed Microsoft Office Professional Plus 2013
RP644: 05/08/2014 16:06:45 - Removed Microsoft Office Professional Plus 2013
RP645: 05/08/2014 16:18:42 - Removed Microsoft Office Professional Plus 2013
RP646: 05/08/2014 16:36:05 - Removed Microsoft Office Professional Plus 2013
RP647: 05/08/2014 16:48:39 - Configured Microsoft Office Professional Plus 2013
.
==== Installed Programs ======================
.
Moyea Video4Web Converter version 4.1.0.1
64 Bit HP CIO Components Installer
ABBYY FineReader 11
AC3Filter 1.63b
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.9) - Italiano
Adobe Shockwave Player 12.0
Alps Pointing-device for VAIO
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 10.0.1
ATI Catalyst Install Manager
µTorrent
Auslogics BoostSpeed
Auslogics Disk Defrag
AVI to DVD Converter
Avira Free Antivirus
AviSynth 2.6
Bass Audio Decoder (remove only)
BlueGriffon versione 1.3
BS.Player FREE
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD Audio Reader Filter (remove only)
CDisplayEx 1.8
CodFree 5.00 - Codice Fiscale
D3DX10
DAEMON Tools Lite
DCoder Image Source (remove only)
DHTML Editing Component
DIR2HTML (remove only)
DirectVobSub (remove only)
doPDF 7.2 printer
Dropbox
DScaler 5 Mpeg Decoders
EditPlus 3
eMail Extractor 3.6.6
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
Epson Print CD
EPSON PX720WD Series Manuale
EPSON PX720WD Series Printer Uninstall
EPSON Scan
EpsonNet Config V3
EpsonNet Print
EpsonNet Setup 3.3
Everything 1.2.1.371
ffdshow v1.1.3760 [2011-02-18]
FFMPEG Core Files (remove only)
FileZilla Client 3.5.1
Formulario Immobiliare
Glary Utilities 5.4
Google Chrome
Google Drive
Google Update Helper
Guida di rete EPSON PX720WD Series
Helix YUV Codecs (remove only)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iCloud
iConvert
ImgBurn
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 20 (64-bit)
Java(TM) 6 Update 24
K-Lite Codec Pack 7.6.0 (Basic)
Kingsoft Writer (8.1.0.3019)
Light Image Resizer 4.0.6.8
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware versione 2.0.2.1012
Manuale VAIO
Media Gallery
Media Player Classic - Home Cinema v1.5.0.2827 x64
Medieval CUE Splitter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
mIRC
Mozilla Firefox 30.0 (x86 it)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MSXML4 Parser
OpenOffice.org 3.2
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Opera 12.10
Orca Browser
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Merge Tool-1.0.0
PDF Split And Merge Basic
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
QuickTime
RealMedia (remove only)
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Seven Kingdoms AA
Skype Click to Call
Skype™ 6.11
SmartsysSoft Business Card Maker v3.00
Spybot - Search & Destroy
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Supporto applicazioni Apple
Supporto trasferimento VAIO
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VAIO - Media Gallery
VAIO - PMB VAIO Edition plug-in (Click to Disc)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Hardware Diagnostics
VAIO Sample Contents
VAIO Update
VLC media player 1.1.10
VMware Player
VoiceOver Kit
WIDCOMM Bluetooth Software
WinDirStat 1.1.2
WinRAR gestione archivi
WPS Office (9.1.0.4746)
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RK 1

RogueKiller V9.2.6.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : MP [Admin rights]
Mode : Remove -- Date : 08/07/2014 22:55:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F64B8202-4A8A-4E74-958B-1EAB867F5C27} | DhcpNameServer : 83.224.70.77 83.224.70.54 -> Sostituito ()
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> Cancellato
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> Cancellato
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3738606585-3584510924-2974000002-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]

¤¤¤ Le attività pianificate : 1 ¤¤¤
[Suspicious.Path] WpsNotifyTask_MP.job -- C:\Users\MP\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe (-from=task) -> Cancellato

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM500JI +++++
--- User ---
[MBR] 2eb8fcbfc0757f4ba6d498cc3c658695
[BSP] 48884e1b478496022e76d11615da4fef : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13514 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27678720 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27883520 | Size: 463324 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_06012014_123629.log - RKreport_DEL_08062014_162005.log - RKreport_DEL_08062014_165714.log - RKreport_DEL_08062014_182927.log
RKreport_SCN_06012014_121551.log - RKreport_SCN_08062014_161836.log - RKreport_SCN_08062014_165646.log - RKreport_SCN_08062014_171931.log
RKreport_SCN_08072014_225051.log
 
RK 2

RogueKiller V9.2.6.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : MP [Admin rights]
Mode : Remove -- Date : 08/07/2014 23:06:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} | DhcpNameServer : 192.168.1.254 62.101.93.101 83.103.25.250 -> Sostituito ()

¤¤¤ Le attività pianificate : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM500JI +++++
--- User ---
[MBR] 2eb8fcbfc0757f4ba6d498cc3c658695
[BSP] 48884e1b478496022e76d11615da4fef : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13514 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27678720 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27883520 | Size: 463324 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_06012014_123629.log - RKreport_DEL_08062014_162005.log - RKreport_DEL_08062014_165714.log - RKreport_DEL_08062014_182927.log
RKreport_SCN_06012014_121551.log - RKreport_SCN_08062014_161836.log - RKreport_SCN_08062014_165646.log - RKreport_SCN_08062014_171931.log
RKreport_SCN_08072014_225051.log - RKreport_DEL_08072014_225514.log - RKreport_SCN_08072014_230209.log - RKreport_DEL_08072014_230220.log
RKreport_SCN_08072014_230614.log
 
mbar log

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.07.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
MP :: MP-VAIO [administrator]

07/08/2014 23:10:10
mbar-log-2014-08-07 (23-10-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 350041
Time elapsed: 18 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
system log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4141977600, free: 2693791744

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4141977600, free: 2699456512

Downloaded database version: v2014.08.07.09
Downloaded database version: v2014.08.04.01
Initializing...
======================
------------ Kernel report ------------
08/07/2014 23:09:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\BootDefragDriver.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\System32\drivers\GUBootStartup.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\drivers\rimssne64.sys
\SystemRoot\system32\drivers\risdsne64.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\SFEP.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\System32\drivers\TrueSight.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006431060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800445a050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006431060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006431b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006431060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004459830, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800445a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DC153B7C

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 27676672

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 27678720 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 27883520 Numsec = 948887600

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-27678720-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
(RK showed again [PUM.DNS] and now a new " [PUM.Policies] " ... good or bad??)

I'm ready for next step... :'(, meanwhile... I have to thank u a lot for your help.. you're great :cool::cool::cool:
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Report TDSSKiller PART 1

17:29:39.0571 0x07a0 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
17:30:20.0958 0x07a0 ============================================================
17:30:20.0958 0x07a0 Current date / time: 2014/08/08 17:30:20.0958
17:30:20.0958 0x07a0 SystemInfo:
17:30:20.0958 0x07a0
17:30:20.0958 0x07a0 OS Version: 6.1.7600 ServicePack: 0.0
17:30:20.0958 0x07a0 Product type: Workstation
17:30:20.0958 0x07a0 ComputerName: MP-VAIO
17:30:20.0958 0x07a0 UserName: MP
17:30:20.0958 0x07a0 Windows directory: C:\Windows
17:30:20.0958 0x07a0 System windows directory: C:\Windows
17:30:20.0958 0x07a0 Running under WOW64
17:30:20.0958 0x07a0 Processor architecture: Intel x64
17:30:20.0958 0x07a0 Number of processors: 4
17:30:20.0958 0x07a0 Page size: 0x1000
17:30:20.0958 0x07a0 Boot type: Normal boot
17:30:20.0958 0x07a0 ============================================================
17:30:21.0379 0x07a0 KLMD registered as C:\Windows\system32\drivers\63524284.sys
17:30:21.0863 0x07a0 System UUID: {E17BA3AB-10E5-C207-F82D-1569C2693A29}
17:30:23.0673 0x07a0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:30:23.0891 0x07a0 ============================================================
17:30:23.0891 0x07a0 \Device\Harddisk0\DR0:
17:30:23.0953 0x07a0 MBR partitions:
17:30:23.0953 0x07a0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A65800, BlocksNum 0x32000
17:30:23.0953 0x07a0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A97800, BlocksNum 0x388EE030
17:30:23.0969 0x07a0 ============================================================
17:30:24.0016 0x07a0 C: <-> \Device\Harddisk0\DR0\Partition2
17:30:24.0016 0x07a0 ============================================================
17:30:24.0016 0x07a0 Initialize success
17:30:24.0016 0x07a0 ============================================================
17:30:27.0760 0x097c ============================================================
17:30:27.0760 0x097c Scan started
17:30:27.0760 0x097c Mode: Manual;
17:30:27.0760 0x097c ============================================================
17:30:27.0760 0x097c KSN ping started
17:30:37.0432 0x097c KSN ping finished: true
17:30:38.0196 0x097c ================ Scan system memory ========================
17:30:38.0196 0x097c System memory - ok
17:30:38.0212 0x097c ================ Scan services =============================
17:30:38.0415 0x097c [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:30:38.0555 0x097c 1394ohci - ok
17:30:38.0664 0x097c [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:30:38.0695 0x097c ACPI - ok
17:30:38.0711 0x097c [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:30:38.0727 0x097c AcpiPmi - ok
17:30:38.0961 0x097c [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:30:38.0976 0x097c AdobeARMservice - ok
17:30:39.0023 0x097c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:30:39.0070 0x097c adp94xx - ok
17:30:39.0117 0x097c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:30:39.0148 0x097c adpahci - ok
17:30:39.0210 0x097c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:30:39.0226 0x097c adpu320 - ok
17:30:39.0382 0x097c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:30:39.0397 0x097c AeLookupSvc - ok
17:30:39.0475 0x097c [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD C:\Windows\system32\drivers\afd.sys
17:30:39.0522 0x097c AFD - ok
17:30:39.0569 0x097c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
17:30:39.0585 0x097c agp440 - ok
17:30:39.0600 0x097c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
17:30:39.0616 0x097c ALG - ok
17:30:39.0631 0x097c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
17:30:39.0647 0x097c aliide - ok
17:30:39.0694 0x097c [ 3F9B03B72577A6A7405BF30801CBD159, BBB2A26136D6F9BBE0D2982689797C6FF89E2026589CCFBB35D9B845C88472DD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:30:39.0819 0x097c AMD External Events Utility - ok
17:30:39.0865 0x097c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
17:30:39.0865 0x097c amdide - ok
17:30:39.0912 0x097c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:30:39.0928 0x097c AmdK8 - ok
17:30:40.0396 0x097c [ EA244A8B88DE8B5986BF3B7903B063AF, 44BB9CCCB9A15BF64494318CE047017AF27B373FB5B57E5D05C88A16AE913672 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:30:40.0957 0x097c amdkmdag - ok
17:30:41.0082 0x097c [ DCA6E341A4A7C31EA8A14C6166C9B249, 35319D428DD5BC055DC1E9B17BFC56C339E408929E9BC83878975DD01A68D652 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:30:41.0098 0x097c amdkmdap - ok
17:30:41.0129 0x097c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:30:41.0145 0x097c AmdPPM - ok
17:30:41.0191 0x097c [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
17:30:41.0207 0x097c amdsata - ok
17:30:41.0269 0x097c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:30:41.0285 0x097c amdsbs - ok
17:30:41.0332 0x097c [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
17:30:41.0332 0x097c amdxata - ok
17:30:41.0519 0x097c [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:30:41.0550 0x097c AntiVirSchedulerService - ok
17:30:41.0613 0x097c [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:30:41.0659 0x097c AntiVirService - ok
17:30:41.0691 0x097c [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38, 916CA4FE1899609AB36E66CB90D69EC487C1913C9C542760564BCFFF1B6E8070 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
17:30:41.0706 0x097c ApfiltrService - ok
17:30:41.0737 0x097c [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
17:30:41.0753 0x097c AppID - ok
17:30:41.0800 0x097c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:30:41.0815 0x097c AppIDSvc - ok
17:30:41.0831 0x097c [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
17:30:41.0862 0x097c Appinfo - ok
17:30:41.0987 0x097c [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:30:42.0003 0x097c Apple Mobile Device - ok
17:30:42.0049 0x097c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
17:30:42.0065 0x097c arc - ok
17:30:42.0221 0x097c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:30:42.0237 0x097c arcsas - ok
17:30:42.0346 0x097c [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:30:42.0408 0x097c aspnet_state - ok
17:30:42.0439 0x097c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:30:42.0455 0x097c AsyncMac - ok
17:30:42.0580 0x097c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
17:30:42.0595 0x097c atapi - ok
17:30:42.0751 0x097c [ CCA705CDF038D5BC243203CE4416B345, C907A4022411D9FDFD5FCEA8D067CF1713F786351FAFA739EDC5B5C3E66B1BAD ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:30:42.0923 0x097c athr - ok
17:30:43.0531 0x097c [ EA244A8B88DE8B5986BF3B7903B063AF, 44BB9CCCB9A15BF64494318CE047017AF27B373FB5B57E5D05C88A16AE913672 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:30:43.0906 0x097c atikmdag - ok
17:30:44.0421 0x097c [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:30:44.0592 0x097c AudioEndpointBuilder - ok
17:30:44.0639 0x097c [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:30:44.0670 0x097c AudioSrv - ok
17:30:44.0717 0x097c [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:30:44.0733 0x097c avgntflt - ok
17:30:44.0779 0x097c [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:30:44.0795 0x097c avipbb - ok
17:30:44.0826 0x097c [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:30:44.0842 0x097c avkmgr - ok
17:30:44.0857 0x097c [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:30:44.0998 0x097c AxInstSV - ok
17:30:45.0060 0x097c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:30:45.0107 0x097c b06bdrv - ok
17:30:45.0138 0x097c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:30:45.0169 0x097c b57nd60a - ok
17:30:45.0201 0x097c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
17:30:45.0232 0x097c BDESVC - ok
17:30:45.0247 0x097c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
17:30:45.0263 0x097c Beep - ok
17:30:45.0450 0x097c [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
17:30:45.0513 0x097c BFE - ok
17:30:45.0606 0x097c [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\system32\qmgr.dll
17:30:45.0684 0x097c BITS - ok
17:30:45.0715 0x097c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:30:45.0731 0x097c blbdrive - ok
17:30:45.0934 0x097c [ 369D7E0E01117A1A4A23C9C6A04EED06, 000793ECF7BF88A108A9FF623AF03508AD360854D08BD70DF32C22EBFE78E119 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys
17:30:45.0949 0x097c BootDefragDriver - ok
17:30:45.0996 0x097c [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:30:46.0012 0x097c bowser - ok
17:30:46.0043 0x097c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:30:46.0043 0x097c BrFiltLo - ok
17:30:46.0074 0x097c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:30:46.0090 0x097c BrFiltUp - ok
17:30:46.0121 0x097c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:30:46.0137 0x097c BridgeMP - ok
17:30:46.0293 0x097c [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser C:\Windows\System32\browser.dll
17:30:46.0324 0x097c Browser - ok
17:30:46.0371 0x097c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:30:46.0402 0x097c Brserid - ok
17:30:46.0433 0x097c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:30:46.0433 0x097c BrSerWdm - ok
17:30:46.0480 0x097c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:30:46.0495 0x097c BrUsbMdm - ok
17:30:46.0511 0x097c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:30:46.0527 0x097c BrUsbSer - ok
17:30:46.0667 0x097c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:30:46.0807 0x097c BthEnum - ok
17:30:46.0839 0x097c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:30:46.0870 0x097c BTHMODEM - ok
17:30:47.0026 0x097c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:30:47.0057 0x097c BthPan - ok
17:30:47.0119 0x097c [ D59773C7FDD3D795D6FE402EEEA8D71E, 9A26A1A3254D7BCDFADFFC9FD5D1A53A3DF12AC874FB2525AD33B87E42EFC5B1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:30:47.0182 0x097c BTHPORT - ok
17:30:47.0229 0x097c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
17:30:47.0260 0x097c bthserv - ok
17:30:47.0307 0x097c [ 8504842634DD144C075B6B0C982CCEC4, BFBB8D67F146FBD4813BB8B29A3865C222966DA2B043732A5BCD759A40F4E5CE ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:30:47.0322 0x097c BTHUSB - ok
17:30:47.0385 0x097c [ 59E3510784548C6939C1B3B985C232E3, 7284A4A880307A88C431DE8BA9195C2B256C8598757958B02DB6A80EBB57698E ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
17:30:47.0416 0x097c btwampfl - ok
17:30:47.0447 0x097c [ 1872074ED0A3FB22E3F1E3197B984BFA, 112F289BFE63B46D1E007E3C6761B5C5C8F499B6638CE896DF528FDDBBC1EA12 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:30:47.0478 0x097c btwaudio - ok
17:30:47.0650 0x097c [ 691CF076C33AB1C3A5B2FD5450300733, C2C943D42B0A135BD255FA8985A00D36B0DD91546291E2D819FACE7C0B08287D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
17:30:47.0681 0x097c btwavdt - ok
17:30:48.0071 0x097c [ 8BA6E93A182126781952A7895EC1E4B2, C11F7187278BA72016D2168E653D6C904E0DFB5B173E4DFBF7D86AD73631D5A6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:30:48.0180 0x097c btwdins - ok
17:30:48.0196 0x097c [ 07096D2BC22CCB6CEA5A532DF0BE8A75, A9B7F2EFFDF1E4EC0A5DC098F0ED2BE44E271844A4F1CBAD2FA1655DE1E03F6E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:30:48.0211 0x097c btwl2cap - ok
17:30:48.0243 0x097c [ C9273B20DEC8CE38DBCE5D29DE63C907, 71D67A1A2EDA81351E8D8129824565E2ECA0CFA4DC844CE12F90AB7906ABA737 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:30:48.0258 0x097c btwrchid - ok
17:30:48.0508 0x097c [ 72551A9AE5F68905DFC3CBA0D5242566, 15C273519C3AD1B2AF68F669125AFE607A86A60D680E299631D5E893C3CAA7E7 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
17:30:49.0600 0x097c c2cautoupdatesvc - ok
17:30:49.0803 0x097c [ 6B669A00A431FF6CDCE67458933F5F0F, 81419EB18BB4EB96E48C99A1D45B0267E779E135427B3AEC872A1A5DD810B23F ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
17:30:49.0990 0x097c c2cpnrsvc - ok
17:30:50.0239 0x097c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:30:50.0255 0x097c cdfs - ok
17:30:50.0286 0x097c [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:30:50.0317 0x097c cdrom - ok
17:30:50.0349 0x097c [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
17:30:50.0364 0x097c CertPropSvc - ok
17:30:50.0395 0x097c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
17:30:50.0411 0x097c circlass - ok
17:30:50.0458 0x097c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
17:30:50.0520 0x097c CLFS - ok
17:30:50.0583 0x097c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:50.0614 0x097c clr_optimization_v2.0.50727_32 - ok
17:30:50.0661 0x097c [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:30:50.0676 0x097c clr_optimization_v2.0.50727_64 - ok
17:30:51.0441 0x097c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:30:51.0581 0x097c clr_optimization_v4.0.30319_32 - ok
17:30:51.0612 0x097c [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:30:51.0690 0x097c clr_optimization_v4.0.30319_64 - ok
17:30:51.0737 0x097c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:30:51.0737 0x097c CmBatt - ok
17:30:51.0768 0x097c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:30:51.0784 0x097c cmdide - ok
17:30:51.0862 0x097c [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG C:\Windows\system32\Drivers\cng.sys
17:30:52.0018 0x097c CNG - ok
17:30:52.0049 0x097c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:30:52.0065 0x097c Compbatt - ok
17:30:52.0221 0x097c [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:30:52.0314 0x097c CompositeBus - ok
17:30:52.0330 0x097c COMSysApp - ok
17:30:52.0611 0x097c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:30:52.0626 0x097c crcdisk - ok
17:30:52.0704 0x097c [ BAF19B633933A9FB4883D27D66C39E9A, 2D8ABB5161736CCCADA67B3E6A8D70B0B5E1E3FE6084561891F394DA191B3439 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:30:52.0845 0x097c CryptSvc - ok
17:30:52.0907 0x097c [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:30:52.0969 0x097c DcomLaunch - ok
17:30:53.0110 0x097c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
17:30:53.0203 0x097c defragsvc - ok
17:30:53.0281 0x097c [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:30:53.0313 0x097c DfsC - ok
17:30:53.0344 0x097c [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:30:53.0625 0x097c Dhcp - ok
17:30:53.0656 0x097c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
17:30:53.0671 0x097c discache - ok
17:30:53.0827 0x097c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
17:30:53.0843 0x097c Disk - ok
17:30:53.0890 0x097c [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:30:54.0046 0x097c Dnscache - ok
17:30:54.0108 0x097c [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
17:30:54.0155 0x097c dot3svc - ok
17:30:54.0202 0x097c [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:30:54.0217 0x097c Dot4 - ok
17:30:54.0264 0x097c [ 85135AD27E79B689335C08167D917CDE, B023ABF4CC71862AE107B27D3CD698517074A97FA76A8AE18058ACF39AC1E786 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:30:54.0280 0x097c Dot4Print - ok
17:30:54.0311 0x097c [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:30:54.0327 0x097c dot4usb - ok
17:30:54.0373 0x097c [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
17:30:54.0405 0x097c DPS - ok
17:30:54.0436 0x097c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:30:54.0467 0x097c drmkaud - ok
17:30:54.0529 0x097c [ D3D64CF7B2BCEAA34A270F45A3FFFB36, 4374D4FB081A004C610707669F7817C55F247D1EB3DDA012CCDF080FF39BFAD2 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:30:54.0561 0x097c dtsoftbus01 - ok
17:30:55.0590 0x097c [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:30:55.0668 0x097c DXGKrnl - ok
17:30:55.0731 0x097c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
17:30:55.0762 0x097c EapHost - ok
17:30:56.0043 0x097c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:30:56.0776 0x097c ebdrv - ok
17:30:56.0869 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS C:\Windows\System32\lsass.exe
17:30:56.0885 0x097c EFS - ok
17:30:57.0010 0x097c [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:30:57.0088 0x097c ehRecvr - ok
17:30:57.0135 0x097c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
17:30:57.0166 0x097c ehSched - ok
17:30:57.0244 0x097c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:30:57.0306 0x097c elxstor - ok
17:30:57.0322 0x097c EMSUSB2 - ok
17:30:57.0353 0x097c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:30:57.0431 0x097c ErrDev - ok
17:30:57.0618 0x097c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
17:30:57.0681 0x097c EventSystem - ok
17:30:57.0727 0x097c [ 53913561A7089C9A4649CE4E42F6101B, A3806C76A179017EB7B51BBDFF9507C740BBBA7697819B2FD79E4B2D57E3130E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
17:30:57.0759 0x097c ewusbnet - ok
17:30:57.0805 0x097c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
17:30:57.0837 0x097c exfat - ok
17:30:57.0868 0x097c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:30:57.0899 0x097c fastfat - ok
17:30:58.0102 0x097c [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
17:30:58.0195 0x097c Fax - ok
17:30:58.0211 0x097c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
17:30:58.0336 0x097c fdc - ok
17:30:58.0367 0x097c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
17:30:58.0383 0x097c fdPHost - ok
17:30:58.0398 0x097c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
17:30:58.0414 0x097c FDResPub - ok
17:30:58.0445 0x097c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:30:58.0461 0x097c FileInfo - ok
17:30:58.0476 0x097c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:30:58.0492 0x097c Filetrace - ok
17:30:58.0601 0x097c [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:30:58.0679 0x097c FLEXnet Licensing Service - ok
17:30:58.0773 0x097c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:30:58.0788 0x097c flpydisk - ok
17:30:58.0819 0x097c [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:30:58.0851 0x097c FltMgr - ok
17:30:59.0007 0x097c [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache C:\Windows\system32\FntCache.dll
17:30:59.0163 0x097c FontCache - ok
17:30:59.0225 0x097c [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:30:59.0303 0x097c FontCache3.0.0.0 - ok
17:30:59.0350 0x097c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:30:59.0365 0x097c FsDepends - ok
17:30:59.0537 0x097c [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:30:59.0537 0x097c Fs_Rec - ok
17:30:59.0584 0x097c [ 1F44F8559E61A8306ECC67BB1E168B7C, 5B7CDD4EDF128B48817145357BB36E2107F0D081C26004B44BFF7C63AD29D99B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:30:59.0615 0x097c fvevol - ok
17:30:59.0646 0x097c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:30:59.0662 0x097c gagp30kx - ok
17:30:59.0709 0x097c [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:30:59.0724 0x097c GEARAspiWDM - ok
17:30:59.0740 0x097c gfiark - ok
17:30:59.0865 0x097c [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
17:30:59.0943 0x097c gpsvc - ok
17:31:00.0021 0x097c [ 9C5AAE8DF0FFF251FA8BF435E594C271, 4D36E0DF98643D8F1026E928ADECC7C9F4F5FDD3F1ED930845B38C84ACD96E89 ] GUBootStartup C:\Windows\System32\drivers\GUBootStartup.sys
17:31:00.0036 0x097c GUBootStartup - ok
17:31:00.0114 0x097c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:31:00.0161 0x097c gupdate - ok
17:31:00.0177 0x097c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:31:00.0177 0x097c gupdatem - ok
17:31:00.0301 0x097c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:31:00.0348 0x097c gusvc - ok
17:31:00.0489 0x097c [ ADB4348DA1345877B04E22203AFC8993, D85FC268D1994944CED570A84B0B2E4F3EBFBE59823BE57285CB6CDDDF607358 ] hcmon C:\Windows\system32\drivers\hcmon.sys
17:31:00.0504 0x097c hcmon - ok
17:31:00.0535 0x097c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:31:00.0551 0x097c hcw85cir - ok
17:31:00.0613 0x097c [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:31:00.0660 0x097c HdAudAddService - ok
17:31:00.0707 0x097c [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:31:00.0723 0x097c HDAudBus - ok
17:31:00.0769 0x097c [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
17:31:00.0785 0x097c HECIx64 - ok
17:31:00.0816 0x097c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:31:00.0816 0x097c HidBatt - ok
17:31:00.0847 0x097c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:31:00.0863 0x097c HidBth - ok
17:31:00.0894 0x097c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
17:31:00.0910 0x097c HidIr - ok
17:31:00.0941 0x097c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
17:31:00.0972 0x097c hidserv - ok
17:31:01.0191 0x097c [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:31:01.0315 0x097c HidUsb - ok
17:31:01.0440 0x097c [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
17:31:01.0565 0x097c hkmsvc - ok
17:31:01.0705 0x097c [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:31:01.0861 0x097c HomeGroupListener - ok
17:31:01.0893 0x097c [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:31:01.0939 0x097c HomeGroupProvider - ok
17:31:01.0971 0x097c [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:31:01.0986 0x097c HpSAMD - ok
17:31:02.0080 0x097c [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:31:02.0173 0x097c HTTP - ok
17:31:02.0205 0x097c [ D96A290F699081AE737390C0FE329D7C, 11D69424AD08AEA58AA546883535E6D8E51E2F3D0B5299549DC0B7A31498E982 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:31:02.0236 0x097c hwdatacard - ok
17:31:02.0251 0x097c [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:31:02.0267 0x097c hwpolicy - ok
17:31:02.0517 0x097c [ E0C7255498640FC64B19AAE17FD6F965, 10BCE55F36A36F962A7BA774B8B4C0F07081EA1EAB0FD3B8C57AA01FE8CFDF48 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
17:31:02.0532 0x097c hwusbfake - ok
17:31:02.0563 0x097c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:31:02.0595 0x097c i8042prt - ok
17:31:02.0657 0x097c [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\drivers\iaStor.sys
17:31:02.0688 0x097c iaStor - ok
17:31:02.0766 0x097c [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:31:02.0782 0x097c IAStorDataMgrSvc - ok
17:31:02.0844 0x097c [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
17:31:02.0907 0x097c iaStorV - ok
17:31:03.0000 0x097c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:31:03.0156 0x097c IDriverT - ok
17:31:03.0250 0x097c [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:31:03.0328 0x097c idsvc - ok
17:31:04.0123 0x097c [ 2A22AB054F4630D2EF4BAB2853F6D5F6, 9CD7A5FFB7E25B51E9D311531EE5EC20CEAC356C7A27D52B61DA810DB412437B ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:31:04.0903 0x097c igfx - ok
17:31:04.0981 0x097c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:31:04.0981 0x097c iirsp - ok
17:31:05.0075 0x097c [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
17:31:05.0137 0x097c IKEEXT - ok
17:31:05.0278 0x097c [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\drivers\Impcd.sys
17:31:05.0293 0x097c Impcd - ok
17:31:05.0512 0x097c [ 526E482AFB586CB1CDD687869DECF686, DCF1D4772181AD14E8846C9B34387ADB6A8D56BE305A8926896AE35D3496A49F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:31:05.0652 0x097c IntcAzAudAddService - ok
17:31:05.0715 0x097c [ 58CF58DEE26C909BD6F977B61D246295, 0CE27B81C091961A22B75478449D654F9C1A68E43DF80C699DB8DD3D1B288461 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:31:05.0746 0x097c IntcDAud - ok
17:31:05.0777 0x097c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
17:31:05.0793 0x097c intelide - ok
17:31:05.0839 0x097c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
17:31:05.0855 0x097c intelppm - ok
17:31:05.0886 0x097c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:31:05.0917 0x097c IPBusEnum - ok
17:31:05.0949 0x097c [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:31:05.0964 0x097c IpFilterDriver - ok
17:31:06.0167 0x097c [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:31:06.0261 0x097c iphlpsvc - ok
17:31:06.0292 0x097c [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:31:06.0354 0x097c IPMIDRV - ok
17:31:06.0385 0x097c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:31:06.0417 0x097c IPNAT - ok
17:31:06.0619 0x097c [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:31:06.0682 0x097c iPod Service - ok
17:31:06.0713 0x097c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:31:06.0713 0x097c IRENUM - ok
17:31:06.0760 0x097c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:31:06.0807 0x097c isapnp - ok
17:31:06.0869 0x097c [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:31:06.0900 0x097c iScsiPrt - ok
17:31:06.0931 0x097c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:31:06.0947 0x097c kbdclass - ok
17:31:06.0978 0x097c [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:31:06.0994 0x097c kbdhid - ok
17:31:07.0009 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso C:\Windows\system32\lsass.exe
17:31:07.0009 0x097c KeyIso - ok
17:31:07.0025 0x097c KMService - ok
17:31:07.0087 0x097c [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:31:07.0103 0x097c KSecDD - ok
17:31:07.0243 0x097c [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:31:07.0259 0x097c KSecPkg - ok
17:31:07.0275 0x097c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:31:07.0290 0x097c ksthunk - ok
17:31:07.0337 0x097c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
17:31:07.0384 0x097c KtmRm - ok
17:31:07.0446 0x097c [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer C:\Windows\System32\srvsvc.dll
17:31:07.0477 0x097c LanmanServer - ok
17:31:07.0540 0x097c [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:31:07.0555 0x097c LanmanWorkstation - ok
17:31:07.0696 0x097c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:31:07.0711 0x097c lltdio - ok
17:31:07.0743 0x097c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:31:07.0774 0x097c lltdsvc - ok
17:31:07.0836 0x097c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:31:07.0852 0x097c lmhosts - ok
17:31:07.0930 0x097c [ 3D23191672D83E90D1CF63927EE98136, 90EC8E0E0FCC838B7D258C76A5C92335A2F2B7AE36BD87B3BB4BCF187770B6DE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:31:07.0961 0x097c LMS - ok
17:31:07.0992 0x097c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:31:08.0008 0x097c LSI_FC - ok
17:31:08.0117 0x097c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:31:08.0148 0x097c LSI_SAS - ok
17:31:08.0164 0x097c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:31:08.0179 0x097c LSI_SAS2 - ok
17:31:08.0211 0x097c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:31:08.0226 0x097c LSI_SCSI - ok
17:31:08.0289 0x097c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
17:31:08.0304 0x097c luafv - ok
17:31:08.0398 0x097c [ 1A243DAD23BB639D47F25AB9EC51FCAD, 596A9676F38730B520F36BDA964C555F31FD9CD1A45CD5280A534C6336E344AF ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
17:31:08.0429 0x097c mbamchameleon - ok
17:31:08.0569 0x097c [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
17:31:08.0601 0x097c mcdbus - ok
17:31:08.0679 0x097c [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:31:08.0710 0x097c Mcx2Svc - ok
17:31:08.0741 0x097c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
17:31:08.0757 0x097c megasas - ok
17:31:08.0803 0x097c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:31:08.0835 0x097c MegaSR - ok
17:31:08.0866 0x097c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
17:31:08.0881 0x097c MMCSS - ok
17:31:09.0006 0x097c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
17:31:09.0022 0x097c Modem - ok
17:31:09.0053 0x097c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:31:09.0069 0x097c monitor - ok
17:31:09.0084 0x097c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:31:09.0100 0x097c mouclass - ok
17:31:09.0131 0x097c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:31:09.0131 0x097c mouhid - ok
17:31:09.0162 0x097c [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:31:09.0178 0x097c mountmgr - ok
17:31:09.0271 0x097c [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:31:09.0303 0x097c MozillaMaintenance - ok
17:31:09.0490 0x097c [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\drivers\mpio.sys
17:31:09.0521 0x097c mpio - ok
17:31:09.0537 0x097c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:31:09.0552 0x097c mpsdrv - ok
17:31:09.0630 0x097c [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
 
Part 2

17:31:09.0693 0x097c MpsSvc - ok
17:31:09.0724 0x097c [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:31:09.0755 0x097c MRxDAV - ok
17:31:09.0880 0x097c [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:31:09.0895 0x097c mrxsmb - ok
17:31:09.0958 0x097c [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:31:09.0989 0x097c mrxsmb10 - ok
17:31:10.0005 0x097c [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:31:10.0020 0x097c mrxsmb20 - ok
17:31:10.0051 0x097c [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\drivers\msahci.sys
17:31:10.0067 0x097c msahci - ok
17:31:10.0114 0x097c [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:31:10.0129 0x097c msdsm - ok
17:31:10.0161 0x097c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
17:31:10.0192 0x097c MSDTC - ok
17:31:10.0239 0x097c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:31:10.0239 0x097c Msfs - ok
17:31:10.0348 0x097c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:31:10.0348 0x097c mshidkmdf - ok
17:31:10.0363 0x097c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:31:10.0379 0x097c msisadrv - ok
17:31:10.0426 0x097c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:31:10.0441 0x097c MSiSCSI - ok
17:31:10.0457 0x097c msiserver - ok
17:31:10.0473 0x097c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:31:10.0488 0x097c MSKSSRV - ok
17:31:10.0504 0x097c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:31:10.0519 0x097c MSPCLOCK - ok
17:31:10.0535 0x097c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:31:10.0551 0x097c MSPQM - ok
17:31:10.0597 0x097c [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:31:10.0629 0x097c MsRPC - ok
17:31:10.0660 0x097c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:31:10.0660 0x097c mssmbios - ok
17:31:10.0785 0x097c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:31:10.0800 0x097c MSTEE - ok
17:31:10.0816 0x097c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:31:10.0831 0x097c MTConfig - ok
17:31:10.0847 0x097c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
17:31:10.0863 0x097c Mup - ok
17:31:10.0925 0x097c [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
17:31:10.0972 0x097c napagent - ok
17:31:11.0034 0x097c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:31:11.0065 0x097c NativeWifiP - ok
17:31:11.0143 0x097c [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
17:31:11.0237 0x097c NDIS - ok
17:31:11.0253 0x097c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:31:11.0268 0x097c NdisCap - ok
17:31:11.0299 0x097c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:31:11.0299 0x097c NdisTapi - ok
17:31:11.0331 0x097c [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:31:11.0346 0x097c Ndisuio - ok
17:31:11.0377 0x097c [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:31:11.0409 0x097c NdisWan - ok
17:31:11.0424 0x097c [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:31:11.0440 0x097c NDProxy - ok
17:31:11.0487 0x097c [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:31:11.0502 0x097c Net Driver HPZ12 - ok
17:31:11.0533 0x097c [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
17:31:11.0658 0x097c Netaapl - ok
17:31:11.0674 0x097c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:31:11.0689 0x097c NetBIOS - ok
17:31:11.0721 0x097c [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:31:11.0752 0x097c NetBT - ok
17:31:11.0799 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon C:\Windows\system32\lsass.exe
17:31:11.0814 0x097c Netlogon - ok
17:31:11.0861 0x097c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
17:31:11.0908 0x097c Netman - ok
17:31:11.0970 0x097c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:31:12.0111 0x097c NetMsmqActivator - ok
17:31:12.0142 0x097c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:31:12.0142 0x097c NetPipeActivator - ok
17:31:12.0189 0x097c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
17:31:12.0235 0x097c netprofm - ok
17:31:12.0251 0x097c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:31:12.0267 0x097c NetTcpActivator - ok
17:31:12.0282 0x097c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:31:12.0298 0x097c NetTcpPortSharing - ok
17:31:12.0313 0x097c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:31:12.0329 0x097c nfrd960 - ok
17:31:12.0391 0x097c [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
17:31:12.0547 0x097c NlaSvc - ok
17:31:12.0594 0x097c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:31:12.0594 0x097c Npfs - ok
17:31:12.0641 0x097c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
17:31:12.0657 0x097c nsi - ok
17:31:12.0688 0x097c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:31:12.0688 0x097c nsiproxy - ok
17:31:12.0844 0x097c [ 9A6089B056EA1B83B36424FC9D0A300E, EA60282C5A32B497921B568C1FE735F5BDB9D954DDC4E609F7F3CAE5ED823CEC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:31:13.0078 0x097c Ntfs - ok
17:31:13.0094 0x097c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
17:31:13.0109 0x097c Null - ok
17:31:13.0140 0x097c [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
17:31:13.0172 0x097c nvraid - ok
17:31:13.0218 0x097c [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
17:31:13.0250 0x097c nvstor - ok
17:31:13.0281 0x097c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:31:13.0421 0x097c nv_agp - ok
17:31:13.0468 0x097c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:31:13.0499 0x097c ohci1394 - ok
17:31:13.0577 0x097c [ B9C125314A025127FE562C116D614AA3, 79C46C0BACEBBB5B8E1C162766B21587365A100BBAD01171C77B995C514BC7D6 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:31:13.0593 0x097c ose64 - ok
17:31:13.0952 0x097c [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:31:14.0529 0x097c osppsvc - ok
17:31:14.0700 0x097c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:31:14.0747 0x097c p2pimsvc - ok
17:31:14.0810 0x097c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
17:31:14.0856 0x097c p2psvc - ok
17:31:14.0888 0x097c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
17:31:14.0903 0x097c Parport - ok
17:31:14.0966 0x097c [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:31:14.0981 0x097c partmgr - ok
17:31:15.0122 0x097c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
17:31:15.0153 0x097c PcaSvc - ok
17:31:15.0200 0x097c [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\drivers\pci.sys
17:31:15.0231 0x097c pci - ok
17:31:15.0278 0x097c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
17:31:15.0278 0x097c pciide - ok
17:31:15.0324 0x097c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:31:15.0340 0x097c pcmcia - ok
17:31:15.0387 0x097c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
17:31:15.0402 0x097c pcw - ok
17:31:15.0465 0x097c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:31:15.0605 0x097c PEAUTH - ok
17:31:15.0746 0x097c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:31:15.0746 0x097c PerfHost - ok
17:31:15.0886 0x097c [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
17:31:16.0058 0x097c pla - ok
17:31:16.0151 0x097c [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:31:16.0198 0x097c PlugPlay - ok
17:31:16.0229 0x097c [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:31:16.0245 0x097c Pml Driver HPZ12 - ok
17:31:16.0276 0x097c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:31:16.0292 0x097c PNRPAutoReg - ok
17:31:16.0323 0x097c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:31:16.0354 0x097c PNRPsvc - ok
17:31:16.0463 0x097c [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:31:16.0510 0x097c PolicyAgent - ok
17:31:16.0572 0x097c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
17:31:16.0604 0x097c Power - ok
17:31:16.0650 0x097c [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:31:16.0666 0x097c PptpMiniport - ok
17:31:16.0697 0x097c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
17:31:16.0713 0x097c Processor - ok
17:31:16.0775 0x097c [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc C:\Windows\system32\profsvc.dll
17:31:16.0869 0x097c ProfSvc - ok
17:31:16.0900 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:31:16.0916 0x097c ProtectedStorage - ok
17:31:16.0947 0x097c [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:31:16.0962 0x097c Psched - ok
17:31:17.0087 0x097c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:31:17.0181 0x097c ql2300 - ok
17:31:17.0337 0x097c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:31:17.0352 0x097c ql40xx - ok
17:31:17.0415 0x097c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
17:31:17.0446 0x097c QWAVE - ok
17:31:17.0493 0x097c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:31:17.0508 0x097c QWAVEdrv - ok
17:31:17.0540 0x097c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:31:17.0540 0x097c RasAcd - ok
17:31:17.0586 0x097c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:31:17.0602 0x097c RasAgileVpn - ok
17:31:17.0727 0x097c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
17:31:17.0742 0x097c RasAuto - ok
17:31:17.0774 0x097c [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:31:17.0789 0x097c Rasl2tp - ok
17:31:17.0836 0x097c [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
17:31:17.0867 0x097c RasMan - ok
17:31:17.0898 0x097c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:31:17.0914 0x097c RasPppoe - ok
17:31:17.0945 0x097c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:31:17.0961 0x097c RasSstp - ok
17:31:17.0992 0x097c [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:31:18.0023 0x097c rdbss - ok
17:31:18.0054 0x097c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:31:18.0179 0x097c rdpbus - ok
17:31:18.0195 0x097c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:31:18.0210 0x097c RDPCDD - ok
17:31:18.0242 0x097c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:31:18.0242 0x097c RDPENCDD - ok
17:31:18.0273 0x097c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:31:18.0273 0x097c RDPREFMP - ok
17:31:18.0335 0x097c [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:31:18.0366 0x097c RDPWD - ok
17:31:18.0413 0x097c [ E5DC9BA9E439D6DBDD79F8CAACB5BF01, 70CE6EAC4226A51508A469B3473E7A7C969E59AC50FF4076BE477DD7CCE0CB18 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:31:18.0444 0x097c rdyboost - ok
17:31:18.0585 0x097c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:31:18.0616 0x097c RemoteAccess - ok
17:31:18.0647 0x097c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:31:18.0678 0x097c RemoteRegistry - ok
17:31:18.0710 0x097c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:31:18.0725 0x097c RFCOMM - ok
17:31:18.0772 0x097c [ FA6ABC06B629DA29634D31F1FE0347BD, 6469EB5C43CFBF9D774DE09042E3E0B4A08B8A146A43450F591725418BF5104E ] rimspci C:\Windows\system32\drivers\rimssne64.sys
17:31:18.0788 0x097c rimspci - ok
17:31:18.0803 0x097c RimUsb - ok
17:31:18.0834 0x097c [ 4AAFFFA67AC4DFA3D9985D78573887E2, A2A4623A1DFA3C1BF0B09390F3731AFF5616BF9E9144F5DEEAA89B37E445D834 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:31:18.0850 0x097c RimVSerPort - ok
17:31:18.0897 0x097c [ 8F8539A7F5C117D4407B2985995671F2, D598C2F1F7B20E88386EADAFCA2616C3E4277521DDADF05C54933CCD9F5CA39B ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
17:31:18.0912 0x097c risdsnpe - ok
17:31:19.0037 0x097c [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
17:31:19.0053 0x097c ROOTMODEM - ok
17:31:19.0084 0x097c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:31:19.0100 0x097c RpcEptMapper - ok
17:31:19.0146 0x097c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
17:31:19.0146 0x097c RpcLocator - ok
17:31:19.0209 0x097c [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
17:31:19.0240 0x097c RpcSs - ok
17:31:19.0256 0x097c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:31:19.0271 0x097c rspndr - ok
17:31:19.0318 0x097c [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
17:31:19.0349 0x097c RTHDMIAzAudService - ok
17:31:19.0490 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs C:\Windows\system32\lsass.exe
17:31:19.0490 0x097c SamSs - ok
17:31:19.0521 0x097c sbapifs - ok
17:31:19.0568 0x097c [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:31:19.0599 0x097c sbp2port - ok
17:31:19.0739 0x097c [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:31:19.0958 0x097c SBSDWSCService - ok
17:31:20.0020 0x097c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:31:20.0051 0x097c SCardSvr - ok
17:31:20.0082 0x097c [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:31:20.0098 0x097c scfilter - ok
17:31:20.0192 0x097c [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule C:\Windows\system32\schedsvc.dll
17:31:20.0394 0x097c Schedule - ok
17:31:20.0441 0x097c [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:31:20.0441 0x097c SCPolicySvc - ok
17:31:20.0472 0x097c [ 2C8D162EFAF73ABD36D8BCBB6340CAE7, DC40B08D39941D4FD0C3D5BEF279F50B66FE2D5859A0C85EF0DB11F91289DA9E ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:31:20.0504 0x097c sdbus - ok
17:31:20.0535 0x097c [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:31:20.0566 0x097c SDRSVC - ok
17:31:20.0613 0x097c [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
17:31:20.0613 0x097c seclogon - ok
17:31:20.0644 0x097c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
17:31:20.0660 0x097c SENS - ok
17:31:20.0800 0x097c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:31:20.0816 0x097c SensrSvc - ok
17:31:20.0862 0x097c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:31:20.0878 0x097c Serenum - ok
17:31:20.0894 0x097c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
17:31:20.0925 0x097c Serial - ok
17:31:20.0956 0x097c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:31:20.0972 0x097c sermouse - ok
17:31:21.0018 0x097c [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE
 
Part 3 (end)

0 ] SessionEnv C:\Windows\system32\sessenv.dll
17:31:21.0050 0x097c SessionEnv - ok
17:31:21.0096 0x097c [ 286D3889E6AB5589646FF8A63CB928AE, 98D9D34521328F4F0B0B7C2CAB97BA0EC998B9F3F996B5ED08E17292F1CD9452 ] SFEP C:\Windows\system32\drivers\SFEP.sys
17:31:21.0096 0x097c SFEP - ok
17:31:21.0128 0x097c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:31:21.0237 0x097c sffdisk - ok
17:31:21.0268 0x097c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:31:21.0284 0x097c sffp_mmc - ok
17:31:21.0299 0x097c [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:31:21.0299 0x097c sffp_sd - ok
17:31:21.0330 0x097c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:31:21.0346 0x097c sfloppy - ok
17:31:21.0424 0x097c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:31:21.0471 0x097c SharedAccess - ok
17:31:21.0564 0x097c [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:31:21.0736 0x097c ShellHWDetection - ok
17:31:21.0752 0x097c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:31:21.0767 0x097c SiSRaid2 - ok
17:31:21.0798 0x097c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:31:21.0814 0x097c SiSRaid4 - ok
17:31:21.0923 0x097c [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:31:22.0079 0x097c SkypeUpdate - ok
17:31:22.0142 0x097c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:31:22.0157 0x097c Smb - ok
17:31:22.0204 0x097c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:31:22.0220 0x097c SNMPTRAP - ok
17:31:22.0313 0x097c [ C3E69DB0A4E59564230E053232F39AC7, D7E4AC42C0731F69869E96F3AE9021ABD968E17C92283A54F265E73E6BD60ED5 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
17:31:22.0344 0x097c SOHCImp - ok
17:31:22.0407 0x097c [ 65CC4779A29C3E82B987BD4961790DFF, 91D072ADBCD4AEB2E10D0CC97E89E92099E8061A601F1A88425B4A20FC50FF78 ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
17:31:22.0438 0x097c SOHDms - ok
17:31:22.0500 0x097c [ F47D75CEE1844EEF4A9EA6EE768828FB, 242550EB5879476DD2CFC0E38FAF3C6D0263FEA7504BD73ED3B004E274D7CDF6 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
17:31:22.0578 0x097c SOHDs - ok
17:31:22.0672 0x097c [ 5449FC97476F52E027409E703791E6A9, 88AFFBD1970575AB0E16B07AC7C6364879298320540F3451603DCBF54D551273 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
17:31:22.0703 0x097c SpfService - ok
17:31:22.0750 0x097c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
17:31:22.0750 0x097c spldr - ok
17:31:22.0812 0x097c [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler C:\Windows\System32\spoolsv.exe
17:31:22.0859 0x097c Spooler - ok
17:31:23.0218 0x097c [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
17:31:23.0421 0x097c sppsvc - ok
17:31:23.0468 0x097c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:31:23.0499 0x097c sppuinotify - ok
17:31:23.0577 0x097c [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:31:23.0624 0x097c srv - ok
17:31:23.0655 0x097c [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:31:23.0702 0x097c srv2 - ok
17:31:23.0858 0x097c [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:31:23.0873 0x097c srvnet - ok
17:31:23.0920 0x097c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:31:23.0951 0x097c SSDPSRV - ok
17:31:23.0967 0x097c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:31:23.0998 0x097c SstpSvc - ok
17:31:24.0029 0x097c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:31:24.0045 0x097c stexstor - ok
17:31:24.0107 0x097c [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
17:31:24.0170 0x097c stisvc - ok
17:31:24.0216 0x097c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
17:31:24.0216 0x097c swenum - ok
17:31:24.0310 0x097c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
17:31:24.0357 0x097c swprv - ok
17:31:24.0513 0x097c [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
17:31:24.0638 0x097c SysMain - ok
17:31:24.0716 0x097c [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:31:24.0747 0x097c TabletInputService - ok
17:31:24.0778 0x097c [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:31:24.0825 0x097c TapiSrv - ok
17:31:24.0872 0x097c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
17:31:24.0887 0x097c TBS - ok
17:31:25.0059 0x097c [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:31:25.0293 0x097c Tcpip - ok
17:31:25.0418 0x097c [ 5CFB7AB8F9524D1A1E14369DE63B83CC, BC22FC5714A6A8F8CF95D3D9656332D7B315FF7CFA50C0DEB7437A30651D10C7 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:31:25.0527 0x097c TCPIP6 - ok
17:31:25.0636 0x097c [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:31:25.0652 0x097c tcpipreg - ok
17:31:25.0698 0x097c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:31:25.0714 0x097c TDPIPE - ok
17:31:25.0761 0x097c [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:31:25.0761 0x097c TDTCP - ok
17:31:25.0808 0x097c [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:31:25.0823 0x097c tdx - ok
17:31:25.0854 0x097c [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:31:25.0870 0x097c TermDD - ok
17:31:25.0948 0x097c [ 2556685956B353597B44B94B97CB3C9F, 71B0A3FC8C2646E05B4F082DFE199469D573476DB3DF3A34BA6BB5B151598F51 ] TermService C:\Windows\System32\termsrv.dll
17:31:26.0088 0x097c TermService - ok
17:31:26.0135 0x097c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
17:31:26.0151 0x097c Themes - ok
17:31:26.0198 0x097c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
17:31:26.0213 0x097c THREADORDER - ok
17:31:26.0244 0x097c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
17:31:26.0276 0x097c TrkWks - ok
17:31:26.0354 0x097c [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:31:26.0478 0x097c TrustedInstaller - ok
17:31:26.0525 0x097c [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:31:26.0525 0x097c tssecsrv - ok
17:31:26.0556 0x097c [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:31:26.0588 0x097c tunnel - ok
17:31:26.0619 0x097c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:31:26.0634 0x097c uagp35 - ok
17:31:26.0666 0x097c [ 0E5E962B5649D544BE54E8C90761EA2B, E595930B1B2F7E870A33D857047A53CA3EE63048C6CAE069633864B4C9888DDD ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:31:26.0697 0x097c udfs - ok
17:31:26.0759 0x097c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:31:26.0775 0x097c UI0Detect - ok
17:31:26.0822 0x097c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:31:26.0837 0x097c uliagpkx - ok
17:31:26.0946 0x097c [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:31:26.0962 0x097c umbus - ok
17:31:26.0993 0x097c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
17:31:27.0009 0x097c UmPass - ok
17:31:27.0243 0x097c [ 11A559E0F10CC5E788984023DF400A6F, B16B6C2305B421402C2FA4D4D32A8359C4A5B5F14D14C04A1AE7BEC7EEA13047 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:31:27.0461 0x097c UNS - ok
17:31:27.0524 0x097c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
17:31:27.0570 0x097c upnphost - ok
17:31:27.0602 0x097c [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:31:27.0602 0x097c USBAAPL64 - ok
17:31:27.0648 0x097c [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:31:27.0664 0x097c usbccgp - ok
17:31:27.0804 0x097c [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:31:27.0836 0x097c usbcir - ok
17:31:27.0867 0x097c [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:31:27.0882 0x097c usbehci - ok
17:31:27.0945 0x097c [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:31:27.0976 0x097c usbhub - ok
17:31:28.0007 0x097c [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:31:28.0023 0x097c usbohci - ok
17:31:28.0070 0x097c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:31:28.0070 0x097c usbprint - ok
17:31:28.0116 0x097c [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:31:28.0241 0x097c usbscan - ok
17:31:28.0272 0x097c [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:31:28.0304 0x097c USBSTOR - ok
17:31:28.0335 0x097c [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:31:28.0350 0x097c usbuhci - ok
17:31:28.0397 0x097c [ 7CB8C573C6E4A2714402CC0A36EAB4FE, FCD65AA3723617F58F77C4DA93CE910C712B8AA9411B5C4A60DC6C684EA53C1B ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:31:28.0413 0x097c usbvideo - ok
17:31:28.0460 0x097c [ E388D1507E779D0B499A1D87476E4230, 9818AA09BFBCB5C26B13EF1B0F3702678CA5C5C284A9480E7DF31AFD9DC93197 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
17:31:28.0475 0x097c usb_rndisx - ok
17:31:28.0631 0x097c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
17:31:28.0647 0x097c UxSms - ok
17:31:28.0740 0x097c [ A60605FC66552B421EE1F3D4EBB9A4E0, DCAC76EACAABD38E3896F78B56F51D08ECCC46E360DC29857526929900455E07 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
17:31:28.0881 0x097c VAIO Event Service - ok
17:31:28.0990 0x097c [ D469BE2723F79CF4B384680B1FDC577D, 8967D83D7A59E1C04F1A252246ABD7B64ABEC36BF02E3CA5BD672ABCA36E2BE0 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
17:31:29.0068 0x097c VAIO Power Management - ok
17:31:29.0099 0x097c [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc C:\Windows\system32\lsass.exe
17:31:29.0115 0x097c VaultSvc - ok
17:31:29.0271 0x097c [ 6888526AEB8DDABDE6F778FD40FC0693, 1559979A440559C1227F5CE30CC6351A3DE12E49B7222DC94A571CF61ADC9BEA ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
17:31:29.0583 0x097c VCFw - ok
17:31:29.0692 0x097c [ F0672B2368E859284A4C44AE2CCA4C72, D7C8CF82658FE2BC040EF842AA682AC4BF9A9D006D36490B7A09083E7F8E1E3D ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
17:31:29.0786 0x097c VcmIAlzMgr - ok
17:31:29.0864 0x097c [ E005B04DFCA99F5880C5111933194CA9, 9F3F48B3BA74DF5073D2A9767EB11B28CF54E01BA12FD269771187FB4BC26A3D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
17:31:30.0347 0x097c VcmINSMgr - ok
17:31:30.0722 0x097c [ C8E3BA694CC5EACEC4C01660ACE40D56, 3090D939B8A6CB67E3393EE9B6EB3375A7EC8F6E9F0A350803C0EE4E7FD3B3BF ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
17:31:30.0846 0x097c VcmXmlIfHelper - ok
17:31:30.0878 0x097c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:31:30.0893 0x097c vdrvroot - ok
17:31:30.0956 0x097c [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
17:31:31.0002 0x097c vds - ok
17:31:31.0065 0x097c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:31:31.0080 0x097c vga - ok
17:31:31.0112 0x097c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:31:31.0221 0x097c VgaSave - ok
17:31:31.0268 0x097c [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:31:31.0283 0x097c vhdmp - ok
17:31:31.0314 0x097c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
17:31:31.0330 0x097c viaide - ok
17:31:31.0346 0x097c vmci - ok
17:31:31.0377 0x097c [ B259C31378BC855AFD1B53F59311C251, 5FEDEC6EBA72652B89F57E275B25CC6333BE78FB2B74DEADDD588CE1089DCE89 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
17:31:31.0392 0x097c VMnetAdapter - ok
17:31:31.0424 0x097c [ DEC4CE720FFEDA939CF1BA315CFBD993, B06BB836B824FC682F5FD84E1D6B313A4E99089A5CED2C14CC721D172C1E3C51 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
17:31:31.0439 0x097c VMnetBridge - ok
17:31:31.0470 0x097c [ B6A3766C3E99FB1F6663C6B4B7C3F3A1, 030361CEBB9C0D4185EE5DEBC851E1F61AB23ED19E610CE5C3E809AB52FBC25D ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
17:31:31.0486 0x097c VMnetuserif - ok
17:31:31.0517 0x097c [ 415B167695C4B5960A13098622EF3D80, E68AE845A6967E68FB22EB0F4D95631D041DA906801202F7662B22EAD34B2371 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
17:31:31.0533 0x097c vmusb - ok
17:31:31.0689 0x097c [ 8E06CA41344B90BF60701CA61515C3C4, 97D791A1545049C8106FE61A72CC6524DDFF5F0BF186932445A3F61AA46E4B6D ] vodafone_K3805-z_cdc_acm C:\Windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys
17:31:31.0704 0x097c vodafone_K3805-z_cdc_acm - ok
17:31:31.0736 0x097c [ EC1DF5164B659C59EA796843A9D290DD, 51A19B701460D928B2FD13749BFDDED1C27994CC9B4EE670E775267ED17814E6 ] vodafone_K3805-z_cdc_ecm C:\Windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys
17:31:31.0751 0x097c vodafone_K3805-z_cdc_ecm - ok
17:31:31.0782 0x097c [ CBEAE8F0FE727386DA202E67B3760294, A46A5A26000F4D492F15E848F2BA3479ED82E3B8CBEBD5283C6F4FEBFBEA40E7 ] vodafone_K3805-z_cpo C:\Windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys
17:31:31.0782 0x097c vodafone_K3805-z_cpo - ok
17:31:31.0814 0x097c [ 1E4D31FEC921300C5F262C52F5FCC666, 19FF08BD37908C1C49427DE8E6E69AA84E8EEEBD5A4B0F2226ED1A73C862D63D ] vodafone_K3805-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
17:31:31.0829 0x097c vodafone_K3805-z_dc_enum - ok
17:31:31.0860 0x097c [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:31:31.0876 0x097c volmgr - ok
17:31:31.0938 0x097c [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:31:31.0970 0x097c volmgrx - ok
17:31:32.0110 0x097c [ 9E425AC5C9A5A973273D169F43B4F5E1, 64C9A9D4A39865E56F01B4FDE1B56034C4B2A2AEF2ABE15EC1C37911C59595B0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:31:32.0141 0x097c volsnap - ok
17:31:32.0204 0x097c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:31:32.0219 0x097c vsmraid - ok
17:31:32.0360 0x097c [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
17:31:32.0484 0x097c VSS - ok
17:31:32.0609 0x097c [ E55A44D8F9F713D5F5D5BBAEF2BA0A34, 2EB5AF46BD1EE7F8BE9BC53D9CA65D0A181522BF40248F8ED0A5F924E946D13F ] VUAgent C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
17:31:32.0718 0x097c VUAgent - ok
17:31:32.0750 0x097c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:31:32.0765 0x097c vwifibus - ok
17:31:32.0796 0x097c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:31:32.0812 0x097c vwififlt - ok
17:31:32.0843 0x097c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:31:32.0843 0x097c vwifimp - ok
17:31:33.0015 0x097c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
17:31:33.0062 0x097c W32Time - ok
17:31:33.0233 0x097c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:31:33.0249 0x097c WacomPen - ok
17:31:33.0296 0x097c [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:31:33.0311 0x097c WANARP - ok
17:31:33.0342 0x097c [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:31:33.0342 0x097c Wanarpv6 - ok
17:31:33.0530 0x097c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:31:33.0748 0x097c WatAdminSvc - ok
17:31:33.0998 0x097c [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
17:31:34.0122 0x097c wbengine - ok
17:31:34.0169 0x097c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:31:34.0325 0x097c WbioSrvc - ok
17:31:34.0372 0x097c [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:31:34.0434 0x097c wcncsvc - ok
17:31:34.0481 0x097c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:31:34.0715 0x097c WcsPlugInService - ok
17:31:34.0746 0x097c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
17:31:34.0762 0x097c Wd - ok
17:31:34.0856 0x097c [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:31:34.0949 0x097c Wdf01000 - ok
17:31:35.0074 0x097c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:31:35.0105 0x097c WdiServiceHost - ok
17:31:35.0136 0x097c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:31:35.0152 0x097c WdiSystemHost - ok
17:31:35.0230 0x097c [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient C:\Windows\System32\webclnt.dll
17:31:35.0261 0x097c WebClient - ok
17:31:35.0417 0x097c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:31:35.0480 0x097c Wecsvc - ok
17:31:35.0526 0x097c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:31:35.0558 0x097c wercplsupport - ok
17:31:35.0589 0x097c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
17:31:35.0604 0x097c WerSvc - ok
17:31:35.0667 0x097c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:31:35.0667 0x097c WfpLwf - ok
17:31:35.0698 0x097c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:31:35.0714 0x097c WIMMount - ok
17:31:35.0823 0x097c WinDefend - ok
17:31:35.0885 0x097c WinHttpAutoProxySvc - ok
17:31:35.0994 0x097c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:31:36.0041 0x097c Winmgmt - ok
17:31:36.0057 0x097c WinRing0_1_2_0 - ok
17:31:36.0993 0x097c [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
17:31:37.0258 0x097c WinRM - ok
17:31:37.0320 0x097c [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:31:37.0336 0x097c WinUsb - ok
17:31:37.0445 0x097c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:31:37.0554 0x097c Wlansvc - ok
17:31:37.0679 0x097c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:31:37.0695 0x097c WmiAcpi - ok
17:31:37.0757 0x097c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:31:37.0773 0x097c wmiApSrv - ok
17:31:37.0944 0x097c WMPNetworkSvc - ok
17:31:37.0976 0x097c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:31:37.0991 0x097c WPCSvc - ok
17:31:38.0022 0x097c [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:31:38.0054 0x097c WPDBusEnum - ok
17:31:38.0085 0x097c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:31:38.0100 0x097c ws2ifsl - ok
17:31:38.0147 0x097c [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc C:\Windows\system32\wscsvc.dll
17:31:38.0178 0x097c wscsvc - ok
17:31:38.0194 0x097c WSearch - ok
17:31:38.0490 0x097c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
17:31:38.0678 0x097c wuauserv - ok
17:31:38.0740 0x097c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:31:38.0771 0x097c WudfPf - ok
17:31:38.0802 0x097c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:31:38.0834 0x097c WUDFRd - ok
17:31:38.0880 0x097c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:31:38.0912 0x097c wudfsvc - ok
17:31:38.0974 0x097c [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:31:39.0021 0x097c WwanSvc - ok
17:31:39.0114 0x097c [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
17:31:39.0177 0x097c xnacc - ok
17:31:39.0239 0x097c [ 5250193EF8E173AA7491250F00EB367F, FF33B5112C5702CBD8EF2B0B5E49428973054B961F3B105419F7A47E2057B8A6 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
17:31:39.0286 0x097c yukonw7 - ok
17:31:39.0442 0x097c ================ Scan global ===============================
17:31:39.0504 0x097c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:31:39.0567 0x097c [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
17:31:39.0629 0x097c [ 3FB74FF230B5D240A57AE1C4A3D0459D, 7A4036CAC3BAAEC719E4152F2CAA9D9B69DACBDC7502147D7160D04AE70BC8DF ] C:\Windows\system32\winsrv.dll
17:31:39.0676 0x097c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:31:39.0754 0x097c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:31:39.0785 0x097c [ Global ] - ok
17:31:39.0801 0x097c ================ Scan MBR ==================================
17:31:39.0816 0x097c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:31:40.0206 0x097c \Device\Harddisk0\DR0 - ok
17:31:40.0206 0x097c ================ Scan VBR ==================================
17:31:40.0206 0x097c [ F211BF92F1BF8A193339BFDFFA5163DC ] \Device\Harddisk0\DR0\Partition1
17:31:40.0316 0x097c \Device\Harddisk0\DR0\Partition1 - ok
17:31:40.0347 0x097c [ C1D620299A3A02654CEE33671C852163 ] \Device\Harddisk0\DR0\Partition2
17:31:40.0347 0x097c \Device\Harddisk0\DR0\Partition2 - ok
17:31:40.0347 0x097c ================ Scan generic autorun ======================
17:31:41.0049 0x097c [ CAF4777D51A4DC6B62219A0C579F8723, 84BBF7625656BB3B10C0C4CEDEE539F044335CEEEFECFDD78CE908DBFF13F9A3 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:31:41.0938 0x097c RtHDVCpl - ok
17:31:42.0110 0x097c [ 1A87CB56BB2385657C7808F876902C20, 277A36F3262BEF0B6FA24381BA09685B1C9E3B1A75C47D6E7C96DBBA4CAB41D1 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:31:42.0234 0x097c RtHDVBg - ok
17:31:42.0234 0x097c Apoint - ok
17:31:42.0468 0x097c [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
17:31:42.0531 0x097c avgnt - ok
17:31:42.0671 0x097c [ FF6E979F2AD888C417B8A5476484F43B, 8967190A45CB6D8155285C01C0E45B35D60CF62B6800FF7006488AE2A5B81D15 ] C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
17:31:42.0671 0x097c GUDelayStartup - ok
17:31:42.0687 0x097c Waiting for KSN requests completion. In queue: 71
17:31:43.0701 0x097c Waiting for KSN requests completion. In queue: 71
17:31:44.0730 0x097c Waiting for KSN requests completion. In queue: 71
17:31:45.0744 0x097c Waiting for KSN requests completion. In queue: 71
17:31:46.0758 0x097c Waiting for KSN requests completion. In queue: 71
17:31:47.0772 0x097c Waiting for KSN requests completion. In queue: 71
17:31:48.0786 0x097c Waiting for KSN requests completion. In queue: 71
17:31:49.0800 0x097c Waiting for KSN requests completion. In queue: 71
17:31:50.0814 0x097c Waiting for KSN requests completion. In queue: 71
17:31:51.0828 0x097c Waiting for KSN requests completion. In queue: 71
17:31:53.0108 0x097c AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
17:31:53.0170 0x097c Win FW state via NFP2: disabled
17:32:02.0530 0x097c ============================================================
17:32:02.0530 0x097c Scan finished
17:32:02.0530 0x097c ============================================================
17:32:02.0530 0x08a0 Detected object count: 0
17:32:02.0530 0x08a0 Actual detected object count: 0
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Combofix log

ComboFix 14-08-06.02 - MP 08/08/2014 19:27:01.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3950.2811 [GMT 2:00]
Eseguito da: c:\users\MP\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Windows6.1-KB2750090-x64.msu
C:\Windows6.1-KB2889748-x64.msu
.
---- Esecuzione precedente -------
.
c:\users\MP\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PCSUService
-------\Legacy_ACEDRV11
.
.
((((((((((((((((((((((((( Files Creati Da 2014-07-08 al 2014-08-08 )))))))))))))))))))))))))))))))))))
.
.
2014-08-08 17:36 . 2014-08-08 17:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-08-07 21:09 . 2014-08-07 21:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-07 20:41 . 2014-08-07 20:41 29160 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
2014-08-06 14:29 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-06 14:22 . 2014-08-06 14:22 -------- d-----w- c:\windows\ERUNT
2014-08-06 14:08 . 2014-08-06 15:10 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-06 09:27 . 2014-08-06 09:27 -------- d-----w- c:\users\MP\AppData\Roaming\Avira
2014-08-04 09:50 . 2014-08-04 09:51 -------- d-----w- c:\users\MP\AppData\Local\Kingsoft
2014-08-01 13:16 . 2014-08-01 13:16 -------- d-----w- c:\programdata\GlarySoft
2014-08-01 13:16 . 2014-08-01 13:16 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-08-01 13:16 . 2014-08-01 13:21 -------- d-----w- c:\users\MP\AppData\Roaming\DiskDefrag
2014-08-01 13:16 . 2014-07-21 03:01 118048 ----a-w- c:\windows\system32\BootDefrag.exe
2014-08-01 13:16 . 2014-07-18 07:11 17600 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-08-01 13:15 . 2014-08-06 08:28 -------- d-----w- c:\program files (x86)\Glary Utilities 5
2014-07-11 13:45 . 2014-08-08 16:03 -------- d-----w- c:\users\MP\7kaa
2014-07-11 13:44 . 2014-07-11 13:44 -------- d-----w- c:\program files (x86)\7kaa2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-07 21:09 . 2014-06-01 08:38 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-07 21:09 . 2014-06-01 08:38 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-14 19:03 . 2013-05-13 13:46 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-14 19:03 . 2013-03-28 10:20 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-14 02:12 . 2014-08-06 08:34 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BAA0E62-2877-41F7-9A34-57AED6C1CEE5}\mpengine.dll
2014-06-03 12:17 . 2013-03-28 10:20 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-12 05:26 . 2014-06-01 08:38 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25 . 2014-06-01 08:38 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* I valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-07-21 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-14 750160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"MobileBroadband"=c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Everything"="c:\program files (x86)\Everything\Everything.exe" -startup
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R3 EMSUSB2;EMSUSB2;c:\windows\system32\Drivers\EMSUSB2.SYS;c:\windows\SYSNATIVE\Drivers\EMSUSB2.SYS [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cdc_acm.sys [x]
R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [x]
R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_cpo.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R4 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R4 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe;c:\program files\Sony\VAIO Update 5\VUAgent.exe [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-21 09:08 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-08-08 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21 03:00]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 02:06]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 02:06]
.
2014-08-01 c:\windows\Tasks\GU5SkipUAC.job
- c:\program files (x86)\Glary Utilities 5\Integrator.exe [2014-07-21 03:00]
.
2014-08-08 c:\windows\Tasks\WpsNotifyTask_MP.job
- c:\users\MP\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe [2014-08-04 09:50]
.
2013-01-30 c:\windows\Tasks\WpsUpdateTask_MP.job
- c:\program files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe [2011-10-29 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
.
------- Scansione supplementare -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 62.101.93.101 83.103.25.250
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com?fr=fp-comodo
FF - prefs.js: keyword.URL - hxxp://inm.startya.com/s/?src=FF-Address&site=Yahoo!&cfg=2-575-0-0&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2014-08-08 20:03:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-08-08 18:03
ComboFix2.txt 2013-03-05 10:27
.
Pre-Run: 258534449152 byte disponibili
Post-Run: 258230382592 byte disponibili
.
- - End Of File - - 092158B552A2C264ED875CD77B9F180B
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
ADWCleaner

# AdwCleaner v3.304 - Rapporto creato 08/08/2014 in 21:24:14
# Aggiornato 08/08/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium (64 bits)
# Nome utente : MP - MP-VAIO
# In esecuzione da : C:\Users\MP\Desktop\adwcleaner_3.304.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****


***** [ Compiti ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****


***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v30.0 (it)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\hu3f24gr.default\prefs.js ]


[ File : C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Eliminati [Search Provider] : hxxp://www.kelkoo.it/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true
Eliminati [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Eliminati [Search Provider] : hxxp://portale.provincia.vr.it/search?SearchableText={searchTerms}
Eliminati [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10401&locale=it_IT&apn_uid=50383dfd-2961-41a5-8467-e40bb0125633&apn_ptnrs=%5EABZ&apn_sauid=A388D2A8-3D37-4F9E-807E-6AD77C6F0D09&apn_dtid=%5EYYYYYY%5EYY%5EIT&q={searchTerms}
Eliminati [Search Provider] : hxxp://www2.comune.bolzanovicentino.vi.it/search?SearchableText={searchTerms}
Eliminati [Search Provider] : hxxp://www.softonic.it/s/{searchTerms}
Eliminati [Search Provider] : hxxp://isearch.glarysoft.com/?q={searchTerms}&src=gcsearch

*************************

AdwCleaner[R0].txt - [4789 octets] - [11/10/2013 09:39:32]
AdwCleaner[R1].txt - [2870 octets] - [06/08/2014 16:28:13]
AdwCleaner[R2].txt - [2150 octets] - [08/08/2014 21:22:04]
AdwCleaner[S0].txt - [4702 octets] - [11/10/2013 09:42:47]
AdwCleaner[S1].txt - [2804 octets] - [06/08/2014 16:36:00]
AdwCleaner[S2].txt - [2082 octets] - [08/08/2014 21:24:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2142 octets] ##########
 
JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by MP on 08/08/2014 at 21:41:18.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6D0C0BC5-3DDF-4730-8244-0248F460353E}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\1oy0wvkw.default\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/08/2014 at 21:56:43.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2014
Ran by MP (administrator) on MP-VAIO on 08-08-2014 22:11:21
Running from C:\Users\MP\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Italiano (Italia)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3738606585-3584510924-2974000002-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-21] (Glarysoft Ltd)
BootExecute: autocheck autochk * BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
SearchScopes: HKCU - {1B4B4F9A-82A5-45CF-8DFE-8641164B34FB} URL = http://rover.ebay.com/rover/1/724-42445-16445-16/4?satitle={searchTerms}
SearchScopes: HKCU - {3D5AB27F-4C60-4EB7-A007-627B01C2B3B8} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKCU - {A89CA510-D2CE-B184-4A81-8F61AD65D953} URL = http://it.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKCU - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

FireFox:
========
FF ProfilePath: C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://it.yahoo.com?fr=fp-comodo
FF Keyword.URL: hxxp://inm.startya.com/s/?src=FF-Address&site=Yahoo!&cfg=2-575-0-0&q=
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: Password Exporter - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-12-13]
FF Extension: Elite Proxy Switcher - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\Extensions\eliteproxyswitcher@my-proxy.com.xpi [2012-01-10]
FF Extension: Free Hide IP - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\Extensions\support@free-hideip.com.xpi [2012-01-10]
FF Extension: PDF Download - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2012-02-22]
FF Extension: Adblock Plus - C:\Users\MP\AppData\Roaming\Mozilla\Firefox\Profiles\1oy0wvkw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-27]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

Chrome:
=======
CHR HomePage: chrome://newtab
CHR Extension: (Documenti Google) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-22]
CHR Extension: (Google Drive) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-22]
CHR Extension: (YouTube) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-22]
CHR Extension: (Ricerca Google) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-22]
CHR Extension: (Skype Click to Call) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-22]
CHR Extension: (Google Wallet) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR Extension: (Gmail) - C:\Users\MP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-06] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [864000 2010-09-27] (Sony Corporation)
S4 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1250160 2010-05-31] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-01] (Avira Operations GmbH & Co. KG)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-09] (DT Soft Ltd)
S3 EMSUSB2; C:\Windows\SysWOW64\Drivers\EMSUSB2.SYS [9728 2007-01-03] () [File not signed]
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-07-23] (Huawei Technologies Co., Ltd.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-08-01] (Glarysoft Ltd)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-06-24] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-24] (Intel(R) Corporation) [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-08-07] (Malwarebytes Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 vodafone_K3805-z_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [78336 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [88064 2010-09-01] (Vodafone)
S3 vodafone_K3805-z_cpo; C:\Windows\System32\DRIVERS\vodafone_K3805-z_cpo.sys [13824 2010-09-01] (Vodafone)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gfiark; system32\drivers\gfiark.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 22:11 - 2014-08-08 22:12 - 00014260 _____ () C:\Users\MP\Desktop\FRST.txt
2014-08-08 22:11 - 2014-08-08 22:11 - 00000000 ____D () C:\FRST
2014-08-08 22:09 - 2014-08-08 22:09 - 02094080 _____ (Farbar) C:\Users\MP\Desktop\FRST64.exe
2014-08-08 22:08 - 2014-08-08 22:09 - 02094080 _____ (Farbar) C:\Users\MP\Downloads\FRST64.exe
2014-08-08 21:56 - 2014-08-08 21:56 - 00001031 _____ () C:\Users\MP\Desktop\JRT.txt
2014-08-08 21:39 - 2014-08-08 21:39 - 01016261 _____ (Thisisu) C:\Users\MP\Desktop\JRT.exe
2014-08-08 21:31 - 2014-08-08 21:31 - 00002222 _____ () C:\Users\MP\Desktop\AdwCleaner[S2].txt
2014-08-08 21:20 - 2014-08-08 21:21 - 01366203 _____ () C:\Users\MP\Desktop\adwcleaner_3.304.exe
2014-08-08 20:03 - 2014-08-08 20:03 - 00020031 _____ () C:\ComboFix.txt
2014-08-08 19:47 - 2014-08-08 22:08 - 00032551 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 19:24 - 2014-08-08 20:04 - 00000000 ____D () C:\ComboFix
2014-08-08 19:18 - 2014-08-08 19:19 - 05568206 ____R (Swearware) C:\Users\MP\Desktop\ComboFix.exe
2014-08-08 18:10 - 2014-08-08 18:10 - 00000376 _____ () C:\Windows\Tasks\WpsNotifyTask_MP.job
2014-08-08 17:39 - 2014-08-08 17:39 - 00108504 _____ () C:\Users\MP\Desktop\report tdsskiller.txt
2014-08-08 17:25 - 2014-08-08 17:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\MP\Desktop\tdsskiller (1).exe
2014-08-07 23:09 - 2014-08-07 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-07 23:08 - 2014-08-07 23:08 - 00000000 ____D () C:\Users\MP\Desktop\mbar-1.07.0.1012
2014-08-07 23:06 - 2014-08-07 23:06 - 00002876 _____ () C:\Users\MP\Desktop\RKreport_DEL_08072014_230623___03.txt
2014-08-07 22:57 - 2014-08-07 22:57 - 14349744 _____ (Malwarebytes Corp.) C:\Users\MP\Desktop\mbar-1.07.0.1012.exe
2014-08-07 22:55 - 2014-08-07 22:55 - 00004771 _____ () C:\Users\MP\Desktop\RKreport_DEL_08072014_225514___002.txt
2014-08-07 22:51 - 2014-08-07 22:51 - 00004650 _____ () C:\Users\MP\Desktop\RKreport_SCN_08072014_225051.log
2014-08-07 22:41 - 2014-08-07 22:41 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-07 22:39 - 2014-08-07 22:40 - 04817496 _____ () C:\Users\MP\Desktop\RogueKiller (1).exe
2014-08-07 10:54 - 2014-08-07 10:54 - 00010288 _____ () C:\Users\MP\Desktop\attach.txt
2014-08-07 10:54 - 2014-08-07 10:54 - 00007352 _____ () C:\Users\MP\Desktop\dds.txt
2014-08-07 10:48 - 2014-08-07 10:48 - 00688992 ____R (Swearware) C:\Users\MP\Downloads\dds.com
2014-08-06 17:10 - 2014-08-06 17:15 - 00000293 _____ () C:\Users\MP\Desktop\help request.txt
2014-08-06 16:37 - 2014-08-08 21:26 - 00001162 _____ () C:\Windows\PFRO.log
2014-08-06 16:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-06 16:22 - 2014-08-06 16:22 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 16:08 - 2014-08-06 17:10 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-06 16:08 - 2014-08-06 16:09 - 01361309 _____ () C:\Users\MP\Downloads\adwcleaner_3.302.exe
2014-08-06 16:08 - 2014-08-06 16:09 - 01016261 _____ (Thisisu) C:\Users\MP\Downloads\JRT.exe
2014-08-06 16:06 - 2014-08-06 16:06 - 05379160 _____ () C:\Users\MP\Downloads\RogueKillerX64.exe
2014-08-06 16:05 - 2014-08-06 16:07 - 00003062 _____ () C:\Users\MP\Desktop\Rkill.txt
2014-08-06 16:04 - 2014-08-06 16:04 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\MP\Downloads\iExplore.exe
2014-08-06 16:01 - 2014-08-06 16:01 - 00000000 ____D () C:\Users\MP\Downloads\tdsskiller
2014-08-06 16:00 - 2014-08-06 16:00 - 04161313 _____ () C:\Users\MP\Downloads\tdsskiller.zip
2014-08-06 16:00 - 2014-08-06 16:00 - 00074604 _____ () C:\Users\MP\Downloads\How to remove SvcHost.exe virus (Malware Removal Guide).htm
2014-08-06 16:00 - 2014-08-06 16:00 - 00000000 ____D () C:\Users\MP\Downloads\How to remove SvcHost.exe virus (Malware Removal Guide)_files
2014-08-06 15:54 - 2014-08-06 15:54 - 00559063 _____ () C:\Users\MP\Downloads\Everything-1.3.4.686.x64-Setup.exe
2014-08-06 12:22 - 2014-08-08 21:58 - 00000784 _____ () C:\Windows\setupact.log
2014-08-06 12:22 - 2014-08-06 12:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-06 11:44 - 2014-08-06 11:44 - 00022410 _____ () C:\Users\MP\Downloads\Richiesta MODALITà DI INTEGRAZIONE AI SENSI DELLA LR 14 -09_02 (1).odt
2014-08-06 11:27 - 2014-08-06 11:27 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Avira
2014-08-04 17:55 - 2014-08-04 17:57 - 00000133 _____ () C:\Users\MP\Desktop\la scossa snc.txt
2014-08-04 15:07 - 2014-08-04 16:04 - 00003696 _____ () C:\Users\MP\Desktop\mail punto per punto.txt
2014-08-04 14:39 - 2014-08-04 14:39 - 00021600 _____ () C:\Users\MP\Downloads\Ministero della Giustizia. Patrocinio a spese dello Stato nei giudizi civili e amministrativi.xhtml
2014-08-04 14:39 - 2014-08-04 14:39 - 00000000 ____D () C:\Users\MP\Downloads\Ministero della Giustizia. Patrocinio a spese dello Stato nei giudizi civili e amministrativi_files
2014-08-04 13:23 - 2014-08-04 13:23 - 01318090 _____ () C:\Users\MP\Downloads\ACER_OP_DO_03_2014_Tender_documentation.zip
2014-08-04 11:51 - 2014-08-04 11:51 - 00001543 _____ () C:\Users\MP\Desktop\WPS Writer.lnk
2014-08-04 11:51 - 2014-08-04 11:51 - 00001541 _____ () C:\Users\MP\Desktop\WPS Presentation.lnk
2014-08-04 11:51 - 2014-08-04 11:51 - 00001522 _____ () C:\Users\MP\Desktop\WPS Spreadsheets.lnk
2014-08-04 11:51 - 2014-08-04 11:51 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2014-08-04 11:50 - 2014-08-04 11:51 - 00000000 ____D () C:\Users\MP\AppData\Local\Kingsoft
2014-08-03 14:17 - 2014-08-03 14:17 - 00064300 _____ () C:\Users\MP\Downloads\allegati269705.zip
2014-08-01 15:35 - 2014-08-01 15:35 - 00002610 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-08-01 15:21 - 2014-08-05 16:58 - 05125944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-01 15:19 - 2014-08-01 15:19 - 00000000 ___HD () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-08-01 15:16 - 2014-08-08 22:01 - 00000322 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-01 15:16 - 2014-08-01 15:21 - 00000000 ____D () C:\Users\MP\AppData\Roaming\DiskDefrag
2014-08-01 15:16 - 2014-08-01 15:16 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-01 15:16 - 2014-08-01 15:16 - 00001056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-01 15:16 - 2014-08-01 15:16 - 00001044 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-01 15:16 - 2014-08-01 15:16 - 00000250 _____ () C:\Windows\Tasks\GU5SkipUAC.job
2014-08-01 15:16 - 2014-08-01 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-01 15:16 - 2014-08-01 15:16 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-01 15:16 - 2014-07-21 05:01 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-08-01 15:16 - 2014-07-18 09:11 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-08-01 15:15 - 2014-08-06 10:28 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-08-01 15:15 - 2014-08-01 15:17 - 64044040 _____ (Kingsoft Corp. Ltd.) C:\Users\MP\Downloads\wps2014_9.1.0.4746_21.107.exe
2014-08-01 15:13 - 2014-08-01 15:14 - 14094456 _____ () C:\Users\MP\Downloads\Glary_Utilities_v5.4.0.11.exe
2014-08-01 15:12 - 2014-08-06 10:28 - 00147792 _____ () C:\Users\MP\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-31 22:05 - 2014-07-31 22:08 - 00000000 ____D () C:\Users\MP\Desktop\MC 2014
2014-07-30 17:22 - 2014-07-30 17:22 - 00000047 _____ () C:\Users\MP\Desktop\progetto.txt
2014-07-30 10:16 - 2014-07-30 10:16 - 09358015 _____ () C:\Users\MP\Downloads\foto zanon luca.zip
2014-07-30 10:14 - 2014-07-30 10:14 - 00030264 _____ () C:\Users\MP\Downloads\OHSAS 18001.emf
2014-07-30 10:10 - 2014-07-30 10:10 - 08424554 _____ () C:\Users\MP\Downloads\foto-corso-mirco.zip
2014-07-25 12:50 - 2014-07-25 12:50 - 00021458 _____ () C:\Users\MP\Downloads\Bilancio 2013 per presentazione rev 25 luglio.odt
2014-07-25 12:35 - 2014-07-25 12:35 - 00175020 _____ () C:\Users\MP\Downloads\viewNews.htm
2014-07-25 12:35 - 2014-07-25 12:35 - 00000047 _____ () C:\Users\MP\Desktop\selezione aster eib.txt
2014-07-25 12:35 - 2014-07-25 12:35 - 00000000 ____D () C:\Users\MP\Downloads\viewNews_files
2014-07-21 17:43 - 2014-07-21 17:43 - 00039937 _____ () C:\Users\MP\Downloads\Regione Veneto - Riferimenti Uffici.htm
2014-07-21 17:43 - 2014-07-21 17:43 - 00000000 ____D () C:\Users\MP\Downloads\Regione Veneto - Riferimenti Uffici_files
2014-07-18 16:26 - 2014-07-18 16:26 - 02929152 _____ () C:\Users\MP\Downloads\Slides_23_marzo_2012.ppt
2014-07-17 15:48 - 2014-07-17 15:48 - 00000095 _____ () C:\Users\MP\Desktop\ecampus novedrate.txt
2014-07-17 12:41 - 2014-07-17 12:41 - 00006448 _____ () C:\Users\MP\Downloads\tariffe amministratore di condominio.com.htm
2014-07-17 12:41 - 2014-07-17 12:41 - 00000000 ____D () C:\Users\MP\Downloads\tariffe amministratore di condominio.com_files
2014-07-16 17:47 - 2014-07-16 17:47 - 00000085 _____ () C:\Users\MP\Desktop\email.txt
2014-07-16 17:33 - 2014-07-16 18:12 - 00013375 _____ () C:\Users\MP\Documents\calendario pas.xlsx
2014-07-16 17:17 - 2014-07-16 17:34 - 00001016 _____ () C:\Users\MP\Desktop\email nikolli.txt
2014-07-15 14:41 - 2014-07-15 14:41 - 00056887 _____ () C:\Users\MP\Downloads\CCNL economico 2008 – 2009.htm
2014-07-15 14:41 - 2014-07-15 14:41 - 00000000 ____D () C:\Users\MP\Downloads\CCNL economico 2008 – 2009_files
2014-07-15 12:35 - 2014-07-15 12:35 - 00000497 _____ () C:\Users\MP\Desktop\rtd.txt
2014-07-14 18:51 - 2014-07-14 18:51 - 00000084 _____ () C:\Users\MP\Desktop\to do list 14-07.txt
2014-07-14 18:18 - 2014-07-14 18:18 - 00785418 _____ () C:\Users\MP\Downloads\Relazioni Relatori Benavente Ferrera.zip
2014-07-14 18:16 - 2014-07-14 18:16 - 00991131 _____ () C:\Users\MP\Downloads\Margarita Checa Fortes.zip
2014-07-13 14:28 - 2014-07-13 14:28 - 00292718 _____ () C:\Users\MP\Downloads\Relazione finale Leali Luisella Maria.7z
2014-07-13 14:28 - 2014-07-13 14:28 - 00292718 _____ () C:\Users\MP\Downloads\Relazione finale Leali Luisella Maria (1).7z
2014-07-13 14:28 - 2014-07-13 14:28 - 00092427 _____ () C:\Users\MP\Downloads\Tesina Francesca Libralato.7z
2014-07-11 15:45 - 2014-08-08 21:11 - 00000000 ____D () C:\Users\MP\7kaa
2014-07-11 15:44 - 2014-07-11 15:44 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seven Kingdoms AA
2014-07-11 15:44 - 2014-07-11 15:44 - 00000000 ____D () C:\Program Files (x86)\7kaa2
2014-07-11 15:38 - 2014-07-11 15:39 - 31018563 _____ () C:\Users\MP\Downloads\7kaa-install-win32-2.14.4.exe
2014-07-11 15:27 - 2014-07-11 15:28 - 05513976 _____ (ReviverSoft LLC) C:\Users\MP\Downloads\RegistryReviverSetup.exe
2014-07-09 18:53 - 2014-07-09 19:15 - 00048128 _____ () C:\Users\MP\Downloads\PASCalendarioEsami345 (1).xls
2014-07-09 18:53 - 2014-07-09 18:54 - 00047616 _____ () C:\Users\MP\Downloads\PASCalendarioEsami545.xls
2014-07-09 18:53 - 2014-07-09 18:53 - 00055808 _____ () C:\Users\MP\Downloads\PASCalendarioEsami345.xls
2014-07-09 15:03 - 2014-07-09 18:50 - 00000442 _____ () C:\Users\MP\Desktop\idea incarico.txt
2014-07-09 11:37 - 2014-07-09 11:37 - 00010189 _____ () C:\Users\MP\Downloads\VOTI DIDATTICA GENERALE E PEDAGOGIA SPECIALE A445 - A245.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 22:12 - 2014-08-08 22:11 - 00014260 _____ () C:\Users\MP\Desktop\FRST.txt
2014-08-08 22:12 - 2009-07-14 06:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 22:12 - 2009-07-14 06:45 - 00019760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 22:11 - 2014-08-08 22:11 - 00000000 ____D () C:\FRST
2014-08-08 22:09 - 2014-08-08 22:09 - 02094080 _____ (Farbar) C:\Users\MP\Desktop\FRST64.exe
2014-08-08 22:09 - 2014-08-08 22:08 - 02094080 _____ (Farbar) C:\Users\MP\Downloads\FRST64.exe
2014-08-08 22:08 - 2014-08-08 19:47 - 00032551 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 22:01 - 2014-08-01 15:16 - 00000322 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-08 22:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 21:58 - 2014-08-06 12:22 - 00000784 _____ () C:\Windows\setupact.log
2014-08-08 21:56 - 2014-08-08 21:56 - 00001031 _____ () C:\Users\MP\Desktop\JRT.txt
2014-08-08 21:39 - 2014-08-08 21:39 - 01016261 _____ (Thisisu) C:\Users\MP\Desktop\JRT.exe
2014-08-08 21:31 - 2014-08-08 21:31 - 00002222 _____ () C:\Users\MP\Desktop\AdwCleaner[S2].txt
2014-08-08 21:26 - 2014-08-06 16:37 - 00001162 _____ () C:\Windows\PFRO.log
2014-08-08 21:25 - 2013-10-11 09:39 - 00000000 ____D () C:\AdwCleaner
2014-08-08 21:21 - 2014-08-08 21:20 - 01366203 _____ () C:\Users\MP\Desktop\adwcleaner_3.304.exe
2014-08-08 21:21 - 2014-04-03 09:34 - 00000000 ____D () C:\Program Files (x86)\Everything
2014-08-08 21:11 - 2014-07-11 15:45 - 00000000 ____D () C:\Users\MP\7kaa
2014-08-08 20:04 - 2014-08-08 19:24 - 00000000 ____D () C:\ComboFix
2014-08-08 20:03 - 2014-08-08 20:03 - 00020031 _____ () C:\ComboFix.txt
2014-08-08 20:03 - 2013-03-05 11:36 - 00000000 ____D () C:\Qoobox
2014-08-08 19:46 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-08 19:37 - 2009-07-14 04:34 - 96206848 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-08 19:37 - 2009-07-14 04:34 - 61865984 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-08 19:37 - 2009-07-14 04:34 - 04907008 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-08 19:37 - 2009-07-14 04:34 - 00057344 _____ () C:\Windows\system32\config\SAM.bak
2014-08-08 19:37 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-08 19:36 - 2013-03-05 11:23 - 00000000 ____D () C:\Windows\erdnt
2014-08-08 19:19 - 2014-08-08 19:18 - 05568206 ____R (Swearware) C:\Users\MP\Desktop\ComboFix.exe
2014-08-08 18:10 - 2014-08-08 18:10 - 00000376 _____ () C:\Windows\Tasks\WpsNotifyTask_MP.job
2014-08-08 17:39 - 2014-08-08 17:39 - 00108504 _____ () C:\Users\MP\Desktop\report tdsskiller.txt
2014-08-08 17:26 - 2014-08-08 17:25 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\MP\Desktop\tdsskiller (1).exe
2014-08-07 23:28 - 2014-08-07 23:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-07 23:09 - 2014-06-01 10:38 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 23:09 - 2014-06-01 10:38 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-07 23:08 - 2014-08-07 23:08 - 00000000 ____D () C:\Users\MP\Desktop\mbar-1.07.0.1012
2014-08-07 23:06 - 2014-08-07 23:06 - 00002876 _____ () C:\Users\MP\Desktop\RKreport_DEL_08072014_230623___03.txt
2014-08-07 22:57 - 2014-08-07 22:57 - 14349744 _____ (Malwarebytes Corp.) C:\Users\MP\Desktop\mbar-1.07.0.1012.exe
2014-08-07 22:55 - 2014-08-07 22:55 - 00004771 _____ () C:\Users\MP\Desktop\RKreport_DEL_08072014_225514___002.txt
2014-08-07 22:51 - 2014-08-07 22:51 - 00004650 _____ () C:\Users\MP\Desktop\RKreport_SCN_08072014_225051.log
2014-08-07 22:41 - 2014-08-07 22:41 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-07 22:40 - 2014-08-07 22:39 - 04817496 _____ () C:\Users\MP\Desktop\RogueKiller (1).exe
2014-08-07 18:09 - 2012-02-03 17:11 - 00000000 ____D () C:\Users\Public\Documents\MP
2014-08-07 14:23 - 2009-07-14 07:08 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-07 11:56 - 2012-07-01 19:54 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Kingsoft
2014-08-07 11:54 - 2010-12-12 17:09 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Mozilla
2014-08-07 10:54 - 2014-08-07 10:54 - 00010288 _____ () C:\Users\MP\Desktop\attach.txt
2014-08-07 10:54 - 2014-08-07 10:54 - 00007352 _____ () C:\Users\MP\Desktop\dds.txt
2014-08-07 10:48 - 2014-08-07 10:48 - 00688992 ____R (Swearware) C:\Users\MP\Downloads\dds.com
2014-08-06 17:15 - 2014-08-06 17:10 - 00000293 _____ () C:\Users\MP\Desktop\help request.txt
2014-08-06 17:10 - 2014-08-06 16:08 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-06 16:22 - 2014-08-06 16:22 - 00000000 ____D () C:\Windows\ERUNT
2014-08-06 16:09 - 2014-08-06 16:08 - 01361309 _____ () C:\Users\MP\Downloads\adwcleaner_3.302.exe
2014-08-06 16:09 - 2014-08-06 16:08 - 01016261 _____ (Thisisu) C:\Users\MP\Downloads\JRT.exe
2014-08-06 16:08 - 2014-06-01 12:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-06 16:07 - 2014-08-06 16:05 - 00003062 _____ () C:\Users\MP\Desktop\Rkill.txt
2014-08-06 16:06 - 2014-08-06 16:06 - 05379160 _____ () C:\Users\MP\Downloads\RogueKillerX64.exe
2014-08-06 16:04 - 2014-08-06 16:04 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\MP\Downloads\iExplore.exe
2014-08-06 16:01 - 2014-08-06 16:01 - 00000000 ____D () C:\Users\MP\Downloads\tdsskiller
2014-08-06 16:00 - 2014-08-06 16:00 - 04161313 _____ () C:\Users\MP\Downloads\tdsskiller.zip
2014-08-06 16:00 - 2014-08-06 16:00 - 00074604 _____ () C:\Users\MP\Downloads\How to remove SvcHost.exe virus (Malware Removal Guide).htm
2014-08-06 16:00 - 2014-08-06 16:00 - 00000000 ____D () C:\Users\MP\Downloads\How to remove SvcHost.exe virus (Malware Removal Guide)_files
2014-08-06 15:55 - 2010-07-30 13:41 - 00750866 _____ () C:\Windows\system32\perfh010.dat
2014-08-06 15:55 - 2010-07-30 13:41 - 00151574 _____ () C:\Windows\system32\perfc010.dat
2014-08-06 15:55 - 2009-07-14 07:13 - 01687854 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-06 15:54 - 2014-08-06 15:54 - 00559063 _____ () C:\Users\MP\Downloads\Everything-1.3.4.686.x64-Setup.exe
2014-08-06 12:22 - 2014-08-06 12:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-06 11:44 - 2014-08-06 11:44 - 00022410 _____ () C:\Users\MP\Downloads\Richiesta MODALITà DI INTEGRAZIONE AI SENSI DELLA LR 14 -09_02 (1).odt
2014-08-06 11:36 - 2010-12-11 20:22 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Adobe
2014-08-06 11:27 - 2014-08-06 11:27 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Avira
2014-08-06 10:49 - 2014-06-29 14:47 - 00000000 ____D () C:\Users\MP\AppData\Roaming\calibre
2014-08-06 10:49 - 2014-04-07 19:45 - 00000000 ____D () C:\Users\MP\Documents\CAM Development
2014-08-06 10:49 - 2013-11-27 15:54 - 00000000 ____D () C:\Users\MP\Documents\CentroStudi
2014-08-06 10:49 - 2013-10-29 15:39 - 00000000 ____D () C:\Users\MP\Documents\New Star Soccer 5
2014-08-06 10:49 - 2013-09-20 21:35 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Foxit Software
2014-08-06 10:49 - 2013-09-13 16:00 - 00000000 ____D () C:\Users\MP\Downloads\eMule AdunanzA
2014-08-06 10:49 - 2013-09-13 09:15 - 00000000 ____D () C:\Users\MP\AppData\Local\NPE
2014-08-06 10:49 - 2013-08-20 13:59 - 00000000 ____D () C:\ebook
2014-08-06 10:49 - 2013-07-26 16:42 - 00000000 ____D () C:\Users\MP\Documents\Chameleon files
2014-08-06 10:49 - 2012-09-11 16:54 - 00000000 ____D () C:\Users\MP\Documents\Fum
2014-08-06 10:49 - 2012-01-30 15:19 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Dropbox
2014-08-06 10:49 - 2011-11-03 12:16 - 00000000 ____D () C:\Users\MP\AppData\Roaming\HandBrake
2014-08-06 10:49 - 2011-09-11 12:25 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Apple Computer
2014-08-06 10:49 - 2011-07-30 16:10 - 00000000 ____D () C:\Users\MP\AppData\Local\SKIDROW
2014-08-06 10:49 - 2011-05-22 13:21 - 00000000 ____D () C:\Users\MP\AppData\Local\Sports Interactive
2014-08-06 10:49 - 2011-05-15 16:38 - 00000000 ____D () C:\Users\MP\AppData\Roaming\vlc
2014-08-06 10:49 - 2011-03-04 16:12 - 00000000 ____D () C:\Users\MP\Documents\BabasChess
2014-08-06 10:49 - 2010-12-31 18:57 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Epson
2014-08-06 10:49 - 2010-12-28 16:28 - 00000000 ____D () C:\Users\MP\AppData\Roaming\InstallShield
2014-08-06 10:49 - 2010-12-24 17:39 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Skype
2014-08-06 10:49 - 2010-12-18 21:28 - 00000000 ____D () C:\Users\MP\AppData\Roaming\ArcSoft
2014-08-06 10:49 - 2010-12-17 00:09 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Ashampoo
2014-08-06 10:49 - 2010-12-17 00:07 - 00000000 ____D () C:\Users\MP\AppData\Local\ashampoo
2014-08-06 10:49 - 2010-12-16 23:31 - 00000000 ____D () C:\Users\MP\AppData\Roaming\uTorrent
2014-08-06 10:49 - 2010-12-12 15:25 - 00000000 ____D () C:\Users\MP\Documents\Falegname
2014-08-06 10:49 - 2010-12-12 14:38 - 00000000 ____D () C:\Users\MP\Documents\EURO VERONA
2014-08-06 10:49 - 2010-12-12 13:27 - 00000000 ____D () C:\Users\MP\AppData\Roaming\EditPlus 3
2014-08-06 10:49 - 2010-12-11 20:41 - 00000000 ____D () C:\Users\MP\AppData\Roaming\BSplayer
2014-08-06 10:49 - 2010-12-11 20:14 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Sony Corporation
2014-08-06 10:48 - 2014-06-27 16:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-06 10:48 - 2014-05-31 17:24 - 00000000 ____D () C:\NPE
2014-08-06 10:48 - 2013-09-17 10:05 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-08-06 10:48 - 2013-06-03 13:38 - 00000000 ____D () C:\QuickOrganizer
2014-08-06 10:48 - 2013-05-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-08-06 10:48 - 2012-12-30 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-08-06 10:48 - 2012-10-25 22:34 - 00000000 ____D () C:\Program Files (x86)\Paradox Interactive
2014-08-06 10:48 - 2012-07-01 19:54 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-08-06 10:48 - 2012-05-09 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-06 10:48 - 2012-02-01 16:42 - 00000000 ____D () C:\Program Files (x86)\BlueGriffon
2014-08-06 10:48 - 2012-01-27 13:03 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-08-06 10:48 - 2011-07-22 01:41 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-06 10:48 - 2011-07-18 18:59 - 00000000 ____D () C:\Program Files (x86)\Radio Decoder
2014-08-06 10:48 - 2011-06-25 18:00 - 00000000 ____D () C:\Program Files (x86)\Orca Browser
2014-08-06 10:48 - 2011-04-15 14:37 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-06 10:48 - 2011-02-21 21:35 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-08-06 10:48 - 2010-12-31 17:02 - 00000000 ____D () C:\Users\MP\AppData\Local\ABBYY
2014-08-06 10:48 - 2010-12-31 17:02 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-06 10:48 - 2010-12-31 17:01 - 00000000 ____D () C:\Program Files\EpsonNet
2014-08-06 10:48 - 2010-12-18 21:28 - 00000000 ___HD () C:\ProgramData\ArcSoft
2014-08-06 10:48 - 2010-12-12 13:30 - 00000000 ____D () C:\Users\MP\AppData\Local\Adobe
2014-08-06 10:48 - 2010-12-11 20:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-06 10:48 - 2010-12-11 20:22 - 00000000 ____D () C:\Users\MP\AppData\Local\Google
2014-08-06 10:48 - 2010-07-30 03:56 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-06 10:48 - 2010-07-30 03:54 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-06 10:48 - 2010-07-13 00:47 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-08-06 10:48 - 2010-07-12 23:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-06 10:48 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-06 10:36 - 2014-07-08 21:05 - 00002952 _____ () C:\Windows\System32\Tasks\{8C2C436B-4ABE-46C7-A51E-2477DD990866}
2014-08-06 10:28 - 2014-08-01 15:15 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-08-06 10:28 - 2014-08-01 15:12 - 00147792 _____ () C:\Users\MP\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-05 16:58 - 2014-08-01 15:21 - 05125944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-05 16:52 - 2013-04-02 16:52 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-05 16:52 - 2010-12-12 13:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-05 16:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-05 16:51 - 2013-04-02 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-05 16:49 - 2010-07-13 20:20 - 00000000 ____D () C:\Windows\ShellNew
2014-08-05 16:49 - 2009-07-14 04:34 - 00000670 _____ () C:\Windows\win.ini
2014-08-05 15:52 - 2010-12-12 14:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-04 17:57 - 2014-08-04 17:55 - 00000133 _____ () C:\Users\MP\Desktop\la scossa snc.txt
2014-08-04 16:04 - 2014-08-04 15:07 - 00003696 _____ () C:\Users\MP\Desktop\mail punto per punto.txt
2014-08-04 14:39 - 2014-08-04 14:39 - 00021600 _____ () C:\Users\MP\Downloads\Ministero della Giustizia. Patrocinio a spese dello Stato nei giudizi civili e amministrativi.xhtml
2014-08-04 14:39 - 2014-08-04 14:39 - 00000000 ____D () C:\Users\MP\Downloads\Ministero della Giustizia. Patrocinio a spese dello Stato nei giudizi civili e amministrativi_files
2014-08-04 13:23 - 2014-08-04 13:23 - 01318090 _____ () C:\Users\MP\Downloads\ACER_OP_DO_03_2014_Tender_documentation.zip
2014-08-04 11:51 - 2014-08-04 11:51 - 00001543 _____ () C:\Users\MP\Desktop\WPS Writer.lnk
2014-08-04 11:51 - 2014-08-04 11:51 - 00001541 _____ () C:\Users\MP\Desktop\WPS Presentation.lnk
2014-08-04 11:51 - 2014-08-04 11:51 - 00001522 _____ () C:\Users\MP\Desktop\WPS Spreadsheets.lnk
2014-08-04 11:51 - 2014-08-04 11:51 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2014-08-04 11:51 - 2014-08-04 11:50 - 00000000 ____D () C:\Users\MP\AppData\Local\Kingsoft
2014-08-03 14:17 - 2014-08-03 14:17 - 00064300 _____ () C:\Users\MP\Downloads\allegati269705.zip
2014-08-01 15:49 - 2013-10-09 09:20 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 15:49 - 2013-10-01 20:28 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 15:43 - 2014-07-08 21:03 - 00003134 _____ () C:\Windows\System32\Tasks\{80771E02-4D41-44FD-8B55-D45A10191996}
2014-08-01 15:43 - 2013-05-07 21:41 - 00003424 _____ () C:\Windows\System32\Tasks\{29775616-2C34-4845-BB65-77D75FF574C7}
2014-08-01 15:43 - 2013-04-02 19:54 - 00003234 _____ () C:\Windows\System32\Tasks\{2837CD6F-CD83-453B-BC88-D5BF5DF867DA}
2014-08-01 15:41 - 2013-10-09 09:20 - 00004158 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-01 15:41 - 2013-10-09 09:20 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-01 15:41 - 2013-01-22 21:52 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 15:35 - 2014-08-01 15:35 - 00002610 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-08-01 15:21 - 2014-08-01 15:16 - 00000000 ____D () C:\Users\MP\AppData\Roaming\DiskDefrag
2014-08-01 15:19 - 2014-08-01 15:19 - 00000000 ___HD () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-08-01 15:18 - 2014-05-14 10:52 - 00000000 ____D () C:\Users\MP\AppData\Roaming\DropboxMaster
2014-08-01 15:18 - 2012-01-30 15:21 - 00000000 ___RD () C:\Users\MP\Dropbox
2014-08-01 15:18 - 2011-06-13 23:57 - 00000000 ____D () C:\Users\MP\AppData\Roaming\GlarySoft
2014-08-01 15:18 - 2011-06-13 23:53 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities
2014-08-01 15:17 - 2014-08-01 15:15 - 64044040 _____ (Kingsoft Corp. Ltd.) C:\Users\MP\Downloads\wps2014_9.1.0.4746_21.107.exe
2014-08-01 15:16 - 2014-08-01 15:16 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-01 15:16 - 2014-08-01 15:16 - 00001056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-01 15:16 - 2014-08-01 15:16 - 00001044 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-01 15:16 - 2014-08-01 15:16 - 00000250 _____ () C:\Windows\Tasks\GU5SkipUAC.job
2014-08-01 15:16 - 2014-08-01 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-01 15:16 - 2014-08-01 15:16 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-01 15:14 - 2014-08-01 15:13 - 14094456 _____ () C:\Users\MP\Downloads\Glary_Utilities_v5.4.0.11.exe
2014-07-31 22:30 - 2010-12-11 20:40 - 00000000 ____D () C:\Users\MP\AppData\Roaming\mIRC
2014-07-31 22:08 - 2014-07-31 22:05 - 00000000 ____D () C:\Users\MP\Desktop\MC 2014
2014-07-30 17:22 - 2014-07-30 17:22 - 00000047 _____ () C:\Users\MP\Desktop\progetto.txt
2014-07-30 12:16 - 2011-12-14 13:45 - 00000000 ____D () C:\Users\MP\Documents\GP
2014-07-30 10:16 - 2014-07-30 10:16 - 09358015 _____ () C:\Users\MP\Downloads\foto zanon luca.zip
2014-07-30 10:14 - 2014-07-30 10:14 - 00030264 _____ () C:\Users\MP\Downloads\OHSAS 18001.emf
2014-07-30 10:10 - 2014-07-30 10:10 - 08424554 _____ () C:\Users\MP\Downloads\foto-corso-mirco.zip
2014-07-26 08:57 - 2014-06-29 14:48 - 00000000 ____D () C:\Biblioteca di Calibre 02
2014-07-25 12:50 - 2014-07-25 12:50 - 00021458 _____ () C:\Users\MP\Downloads\Bilancio 2013 per presentazione rev 25 luglio.odt
2014-07-25 12:35 - 2014-07-25 12:35 - 00175020 _____ () C:\Users\MP\Downloads\viewNews.htm
2014-07-25 12:35 - 2014-07-25 12:35 - 00000047 _____ () C:\Users\MP\Desktop\selezione aster eib.txt
2014-07-25 12:35 - 2014-07-25 12:35 - 00000000 ____D () C:\Users\MP\Downloads\viewNews_files
2014-07-21 17:43 - 2014-07-21 17:43 - 00039937 _____ () C:\Users\MP\Downloads\Regione Veneto - Riferimenti Uffici.htm
2014-07-21 17:43 - 2014-07-21 17:43 - 00000000 ____D () C:\Users\MP\Downloads\Regione Veneto - Riferimenti Uffici_files
2014-07-21 11:13 - 2013-10-15 16:26 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-21 05:01 - 2014-08-01 15:16 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-07-18 16:26 - 2014-07-18 16:26 - 02929152 _____ () C:\Users\MP\Downloads\Slides_23_marzo_2012.ppt
2014-07-18 09:11 - 2014-08-01 15:16 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-07-17 15:48 - 2014-07-17 15:48 - 00000095 _____ () C:\Users\MP\Desktop\ecampus novedrate.txt
2014-07-17 12:41 - 2014-07-17 12:41 - 00006448 _____ () C:\Users\MP\Downloads\tariffe amministratore di condominio.com.htm
2014-07-17 12:41 - 2014-07-17 12:41 - 00000000 ____D () C:\Users\MP\Downloads\tariffe amministratore di condominio.com_files
2014-07-16 18:12 - 2014-07-16 17:33 - 00013375 _____ () C:\Users\MP\Documents\calendario pas.xlsx
2014-07-16 17:47 - 2014-07-16 17:47 - 00000085 _____ () C:\Users\MP\Desktop\email.txt
2014-07-16 17:34 - 2014-07-16 17:17 - 00001016 _____ () C:\Users\MP\Desktop\email nikolli.txt
2014-07-15 14:41 - 2014-07-15 14:41 - 00056887 _____ () C:\Users\MP\Downloads\CCNL economico 2008 – 2009.htm
2014-07-15 14:41 - 2014-07-15 14:41 - 00000000 ____D () C:\Users\MP\Downloads\CCNL economico 2008 – 2009_files
2014-07-15 12:35 - 2014-07-15 12:35 - 00000497 _____ () C:\Users\MP\Desktop\rtd.txt
2014-07-14 21:03 - 2013-05-13 15:46 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-14 21:03 - 2013-03-28 12:20 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-14 18:51 - 2014-07-14 18:51 - 00000084 _____ () C:\Users\MP\Desktop\to do list 14-07.txt
2014-07-14 18:18 - 2014-07-14 18:18 - 00785418 _____ () C:\Users\MP\Downloads\Relazioni Relatori Benavente Ferrera.zip
2014-07-14 18:16 - 2014-07-14 18:16 - 00991131 _____ () C:\Users\MP\Downloads\Margarita Checa Fortes.zip
2014-07-13 14:28 - 2014-07-13 14:28 - 00292718 _____ () C:\Users\MP\Downloads\Relazione finale Leali Luisella Maria.7z
2014-07-13 14:28 - 2014-07-13 14:28 - 00292718 _____ () C:\Users\MP\Downloads\Relazione finale Leali Luisella Maria (1).7z
2014-07-13 14:28 - 2014-07-13 14:28 - 00092427 _____ () C:\Users\MP\Downloads\Tesina Francesca Libralato.7z
2014-07-11 16:41 - 2014-06-30 16:39 - 00051712 _____ () C:\Users\MP\Downloads\PAS Calendario esami stato A245 _03.xls
2014-07-11 16:40 - 2014-06-28 15:37 - 00052736 _____ () C:\Users\MP\Downloads\PAS Calendario esami stato A445.xls
2014-07-11 15:45 - 2010-12-11 20:14 - 00000000 ____D () C:\Users\MP
2014-07-11 15:44 - 2014-07-11 15:44 - 00000000 ____D () C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seven Kingdoms AA
2014-07-11 15:44 - 2014-07-11 15:44 - 00000000 ____D () C:\Program Files (x86)\7kaa2
2014-07-11 15:39 - 2014-07-11 15:38 - 31018563 _____ () C:\Users\MP\Downloads\7kaa-install-win32-2.14.4.exe
2014-07-11 15:37 - 2014-07-08 21:04 - 00000000 ____D () C:\Program Files (x86)\Seven Kingdoms
2014-07-11 15:28 - 2014-07-11 15:27 - 05513976 _____ (ReviverSoft LLC) C:\Users\MP\Downloads\RegistryReviverSetup.exe
2014-07-09 19:15 - 2014-07-09 18:53 - 00048128 _____ () C:\Users\MP\Downloads\PASCalendarioEsami345 (1).xls
2014-07-09 18:54 - 2014-07-09 18:53 - 00047616 _____ () C:\Users\MP\Downloads\PASCalendarioEsami545.xls
2014-07-09 18:53 - 2014-07-09 18:53 - 00055808 _____ () C:\Users\MP\Downloads\PASCalendarioEsami345.xls
2014-07-09 18:50 - 2014-07-09 15:03 - 00000442 _____ () C:\Users\MP\Desktop\idea incarico.txt
2014-07-09 11:37 - 2014-07-09 11:37 - 00010189 _____ () C:\Users\MP\Downloads\VOTI DIDATTICA GENERALE E PEDAGOGIA SPECIALE A445 - A245.xlsx

Files to move or delete:
====================
C:\ProgramData\SMRResults410.dat


Some content of TEMP:
====================
C:\Users\MP\AppData\Local\Temp\avgnt.exe
C:\Users\MP\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 20:18

==================== End Of Log ============================
 
Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2014
Ran by MP at 2014-08-08 22:15:40
Running from C:\Users\MP\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Moyea Video4Web Converter version 4.1.0.1 (HKLM-x32\...\{6E637484-7ED6-4AA5-BEDC-FD821F64D372}_is1) (Version: - )
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.31893 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0009-0000-0001-074957833700}) (Version: 11.0.376 - ABBYY)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 10.0.1 (HKLM-x32\...\Ashampoo Burning Studio 10_is1) (Version: 10.0.1 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{5BC83141-83DD-07BE-C940-04B385540F04}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 5.4 - Auslogics Software Pty Ltd)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.4 - Auslogics Software Pty Ltd)
AVI to DVD Converter (HKLM-x32\...\AVI to DVD Converter) (Version: 3.0.26.0314 - Xilisoft)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.2 - GPL Public release.)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version: - )
BlueGriffon versione 1.3 (HKLM-x32\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 1.3 - Disruptive Innovations SAS)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.64.1073 - AB Team, d.o.o.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0209.16.306 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0920.2143.37117 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0920.2143.37117 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help English (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help French (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help German (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0920.2142.37117 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0920.2143.37117 - Nome società) Hidden
ccc-utility64 (Version: 2010.0920.2143.37117 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CD Audio Reader Filter (remove only) (HKLM-x32\...\CD Audio Reader Filter) (Version: - )
CDisplayEx 1.8 (HKLM-x32\...\CDisplayEx_is1) (Version: - Henri Gourvest.)
CodFree 5.00 - Codice Fiscale (HKLM-x32\...\CodFree 5.00_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version: - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DIR2HTML (remove only) (HKLM-x32\...\DIR2HTML) (Version: - )
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version: - )
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version: - )
EditPlus 3 (HKLM-x32\...\EditPlus 3) (Version: - )
eMail Extractor 3.6.6 (HKLM-x32\...\eMail Extractor_is1) (Version: - Max Programming LLC)
Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON PX720WD Series Manuale (HKLM-x32\...\EPSON PX720WD Series Manual) (Version: - )
EPSON PX720WD Series Printer Uninstall (HKLM\...\EPSON PX720WD Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Config V3 (HKLM-x32\...\{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}) (Version: 3.5b - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - )
ffdshow v1.1.3760 [2011-02-18] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3760.0 - )
FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version: - )
FileZilla Client 3.5.1 (HKLM-x32\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
Formulario Immobiliare (HKLM-x32\...\{9F9CBCCA-738E-42E0-9AB9-8649B81C20C4}) (Version: 1.00.00 - Il Sole 24 Ore)
Glary Utilities 5.4 (HKLM-x32\...\Glary Utilities 5) (Version: 5.4.0.11 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guida di rete EPSON PX720WD Series (HKLM-x32\...\EPSON PX720WD Series Network Guide) (Version: - )
Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version: - )
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
iConvert (HKLM-x32\...\{843B8FEC-47AD-4EC8-AFCD-CB46ABA779BC}) (Version: 1.0.0 - TJ)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.)
Kingsoft Writer (8.1.0.3019) (HKLM-x32\...\Kingsoft Writer) (Version: 8.1.0.3019 - Kingsoft Corp.)
K-Lite Codec Pack 7.6.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
Light Image Resizer 4.0.6.8 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.0.6.8 - ObviousIdea)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Manuale VAIO (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 1.1.0.05280 - Sony Corporation)
Media Gallery (Version: 1.3.0 - Sony Corporation) Hidden
Media Gallery (x32 Version: 1.3.0.06230 - Sony Corporation) Hidden
Media Player Classic - Home Cinema v1.5.0.2827 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.0.2827 - MPC-HC Team) <==== ATTENTION
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (x32 Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
mIRC (HKLM-x32\...\mIRC) (Version: 7.17 - mIRC Co. Ltd.)
Mozilla Firefox 30.0 (x86 it) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 it)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
OpenOffice.org 3.2 (HKLM-x32\...\{691BD252-796D-4AE3-924C-C48A1CD4BEDF}) (Version: 3.2.9502 - OpenOffice.org)
OpenSource AVI Splitter (remove only) (HKLM-x32\...\OpenSource AVI Splitter) (Version: - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM-x32\...\OpenSource DTS/AC3/DD+ Source Filter) (Version: - )
OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: - )
Opera 12.10 (HKLM-x32\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA)
Orca Browser (HKLM-x32\...\OrcaBrowser) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Merge Tool-1.0.0 (HKLM-x32\...\PDF Merge Tool) (Version: 1.0.0 - Darren Wurf)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.3.00.06180 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.4.00.12020 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.4.00.12020 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.4.00.12130 - Sony Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealMedia (remove only) (HKLM-x32\...\RealMedia) (Version: - )
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Seven Kingdoms AA (HKLM-x32\...\7kaa) (Version: - )
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartsysSoft Business Card Maker v3.00 (HKLM-x32\...\SmartsysSoft Business Card Maker v3.003.00) (Version: 3.00 - Friends in War)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Supporto applicazioni Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Supporto trasferimento VAIO (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.2.0.06230 - Sony Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
VAIO - Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.3.0.06230 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.3.00.06180 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{9CCA7C1A-6308-4F12-AEDD-D230CAAF847E}) (Version: 1.4.00.12020 - Sony Corporation)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{5078F3C0-4920-49BB-8FF8-F4794D5BEA95}) (Version: 2.4.00.12130 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.4.0.05240 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.4.0.05240 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.2.00.05120 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.0.0.06230 - Sony Corporation) Hidden
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.3.0.06041 - Sony Corporation)
VAIO Update (HKLM-x32\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.2.0.05310 - Sony Corporation)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
VMware Player (x32 Version: 4.0.1.27038 - VMware, Inc.) Hidden
VoiceOver Kit (HKLM-x32\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
WinRAR gestione archivi (HKLM\...\WinRAR archiver) (Version: - )
WPS Office (9.1.0.4746) (HKCU\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\MP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{87ACD5E9-0063-03CC-068E-3239BFEB73CA}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MP\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MP\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MP\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3738606585-3584510924-2974000002-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\MP\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

05-08-2014 13:59:29 Removed Microsoft Office Professional Plus 2013
05-08-2014 14:06:45 Removed Microsoft Office Professional Plus 2013
05-08-2014 14:18:42 Removed Microsoft Office Professional Plus 2013
05-08-2014 14:36:05 Removed Microsoft Office Professional Plus 2013
05-08-2014 14:48:39 Configured Microsoft Office Professional Plus 2013
07-08-2014 21:08:01 root 01

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2010-12-12 13:29 - 2014-08-08 19:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {069169D4-2CDE-4992-BA7B-AA573477E102} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe
Task: {1E5327DB-9502-4B43-BDCC-2D810E70FAB0} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {21BDC277-7228-41ED-AA88-191DE01D2629} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe
Task: {2ACB57E7-A225-4F27-BB7A-BC4470BE292E} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-07-21] (Glarysoft Ltd)
Task: {2B02A597-9667-4A79-8028-CD833BD79EDB} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: {3ED05737-EED4-4618-99AD-5660BB380571} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30] (Google Inc.)
Task: {4FEB59B3-E6B6-4C8E-AE91-0CA0C137BB48} - System32\Tasks\SONY\VAIO Update\Launch Application => C:\Program Files\Sony\VAIO Update 5\ShellExeProxy.exe [2010-05-31] (Sony Corporation)
Task: {54A9F159-F810-4EDD-A315-6A9ADF31F983} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
Task: {5DA2BE8F-5721-4B97-AE65-51C51DC44E41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {7833CF4B-8A2E-41FE-A62E-E7B99E76A7E0} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-05-31] (Sony Corporation)
Task: {829799F7-0F8E-4999-8008-3F1A311A7DF9} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2010-05-31] (Sony Corporation)
Task: {87FB807F-D02D-487A-A59D-47FDCA89214C} - System32\Tasks\{8C2C436B-4ABE-46C7-A51E-2477DD990866} => C:\Program Files (x86)\Seven Kingdoms\7kaa.exe [2009-12-09] ()
Task: {8C27F551-1164-4FF6-9623-AA6E0F3B4099} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30] (Google Inc.)
Task: {A96D3616-AE70-4DCA-AE7D-2835E26001EB} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
Task: {B7F60148-CE45-49A0-82E1-9F3B4FBF779F} - \SUPERAntiSpyware Scheduled Task 36137c05-a6f8-4690-a2a6-dff9c2929dbf No Task File <==== ATTENTION
Task: {C24F2A77-216E-4F73-A2C5-B23A60557E82} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-03-29] (Glarysoft Ltd)
Task: {D29E34B5-8D92-40B2-8AEE-BEA51FA61CC3} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe
Task: {DE5CC440-46D3-42DC-933D-1A6EBB7CF5F0} - \SUPERAntiSpyware Scheduled Task 0940fc3a-a121-4809-8a39-11c2ffdcdcd2 No Task File <==== ATTENTION
Task: {F718F065-32AA-420C-8FFF-51AFCE6E220A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F8BFE429-0D92-424C-8686-BFE3E210A274} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe
Task: {FA68AB10-7C2D-401A-9D86-C49D1174A159} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-06-21] (Sony Corporation)
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GU5SkipUAC.job => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
Task: C:\Windows\Tasks\WpsNotifyTask_MP.job => C:\Users\MP\AppData\Local\Kingsoft\WPS Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_MP.job => C:\Program Files (x86)\Kingsoft\Kingsoft Writer\office6\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-11 20:44 - 2010-03-28 13:26 - 00167424 _____ () C:\Program Files\WinRAR\rarext.dll
2013-10-15 20:02 - 2013-10-15 20:02 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-07-12 23:29 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-01-03 08:59 - 2014-02-10 19:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\MP\Downloads\postacert.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07328577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07328577.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2
MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: AdobeActiveFileMonitor8.0 => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: cmdAgent => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ose64 => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: SampleCollector => 2
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDms => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: VAIO Event Service => 2
MSCONFIG\Services: VCFw => 3
MSCONFIG\Services: VcmIAlzMgr => 3
MSCONFIG\Services: VcmINSMgr => 3
MSCONFIG\Services: VcmXmlIfHelper => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 3

==================== Faulty Device Manager Devices =============

Name: Dispositivo Bluetooth (Personal Area Network)
Description: Dispositivo Bluetooth (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Scheda miniport WiFi virtuale Microsoft
Description: Scheda miniport WiFi virtuale Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/08/2014 10:01:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Il servizio Condivisione connessione Internet (ICS) dipende dal servizio Connection Manager di Accesso remoto che non è stato avviato per il seguente errore:
%%1058

Error: (08/08/2014 10:00:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio Dnscache.

Error: (08/08/2014 09:59:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio Dnscache.

Error: (08/08/2014 09:58:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio sbapifs non è stato avviato per il seguente errore:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-08-08 19:36:01.374
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.

Date: 2014-08-08 19:36:01.280
Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume3\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 3950.1 MB
Available physical RAM: 2821.8 MB
Total Pagefile: 7898.33 MB
Available Pagefile: 6711.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:452.46 GB) (Free:240.45 GB) NTFS
Drive d: (HEROES2) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DC153B7C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.3 KB · Views: 2
Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2014
Ran by MP at 2014-08-08 23:50:18 Run:1
Running from C:\Users\MP\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 gfiark; system32\drivers\gfiark.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S0 vmci; system32\DRIVERS\vmci.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [X]
C:\ProgramData\SMRResults410.dat
C:\Users\MP\AppData\Local\Temp\avgnt.exe
C:\Users\MP\AppData\Local\Temp\Quarantine.exe
Task: {B7F60148-CE45-49A0-82E1-9F3B4FBF779F} - \SUPERAntiSpyware Scheduled Task 36137c05-a6f8-4690-a2a6-dff9c2929dbf No Task File <==== ATTENTION
Task: {DE5CC440-46D3-42DC-933D-1A6EBB7CF5F0} - \SUPERAntiSpyware Scheduled Task 0940fc3a-a121-4809-8a39-11c2ffdcdcd2 No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\MP\Downloads\postacert.eml:OECustomProperty
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07328577.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07328577.sys => ""="Driver"
HKU\.DEFAULT\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: <===== ATTENTION!

*****************

catchme => Service deleted successfully.
gfiark => Service deleted successfully.
RimUsb => Service deleted successfully.
sbapifs => Service deleted successfully.
vmci => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
C:\ProgramData\SMRResults410.dat => Moved successfully.
C:\Users\MP\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\MP\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7F60148-CE45-49A0-82E1-9F3B4FBF779F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7F60148-CE45-49A0-82E1-9F3B4FBF779F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 36137c05-a6f8-4690-a2a6-dff9c2929dbf" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE5CC440-46D3-42DC-933D-1A6EBB7CF5F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE5CC440-46D3-42DC-933D-1A6EBB7CF5F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 0940fc3a-a121-4809-8a39-11c2ffdcdcd2" => Key deleted successfully.
"C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
"C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\MP\Downloads\postacert.eml => ":OECustomProperty" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\07328577.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\07328577.sys" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key not found.

==== End of Fixlog ====
 
How is computer doing?

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
You must log in or register to reply here.

Similar threads

C
Solved Old PC Very Slow
2 3
Replies
50
Views
5K
Broni
Broni
H
  • Locked
Inactive-A Computer stuttering during downloads of anything, sluggish and high CPU usage at random times.
Replies
21
Views
3K
Broni
Broni
N
Solved Computer runs at high CPU and overheats.
2
Replies
31
Views
5K
Broni
Broni

Latest posts

Back