Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Strange programs behaviour

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Strange programs behaviour

Unread postby durden83 » October 8th, 2012, 7:36 am

Hi,
I noticed some strange programs behaviours on my Pc. Sometimes they run without me giving commands, or they stop working...
This is my DDs log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Daniele at 13:25:50 on 2012-10-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4092.2034 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Daniele\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\Daniele\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=109986 ... 22688f2702
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Daniele\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AdobeBridge]
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DF091CE3-5C51-410C-8B83-001318138050} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DF091CE3-5C51-410C-8B83-001318138050}\C696E6B6379737 : DhcpNameServer = 192.168.0.11 192.168.0.190
TCP: Interfaces\{F0614F53-470D-4844-9F16-17940AB5374E} : DhcpNameServer = 192.168.0.11 192.168.0.190
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{E33CF602-D945-461A-83F0-819F76A199F8}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Predefinito)]
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Servizio Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-28 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servizio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-10 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-10 116648]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-10-08 10:36:30 -------- d-----w- C:\Users\Daniele\AppData\Local\{D56D344E-B35D-4332-B4B6-C0A7B9121875}
2012-10-08 10:17:36 -------- d-----w- C:\Users\Daniele\AppData\Local\{727CC052-E444-438A-A887-ED9A8D5BC171}
2012-10-08 02:13:23 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9739F3D0-693D-4218-891D-75542C8D5C51}\offreg.dll
2012-10-07 17:55:19 -------- d-----w- C:\Users\Daniele\AppData\Local\{58DF81FF-2143-44BE-8CD5-3AB5FB51CA57}
2012-10-06 15:51:32 -------- d-----w- C:\Users\Daniele\AppData\Local\{C49D85D5-EEE4-44FE-B7AA-78E93F0212EA}
2012-10-05 23:30:22 -------- d-----w- C:\Users\Daniele\AppData\Local\{AB7B4B32-BF52-4501-9736-7073C18B096C}
2012-10-05 10:45:36 -------- d-----w- C:\Users\Daniele\AppData\Local\{D362C4B2-63F4-45B6-B0FD-8A017548C7A8}
2012-10-05 10:43:13 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9739F3D0-693D-4218-891D-75542C8D5C51}\mpengine.dll
2012-10-04 13:18:31 -------- d-----w- C:\Users\Daniele\AppData\Local\{5D26B4CA-28EA-4F54-AB88-42C23B2EE2C2}
2012-10-03 12:50:28 -------- d-----w- C:\Users\Daniele\AppData\Local\{803D7A1E-BE76-47E1-B09C-5610F8B323AF}
2012-10-02 22:17:55 -------- d-----w- C:\Users\Daniele\AppData\Local\{81880A0F-7EE7-4D46-8813-2C1EC2007EAE}
2012-10-02 12:31:52 -------- d-----w- C:\Users\Daniele\AppData\Local\{4FA4CAF4-DFC1-458B-A1FB-2FD174D80781}
2012-10-01 13:25:42 -------- d-----w- C:\Users\Daniele\AppData\Local\{117D0D45-1890-4A74-A7D9-471EEC4CF3FD}
2012-09-30 14:49:26 -------- d-----w- C:\Users\Daniele\AppData\Local\{6026E1B2-F00D-4AAF-8754-CCE6A152D3C4}
2012-09-30 02:48:56 -------- d-----w- C:\Users\Daniele\AppData\Local\{18D63E0D-294E-478B-8889-F1C973F007D1}
2012-09-29 13:38:58 -------- d-----w- C:\Users\Daniele\AppData\Local\{B65EDF60-F82E-4A6D-B966-D7C15A775867}
2012-09-28 14:06:33 -------- d-----w- C:\Users\Daniele\AppData\Local\{16D291B1-0A19-459E-A654-3EC80CD31A2F}
2012-09-28 02:06:06 -------- d-----w- C:\Users\Daniele\AppData\Local\{845E25E9-5CB4-4D2A-BFB6-4D0368CCA3D4}
2012-09-27 13:01:21 -------- d-----w- C:\Users\Daniele\AppData\Local\{F63EF44B-10D2-4C30-AFF7-0C91220C5B0C}
2012-09-26 15:06:27 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-25 06:45:06 -------- d-----w- C:\Users\Daniele\AppData\Local\{5713AB65-5A06-4FAA-BD97-EEE2E6341B7E}
2012-09-24 12:59:08 -------- d-----w- C:\Users\Daniele\AppData\Local\{7997DFE4-5485-428D-B013-99A0E382D738}
2012-09-24 00:58:39 -------- d-----w- C:\Users\Daniele\AppData\Local\{24F4DB28-28E1-491A-9E08-4AE3DE3D17CA}
2012-09-22 00:27:23 -------- d-----w- C:\Users\Daniele\AppData\Local\{0F3A613A-A573-4D8D-8A59-593DA875C2FF}
2012-09-21 11:56:18 -------- d-----w- C:\Users\Daniele\AppData\Local\{438A6DFC-77C7-4B74-B3D3-671D85AAF4CB}
2012-09-20 07:51:44 -------- d-----w- C:\Users\Daniele\AppData\Local\{C504D3BC-4D51-440F-9B4E-CFA4641D4E25}
2012-09-19 15:48:47 -------- d-----w- C:\Users\Daniele\AppData\Local\{A20B6B6C-9C60-4D99-A2A7-6956307CFDA6}
2012-09-19 00:13:35 -------- d-----w- C:\Users\Daniele\AppData\Local\{9DB3E3CA-E578-4AE0-BB77-039DBD7718EA}
2012-09-18 23:56:38 -------- d-----w- C:\Users\Daniele\AppData\Local\{AB42241C-0729-46CD-846D-5715142D43D6}
2012-09-18 06:58:06 -------- d-----w- C:\Users\Daniele\AppData\Local\{54F2F412-23BA-4F14-B808-2AE508C13687}
2012-09-17 11:18:41 -------- d-----w- C:\Users\Daniele\AppData\Local\{83477EE6-40AB-4F8D-8F78-9767634B24D4}
2012-09-16 15:07:20 -------- d-----w- C:\Users\Daniele\AppData\Local\{422D1CBF-CCB2-470F-88F9-9DBE032E98D0}
2012-09-16 01:52:17 -------- d-----w- C:\Users\Daniele\AppData\Local\{B73854F2-2D7A-4A71-B26E-B68172EC2BA0}
2012-09-15 13:50:09 -------- d-----w- C:\Users\Daniele\AppData\Local\{64FCC32D-802E-4A3A-A29E-E6BECE2F65DC}
2012-09-15 01:48:02 -------- d-----w- C:\Users\Daniele\AppData\Local\{141AB4F4-1903-4068-8064-61287AA8C773}
2012-09-14 13:33:03 -------- d-----w- C:\Users\Daniele\AppData\Local\{4071762A-25BE-406E-AE33-AF4CCF016ACC}
2012-09-14 01:32:31 -------- d-----w- C:\Users\Daniele\AppData\Local\{DCAD3E2F-79A4-47A5-9C59-058ABDEFA176}
2012-09-13 11:24:08 -------- d-----w- C:\Users\Daniele\AppData\Local\{66327CE4-A043-4013-94C7-CED9A749EE08}
2012-09-12 21:46:21 -------- d-----w- C:\Users\Daniele\AppData\Local\{5DA63BEC-EAA3-4DCE-9160-35D9D211DB9F}
2012-09-12 11:58:34 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 11:58:33 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 11:58:32 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 11:58:32 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 11:58:31 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 11:58:30 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 11:58:30 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 09:45:55 -------- d-----w- C:\Users\Daniele\AppData\Local\{48F72BFE-0484-429C-829F-B12C4CB2BC02}
2012-09-11 19:21:08 -------- d-----w- C:\Users\Daniele\AppData\Local\{1AF01E2C-503B-43C0-A21D-EFF0F4008240}
2012-09-11 07:01:17 -------- d-----w- C:\Users\Daniele\AppData\Local\{388EA1DA-D5EE-4DAB-BBB3-3A6A042A5DDB}
2012-09-10 12:43:07 -------- d-----w- C:\Users\Daniele\AppData\Local\{06603441-FED8-4620-8643-BCF3E5623046}
2012-09-10 00:41:46 -------- d-----w- C:\Users\Daniele\AppData\Local\{02BFBC87-EEBF-43EB-969E-569A80AEA5BE}
2012-09-09 03:55:47 -------- d-----w- C:\Users\Daniele\AppData\Local\{7ED3ACD2-2480-4C31-A665-9BD5732762B8}
2012-09-08 15:55:17 -------- d-----w- C:\Users\Daniele\AppData\Local\{236EFA7E-1689-4664-8A73-08B64FBDD19C}
2012-09-08 15:15:45 -------- d-----w- C:\Users\Daniele\AppData\Local\{7F3E8A32-D213-404E-AEFC-F7C051359207}
.
==================== Find3M ====================
.
2012-08-28 18:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:26:59,33 ===============
durden83
Regular Member
 
Posts: 44
Joined: October 3rd, 2011, 9:19 am
Advertisement
Register to Remove

Re: Strange programs behaviour

Unread postby Gary R » October 12th, 2012, 7:09 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Strange programs behaviour

Unread postby Gary R » October 12th, 2012, 7:12 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi durden83

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Not a lot jumping out at me from your DDS log, so we'll need to run a few extra scans to see what we can find.

First

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Strange programs behaviour

Unread postby durden83 » October 12th, 2012, 9:23 am

15:19:01.0555 4640 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:19:01.0711 4640 ============================================================
15:19:01.0711 4640 Current date / time: 2012/10/12 15:19:01.0711
15:19:01.0711 4640 SystemInfo:
15:19:01.0711 4640
15:19:01.0711 4640 OS Version: 6.1.7601 ServicePack: 1.0
15:19:01.0711 4640 Product type: Workstation
15:19:01.0711 4640 ComputerName: DANIELE-PC
15:19:01.0711 4640 UserName: Daniele
15:19:01.0711 4640 Windows directory: C:\Windows
15:19:01.0711 4640 System windows directory: C:\Windows
15:19:01.0711 4640 Running under WOW64
15:19:01.0711 4640 Processor architecture: Intel x64
15:19:01.0711 4640 Number of processors: 2
15:19:01.0711 4640 Page size: 0x1000
15:19:01.0711 4640 Boot type: Normal boot
15:19:01.0711 4640 ============================================================
15:19:03.0099 4640 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:03.0115 4640 ============================================================
15:19:03.0115 4640 \Device\Harddisk0\DR0:
15:19:03.0115 4640 MBR partitions:
15:19:03.0115 4640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:19:03.0115 4640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x388A5800
15:19:03.0115 4640 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38909800, BlocksNum 0x1A48800
15:19:03.0115 4640 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
15:19:03.0115 4640 ============================================================
15:19:03.0146 4640 C: <-> \Device\Harddisk0\DR0\Partition2
15:19:03.0177 4640 D: <-> \Device\Harddisk0\DR0\Partition3
15:19:03.0177 4640 ============================================================
15:19:03.0177 4640 Initialize success
15:19:03.0177 4640 ============================================================
15:19:20.0586 1220 ============================================================
15:19:20.0586 1220 Scan started
15:19:20.0586 1220 Mode: Manual;
15:19:20.0586 1220 ============================================================
15:19:22.0084 1220 ================ Scan system memory ========================
15:19:22.0084 1220 System memory - ok
15:19:22.0084 1220 ================ Scan services =============================
15:19:22.0255 1220 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:19:22.0271 1220 1394ohci - ok
15:19:22.0302 1220 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
15:19:22.0318 1220 Accelerometer - ok
15:19:22.0364 1220 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:19:22.0380 1220 ACPI - ok
15:19:22.0427 1220 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:19:22.0427 1220 AcpiPmi - ok
15:19:22.0489 1220 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:19:22.0505 1220 adp94xx - ok
15:19:22.0536 1220 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:19:22.0536 1220 adpahci - ok
15:19:22.0552 1220 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:19:22.0552 1220 adpu320 - ok
15:19:22.0583 1220 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:19:22.0583 1220 AeLookupSvc - ok
15:19:22.0723 1220 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
15:19:22.0723 1220 AESTFilters - ok
15:19:22.0801 1220 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:19:22.0817 1220 AFD - ok
15:19:22.0895 1220 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
15:19:22.0926 1220 AgereSoftModem - ok
15:19:22.0973 1220 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:19:22.0973 1220 agp440 - ok
15:19:23.0020 1220 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:19:23.0020 1220 ALG - ok
15:19:23.0051 1220 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:19:23.0051 1220 aliide - ok
15:19:23.0098 1220 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:19:23.0113 1220 AMD External Events Utility - ok
15:19:23.0129 1220 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:19:23.0129 1220 amdide - ok
15:19:23.0160 1220 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:19:23.0160 1220 AmdK8 - ok
15:19:23.0191 1220 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:19:23.0191 1220 AmdPPM - ok
15:19:23.0254 1220 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:19:23.0254 1220 amdsata - ok
15:19:23.0285 1220 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:19:23.0285 1220 amdsbs - ok
15:19:23.0300 1220 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:19:23.0300 1220 amdxata - ok
15:19:23.0347 1220 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:19:23.0347 1220 AppID - ok
15:19:23.0394 1220 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:19:23.0394 1220 AppIDSvc - ok
15:19:23.0441 1220 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:19:23.0441 1220 Appinfo - ok
15:19:23.0488 1220 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:19:23.0488 1220 arc - ok
15:19:23.0519 1220 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:19:23.0519 1220 arcsas - ok
15:19:23.0550 1220 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:19:23.0550 1220 AsyncMac - ok
15:19:23.0581 1220 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:19:23.0597 1220 atapi - ok
15:19:23.0690 1220 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:19:23.0753 1220 athr - ok
15:19:23.0800 1220 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:19:23.0800 1220 AtiHdmiService - ok
15:19:23.0956 1220 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:19:24.0112 1220 atikmdag - ok
15:19:24.0174 1220 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
15:19:24.0174 1220 AtiPcie - ok
15:19:24.0236 1220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:19:24.0268 1220 AudioEndpointBuilder - ok
15:19:24.0314 1220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:19:24.0314 1220 AudioSrv - ok
15:19:24.0392 1220 [ 2718DC27571BD1E37813F5759D2DC118 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
15:19:24.0392 1220 AVP - ok
15:19:24.0439 1220 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:19:24.0455 1220 AxInstSV - ok
15:19:24.0502 1220 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:19:24.0533 1220 b06bdrv - ok
15:19:24.0564 1220 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:19:24.0580 1220 b57nd60a - ok
15:19:24.0626 1220 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:19:24.0626 1220 BDESVC - ok
15:19:24.0642 1220 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:19:24.0642 1220 Beep - ok
15:19:24.0720 1220 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:19:24.0736 1220 BFE - ok
15:19:24.0782 1220 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:19:24.0814 1220 BITS - ok
15:19:24.0845 1220 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:19:24.0845 1220 blbdrive - ok
15:19:24.0892 1220 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:19:24.0892 1220 bowser - ok
15:19:24.0923 1220 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:19:24.0923 1220 BrFiltLo - ok
15:19:24.0938 1220 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:19:24.0938 1220 BrFiltUp - ok
15:19:24.0985 1220 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:19:24.0985 1220 Browser - ok
15:19:24.0985 1220 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:19:25.0001 1220 Brserid - ok
15:19:25.0001 1220 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:19:25.0001 1220 BrSerWdm - ok
15:19:25.0016 1220 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:19:25.0016 1220 BrUsbMdm - ok
15:19:25.0016 1220 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:19:25.0016 1220 BrUsbSer - ok
15:19:25.0063 1220 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:19:25.0063 1220 BTHMODEM - ok
15:19:25.0141 1220 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:19:25.0172 1220 bthserv - ok
15:19:25.0219 1220 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:19:25.0235 1220 cdfs - ok
15:19:25.0282 1220 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:19:25.0297 1220 cdrom - ok
15:19:25.0344 1220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:19:25.0344 1220 CertPropSvc - ok
15:19:25.0391 1220 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:19:25.0391 1220 circlass - ok
15:19:25.0422 1220 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:19:25.0438 1220 CLFS - ok
15:19:25.0516 1220 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:25.0516 1220 clr_optimization_v2.0.50727_32 - ok
15:19:25.0547 1220 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:19:25.0547 1220 clr_optimization_v2.0.50727_64 - ok
15:19:25.0640 1220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:19:25.0640 1220 clr_optimization_v4.0.30319_32 - ok
15:19:25.0672 1220 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:19:25.0672 1220 clr_optimization_v4.0.30319_64 - ok
15:19:25.0703 1220 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:19:25.0703 1220 CmBatt - ok
15:19:25.0734 1220 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:19:25.0750 1220 cmdide - ok
15:19:25.0796 1220 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:19:25.0812 1220 CNG - ok
15:19:25.0937 1220 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:19:25.0937 1220 Com4QLBEx - ok
15:19:25.0984 1220 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:19:25.0984 1220 Compbatt - ok
15:19:26.0030 1220 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:19:26.0030 1220 CompositeBus - ok
15:19:26.0046 1220 COMSysApp - ok
15:19:26.0077 1220 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:19:26.0077 1220 crcdisk - ok
15:19:26.0140 1220 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:19:26.0155 1220 CryptSvc - ok
15:19:26.0218 1220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:19:26.0233 1220 DcomLaunch - ok
15:19:26.0280 1220 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:19:26.0296 1220 defragsvc - ok
15:19:26.0342 1220 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:19:26.0342 1220 DfsC - ok
15:19:26.0389 1220 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:19:26.0405 1220 Dhcp - ok
15:19:26.0436 1220 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:19:26.0436 1220 discache - ok
15:19:26.0467 1220 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:19:26.0483 1220 Disk - ok
15:19:26.0514 1220 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:19:26.0530 1220 Dnscache - ok
15:19:26.0576 1220 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:19:26.0576 1220 dot3svc - ok
15:19:26.0639 1220 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:19:26.0639 1220 DPS - ok
15:19:26.0670 1220 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:19:26.0670 1220 drmkaud - ok
15:19:26.0717 1220 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:19:26.0732 1220 dtsoftbus01 - ok
15:19:26.0795 1220 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:19:26.0826 1220 DXGKrnl - ok
15:19:26.0857 1220 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:19:26.0873 1220 EapHost - ok
15:19:26.0966 1220 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:19:27.0076 1220 ebdrv - ok
15:19:27.0122 1220 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:19:27.0122 1220 EFS - ok
15:19:27.0200 1220 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:19:27.0247 1220 ehRecvr - ok
15:19:27.0263 1220 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:19:27.0263 1220 ehSched - ok
15:19:27.0294 1220 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:19:27.0310 1220 elxstor - ok
15:19:27.0341 1220 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
15:19:27.0341 1220 enecir - ok
15:19:27.0372 1220 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:19:27.0372 1220 ErrDev - ok
15:19:27.0419 1220 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:19:27.0434 1220 EventSystem - ok
15:19:27.0450 1220 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:19:27.0450 1220 exfat - ok
15:19:27.0466 1220 ezSharedSvc - ok
15:19:27.0497 1220 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:19:27.0497 1220 fastfat - ok
15:19:27.0559 1220 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:19:27.0575 1220 Fax - ok
15:19:27.0590 1220 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:19:27.0606 1220 fdc - ok
15:19:27.0637 1220 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:19:27.0637 1220 fdPHost - ok
15:19:27.0653 1220 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:19:27.0653 1220 FDResPub - ok
15:19:27.0700 1220 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:19:27.0700 1220 FileInfo - ok
15:19:27.0731 1220 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:19:27.0731 1220 Filetrace - ok
15:19:27.0731 1220 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:19:27.0746 1220 flpydisk - ok
15:19:27.0793 1220 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:19:27.0793 1220 FltMgr - ok
15:19:27.0856 1220 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:19:27.0902 1220 FontCache - ok
15:19:27.0965 1220 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:19:27.0980 1220 FontCache3.0.0.0 - ok
15:19:27.0996 1220 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:19:27.0996 1220 FsDepends - ok
15:19:28.0043 1220 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:19:28.0043 1220 Fs_Rec - ok
15:19:28.0105 1220 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:19:28.0214 1220 fvevol - ok
15:19:28.0246 1220 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:19:28.0246 1220 gagp30kx - ok
15:19:28.0355 1220 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:19:28.0355 1220 GameConsoleService - ok
15:19:28.0417 1220 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:19:28.0464 1220 gpsvc - ok
15:19:28.0542 1220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:19:28.0542 1220 gupdate - ok
15:19:28.0558 1220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:19:28.0558 1220 gupdatem - ok
15:19:28.0589 1220 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:19:28.0589 1220 hcw85cir - ok
15:19:28.0651 1220 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:19:28.0667 1220 HdAudAddService - ok
15:19:28.0698 1220 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:19:28.0698 1220 HDAudBus - ok
15:19:28.0729 1220 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:19:28.0729 1220 HidBatt - ok
15:19:28.0729 1220 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:19:28.0745 1220 HidBth - ok
15:19:28.0760 1220 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:19:28.0760 1220 HidIr - ok
15:19:28.0792 1220 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:19:28.0792 1220 hidserv - ok
15:19:28.0838 1220 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:19:28.0838 1220 HidUsb - ok
15:19:28.0870 1220 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:19:28.0885 1220 hkmsvc - ok
15:19:28.0916 1220 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:19:28.0916 1220 HomeGroupListener - ok
15:19:28.0963 1220 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:19:28.0979 1220 HomeGroupProvider - ok
15:19:29.0026 1220 [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:19:29.0026 1220 HP Health Check Service - ok
15:19:29.0072 1220 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
15:19:29.0072 1220 hpdskflt - ok
15:19:29.0119 1220 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:19:29.0119 1220 HpqKbFiltr - ok
15:19:29.0182 1220 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:19:29.0182 1220 hpqwmiex - ok
15:19:29.0244 1220 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:19:29.0244 1220 HpSAMD - ok
15:19:29.0275 1220 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
15:19:29.0291 1220 hpsrv - ok
15:19:29.0353 1220 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:19:29.0384 1220 HTTP - ok
15:19:29.0431 1220 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:19:29.0431 1220 hwpolicy - ok
15:19:29.0494 1220 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:19:29.0494 1220 i8042prt - ok
15:19:29.0556 1220 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:19:29.0572 1220 iaStorV - ok
15:19:29.0650 1220 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:19:29.0681 1220 idsvc - ok
15:19:29.0868 1220 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:19:30.0040 1220 igfx - ok
15:19:30.0071 1220 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:19:30.0071 1220 iirsp - ok
15:19:30.0118 1220 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:19:30.0149 1220 IKEEXT - ok
15:19:30.0180 1220 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:19:30.0180 1220 intelide - ok
15:19:30.0211 1220 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:19:30.0211 1220 intelppm - ok
15:19:30.0289 1220 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:19:30.0289 1220 IPBusEnum - ok
15:19:30.0336 1220 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:19:30.0336 1220 IpFilterDriver - ok
15:19:30.0383 1220 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:19:30.0414 1220 iphlpsvc - ok
15:19:30.0461 1220 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:19:30.0461 1220 IPMIDRV - ok
15:19:30.0508 1220 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:19:30.0508 1220 IPNAT - ok
15:19:30.0539 1220 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:19:30.0539 1220 IRENUM - ok
15:19:30.0570 1220 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:19:30.0570 1220 isapnp - ok
15:19:30.0601 1220 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:19:30.0617 1220 iScsiPrt - ok
15:19:30.0664 1220 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:19:30.0664 1220 kbdclass - ok
15:19:30.0695 1220 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:19:30.0695 1220 kbdhid - ok
15:19:30.0710 1220 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:19:30.0710 1220 KeyIso - ok
15:19:30.0788 1220 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
15:19:30.0788 1220 KL1 - ok
15:19:30.0820 1220 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
15:19:30.0820 1220 kl2 - ok
15:19:30.0866 1220 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
15:19:30.0882 1220 KLIF - ok
15:19:30.0898 1220 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
15:19:30.0898 1220 KLIM6 - ok
15:19:30.0898 1220 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
15:19:30.0898 1220 klmouflt - ok
15:19:30.0944 1220 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:19:30.0960 1220 KSecDD - ok
15:19:30.0991 1220 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:19:31.0007 1220 KSecPkg - ok
15:19:31.0054 1220 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:19:31.0054 1220 ksthunk - ok
15:19:31.0100 1220 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:19:31.0116 1220 KtmRm - ok
15:19:31.0178 1220 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:19:31.0178 1220 LanmanServer - ok
15:19:31.0225 1220 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:19:31.0225 1220 LanmanWorkstation - ok
15:19:31.0288 1220 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:19:31.0288 1220 LightScribeService - ok
15:19:31.0319 1220 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:19:31.0319 1220 lltdio - ok
15:19:31.0366 1220 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:19:31.0366 1220 lltdsvc - ok
15:19:31.0397 1220 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:19:31.0397 1220 lmhosts - ok
15:19:31.0428 1220 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:19:31.0444 1220 LSI_FC - ok
15:19:31.0444 1220 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:19:31.0444 1220 LSI_SAS - ok
15:19:31.0459 1220 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:19:31.0459 1220 LSI_SAS2 - ok
15:19:31.0475 1220 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:19:31.0475 1220 LSI_SCSI - ok
15:19:31.0490 1220 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:19:31.0490 1220 luafv - ok
15:19:31.0537 1220 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:19:31.0553 1220 Mcx2Svc - ok
15:19:31.0568 1220 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:19:31.0568 1220 megasas - ok
15:19:31.0600 1220 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:19:31.0600 1220 MegaSR - ok
15:19:31.0631 1220 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:19:31.0631 1220 MMCSS - ok
15:19:31.0646 1220 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:19:31.0646 1220 Modem - ok
15:19:31.0662 1220 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:19:31.0662 1220 monitor - ok
15:19:31.0693 1220 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:19:31.0693 1220 mouclass - ok
15:19:31.0709 1220 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:19:31.0709 1220 mouhid - ok
15:19:31.0756 1220 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:19:31.0756 1220 mountmgr - ok
15:19:31.0787 1220 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:19:31.0787 1220 mpio - ok
15:19:31.0802 1220 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:19:31.0802 1220 mpsdrv - ok
15:19:31.0865 1220 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:19:31.0896 1220 MpsSvc - ok
15:19:31.0943 1220 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:19:31.0943 1220 MRxDAV - ok
15:19:31.0974 1220 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:19:31.0990 1220 mrxsmb - ok
15:19:32.0021 1220 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:19:32.0021 1220 mrxsmb10 - ok
15:19:32.0036 1220 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:19:32.0036 1220 mrxsmb20 - ok
15:19:32.0068 1220 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:19:32.0083 1220 msahci - ok
15:19:32.0130 1220 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:19:32.0130 1220 msdsm - ok
15:19:32.0146 1220 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:19:32.0146 1220 MSDTC - ok
15:19:32.0177 1220 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:19:32.0177 1220 Msfs - ok
15:19:32.0208 1220 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:19:32.0208 1220 mshidkmdf - ok
15:19:32.0239 1220 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:19:32.0239 1220 msisadrv - ok
15:19:32.0255 1220 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:19:32.0270 1220 MSiSCSI - ok
15:19:32.0270 1220 msiserver - ok
15:19:32.0302 1220 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:19:32.0302 1220 MSKSSRV - ok
15:19:32.0302 1220 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:19:32.0317 1220 MSPCLOCK - ok
15:19:32.0317 1220 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:19:32.0317 1220 MSPQM - ok
15:19:32.0364 1220 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:19:32.0380 1220 MsRPC - ok
15:19:32.0426 1220 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:19:32.0426 1220 mssmbios - ok
15:19:32.0426 1220 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:19:32.0426 1220 MSTEE - ok
15:19:32.0442 1220 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:19:32.0442 1220 MTConfig - ok
15:19:32.0458 1220 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:19:32.0458 1220 Mup - ok
15:19:32.0504 1220 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:19:32.0536 1220 napagent - ok
15:19:32.0567 1220 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:19:32.0567 1220 NativeWifiP - ok
15:19:32.0660 1220 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:19:32.0692 1220 NDIS - ok
15:19:32.0723 1220 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:19:32.0723 1220 NdisCap - ok
15:19:32.0754 1220 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:19:32.0754 1220 NdisTapi - ok
15:19:32.0801 1220 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:19:32.0801 1220 Ndisuio - ok
15:19:32.0848 1220 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:19:32.0863 1220 NdisWan - ok
15:19:32.0894 1220 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:19:32.0894 1220 NDProxy - ok
15:19:32.0926 1220 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:19:32.0926 1220 NetBIOS - ok
15:19:32.0972 1220 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:19:32.0972 1220 NetBT - ok
15:19:32.0988 1220 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:19:33.0004 1220 Netlogon - ok
15:19:33.0050 1220 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:19:33.0066 1220 Netman - ok
15:19:33.0097 1220 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:19:33.0097 1220 netprofm - ok
15:19:33.0128 1220 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:19:33.0128 1220 NetTcpPortSharing - ok
15:19:33.0284 1220 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
15:19:33.0425 1220 netw5v64 - ok
15:19:33.0440 1220 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:19:33.0440 1220 nfrd960 - ok
15:19:33.0503 1220 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:19:33.0518 1220 NlaSvc - ok
15:19:33.0534 1220 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:19:33.0534 1220 Npfs - ok
15:19:33.0565 1220 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:19:33.0581 1220 nsi - ok
15:19:33.0612 1220 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:19:33.0612 1220 nsiproxy - ok
15:19:33.0721 1220 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:19:33.0799 1220 Ntfs - ok
15:19:33.0815 1220 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:19:33.0815 1220 Null - ok
15:19:33.0862 1220 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:19:33.0862 1220 nvraid - ok
15:19:33.0877 1220 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:19:33.0877 1220 nvstor - ok
15:19:33.0908 1220 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:19:33.0908 1220 nv_agp - ok
15:19:33.0986 1220 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:19:34.0002 1220 odserv - ok
15:19:34.0033 1220 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:19:34.0049 1220 ohci1394 - ok
15:19:34.0096 1220 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:19:34.0096 1220 ose - ok
15:19:34.0127 1220 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:19:34.0142 1220 p2pimsvc - ok
15:19:34.0158 1220 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:19:34.0174 1220 p2psvc - ok
15:19:34.0205 1220 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:19:34.0205 1220 Parport - ok
15:19:34.0236 1220 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:19:34.0236 1220 partmgr - ok
15:19:34.0252 1220 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:19:34.0267 1220 PcaSvc - ok
15:19:34.0298 1220 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:19:34.0314 1220 pci - ok
15:19:34.0330 1220 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:19:34.0330 1220 pciide - ok
15:19:34.0361 1220 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:19:34.0361 1220 pcmcia - ok
15:19:34.0392 1220 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:19:34.0392 1220 pcw - ok
15:19:34.0423 1220 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:19:34.0423 1220 PEAUTH - ok
15:19:34.0517 1220 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:19:34.0517 1220 PerfHost - ok
15:19:34.0626 1220 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:19:34.0688 1220 pla - ok
15:19:34.0798 1220 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:19:34.0813 1220 PlugPlay - ok
15:19:34.0876 1220 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:19:34.0876 1220 PNRPAutoReg - ok
15:19:34.0907 1220 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:19:34.0907 1220 PNRPsvc - ok
15:19:34.0954 1220 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:19:34.0969 1220 PolicyAgent - ok
15:19:35.0016 1220 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:19:35.0016 1220 Power - ok
15:19:35.0063 1220 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:19:35.0063 1220 PptpMiniport - ok
15:19:35.0094 1220 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:19:35.0094 1220 Processor - ok
15:19:35.0141 1220 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:19:35.0156 1220 ProfSvc - ok
15:19:35.0172 1220 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:19:35.0172 1220 ProtectedStorage - ok
15:19:35.0219 1220 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:19:35.0219 1220 Psched - ok
15:19:35.0281 1220 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:19:35.0344 1220 ql2300 - ok
15:19:35.0375 1220 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:19:35.0375 1220 ql40xx - ok
15:19:35.0390 1220 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:19:35.0406 1220 QWAVE - ok
15:19:35.0422 1220 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:19:35.0422 1220 QWAVEdrv - ok
15:19:35.0422 1220 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:19:35.0437 1220 RasAcd - ok
15:19:35.0468 1220 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:19:35.0468 1220 RasAgileVpn - ok
15:19:35.0500 1220 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:19:35.0500 1220 RasAuto - ok
15:19:35.0546 1220 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:19:35.0546 1220 Rasl2tp - ok
15:19:35.0578 1220 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:19:35.0578 1220 RasMan - ok
15:19:35.0609 1220 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:19:35.0609 1220 RasPppoe - ok
15:19:35.0624 1220 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:19:35.0640 1220 RasSstp - ok
15:19:35.0656 1220 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:19:35.0671 1220 rdbss - ok
15:19:35.0702 1220 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:19:35.0702 1220 rdpbus - ok
15:19:35.0718 1220 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:19:35.0718 1220 RDPCDD - ok
15:19:35.0749 1220 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:19:35.0749 1220 RDPENCDD - ok
15:19:35.0780 1220 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:19:35.0780 1220 RDPREFMP - ok
15:19:35.0812 1220 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:19:35.0827 1220 RDPWD - ok
15:19:35.0890 1220 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:19:35.0890 1220 rdyboost - ok
15:19:35.0921 1220 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:19:35.0921 1220 RemoteAccess - ok
15:19:35.0968 1220 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:19:35.0968 1220 RemoteRegistry - ok
15:19:36.0030 1220 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:19:36.0030 1220 RichVideo - ok
15:19:36.0061 1220 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:19:36.0061 1220 RpcEptMapper - ok
15:19:36.0092 1220 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:19:36.0108 1220 RpcLocator - ok
15:19:36.0155 1220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:19:36.0170 1220 RpcSs - ok
15:19:36.0217 1220 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:19:36.0217 1220 rspndr - ok
15:19:36.0264 1220 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:19:36.0280 1220 RTL8167 - ok
15:19:36.0295 1220 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:19:36.0295 1220 SamSs - ok
15:19:36.0342 1220 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:19:36.0342 1220 sbp2port - ok
15:19:36.0373 1220 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:19:36.0373 1220 SCardSvr - ok
15:19:36.0420 1220 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:19:36.0420 1220 scfilter - ok
15:19:36.0482 1220 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:19:36.0529 1220 Schedule - ok
15:19:36.0576 1220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:19:36.0576 1220 SCPolicySvc - ok
15:19:36.0638 1220 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:19:36.0638 1220 sdbus - ok
15:19:36.0685 1220 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:19:36.0701 1220 SDRSVC - ok
15:19:36.0716 1220 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:19:36.0732 1220 secdrv - ok
15:19:36.0763 1220 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:19:36.0763 1220 seclogon - ok
15:19:36.0794 1220 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:19:36.0810 1220 SENS - ok
15:19:36.0841 1220 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:19:36.0841 1220 SensrSvc - ok
15:19:36.0857 1220 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:19:36.0857 1220 Serenum - ok
15:19:36.0888 1220 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:19:36.0888 1220 Serial - ok
15:19:36.0935 1220 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:19:36.0935 1220 sermouse - ok
15:19:36.0997 1220 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:19:37.0013 1220 SessionEnv - ok
15:19:37.0044 1220 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:19:37.0044 1220 sffdisk - ok
15:19:37.0060 1220 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:19:37.0060 1220 sffp_mmc - ok
15:19:37.0091 1220 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:19:37.0091 1220 sffp_sd - ok
15:19:37.0122 1220 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:19:37.0122 1220 sfloppy - ok
15:19:37.0153 1220 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:19:37.0153 1220 SharedAccess - ok
15:19:37.0200 1220 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:19:37.0216 1220 ShellHWDetection - ok
15:19:37.0231 1220 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:19:37.0247 1220 SiSRaid2 - ok
15:19:37.0262 1220 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:19:37.0262 1220 SiSRaid4 - ok
15:19:37.0340 1220 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:19:37.0340 1220 SkypeUpdate - ok
15:19:37.0372 1220 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:19:37.0387 1220 Smb - ok
15:19:37.0418 1220 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:19:37.0434 1220 SNMPTRAP - ok
15:19:37.0450 1220 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:19:37.0450 1220 spldr - ok
15:19:37.0496 1220 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:19:37.0512 1220 Spooler - ok
15:19:37.0637 1220 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:19:37.0746 1220 sppsvc - ok
15:19:37.0793 1220 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:19:37.0793 1220 sppuinotify - ok
15:19:37.0824 1220 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:19:37.0840 1220 srv - ok
15:19:37.0855 1220 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:19:37.0871 1220 srv2 - ok
15:19:37.0902 1220 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:19:37.0902 1220 SrvHsfHDA - ok
15:19:37.0964 1220 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:19:38.0011 1220 SrvHsfV92 - ok
15:19:38.0042 1220 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:19:38.0074 1220 SrvHsfWinac - ok
15:19:38.0105 1220 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:19:38.0105 1220 srvnet - ok
15:19:38.0152 1220 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:19:38.0152 1220 SSDPSRV - ok
15:19:38.0167 1220 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:19:38.0167 1220 SstpSvc - ok
15:19:38.0292 1220 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
15:19:38.0308 1220 STacSV - ok
15:19:38.0339 1220 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:19:38.0339 1220 stexstor - ok
15:19:38.0401 1220 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:19:38.0417 1220 STHDA - ok
15:19:38.0495 1220 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:19:38.0526 1220 stisvc - ok
15:19:38.0573 1220 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:19:38.0573 1220 swenum - ok
15:19:38.0604 1220 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:19:38.0635 1220 swprv - ok
15:19:38.0682 1220 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:19:38.0682 1220 SynTP - ok
15:19:38.0760 1220 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:19:38.0822 1220 SysMain - ok
15:19:38.0869 1220 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:19:38.0869 1220 TabletInputService - ok
15:19:38.0900 1220 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:19:38.0916 1220 TapiSrv - ok
15:19:38.0947 1220 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:19:38.0947 1220 TBS - ok
15:19:39.0041 1220 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:19:39.0119 1220 Tcpip - ok
15:19:39.0181 1220 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:19:39.0197 1220 TCPIP6 - ok
15:19:39.0244 1220 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:19:39.0244 1220 tcpipreg - ok
15:19:39.0275 1220 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:19:39.0275 1220 TDPIPE - ok
15:19:39.0322 1220 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:19:39.0322 1220 TDTCP - ok
15:19:39.0368 1220 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:19:39.0368 1220 tdx - ok
15:19:39.0415 1220 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:19:39.0415 1220 TermDD - ok
15:19:39.0446 1220 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:19:39.0493 1220 TermService - ok
15:19:39.0524 1220 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:19:39.0524 1220 Themes - ok
15:19:39.0556 1220 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:19:39.0556 1220 THREADORDER - ok
15:19:39.0587 1220 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:19:39.0587 1220 TrkWks - ok
15:19:39.0649 1220 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:19:39.0665 1220 TrustedInstaller - ok
15:19:39.0696 1220 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:19:39.0696 1220 tssecsrv - ok
15:19:39.0743 1220 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:19:39.0758 1220 TsUsbFlt - ok
15:19:39.0805 1220 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:19:39.0805 1220 tunnel - ok
15:19:39.0836 1220 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:19:39.0836 1220 uagp35 - ok
15:19:39.0883 1220 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:19:39.0883 1220 udfs - ok
15:19:39.0946 1220 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:19:39.0961 1220 UI0Detect - ok
15:19:39.0977 1220 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:19:39.0977 1220 uliagpkx - ok
15:19:40.0039 1220 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:19:40.0039 1220 umbus - ok
15:19:40.0070 1220 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:19:40.0070 1220 UmPass - ok
15:19:40.0102 1220 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:19:40.0117 1220 upnphost - ok
15:19:40.0148 1220 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:19:40.0148 1220 usbccgp - ok
15:19:40.0195 1220 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:19:40.0195 1220 usbcir - ok
15:19:40.0211 1220 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:19:40.0211 1220 usbehci - ok
15:19:40.0273 1220 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
15:19:40.0273 1220 usbfilter - ok
15:19:40.0289 1220 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:19:40.0304 1220 usbhub - ok
15:19:40.0304 1220 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:19:40.0304 1220 usbohci - ok
15:19:40.0336 1220 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:19:40.0336 1220 usbprint - ok
15:19:40.0351 1220 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:19:40.0351 1220 USBSTOR - ok
15:19:40.0382 1220 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:19:40.0382 1220 usbuhci - ok
15:19:40.0398 1220 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:19:40.0414 1220 usbvideo - ok
15:19:40.0429 1220 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:19:40.0445 1220 UxSms - ok
15:19:40.0460 1220 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:19:40.0460 1220 VaultSvc - ok
15:19:40.0507 1220 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:19:40.0507 1220 vdrvroot - ok
15:19:40.0554 1220 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:19:40.0570 1220 vds - ok
15:19:40.0601 1220 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:19:40.0601 1220 vga - ok
15:19:40.0616 1220 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:19:40.0616 1220 VgaSave - ok
15:19:40.0663 1220 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:19:40.0663 1220 vhdmp - ok
15:19:40.0694 1220 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:19:40.0710 1220 viaide - ok
15:19:40.0726 1220 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:19:40.0726 1220 volmgr - ok
15:19:40.0772 1220 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:19:40.0788 1220 volmgrx - ok
15:19:40.0819 1220 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:19:40.0819 1220 volsnap - ok
15:19:40.0835 1220 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:19:40.0835 1220 vsmraid - ok
15:19:40.0913 1220 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:19:40.0960 1220 VSS - ok
15:19:41.0006 1220 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:19:41.0006 1220 vwifibus - ok
15:19:41.0038 1220 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:19:41.0038 1220 vwififlt - ok
15:19:41.0069 1220 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:19:41.0084 1220 W32Time - ok
15:19:41.0131 1220 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:19:41.0131 1220 WacomPen - ok
15:19:41.0194 1220 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:19:41.0194 1220 WANARP - ok
15:19:41.0225 1220 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:19:41.0225 1220 Wanarpv6 - ok
15:19:41.0303 1220 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:19:41.0334 1220 WatAdminSvc - ok
15:19:41.0396 1220 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:19:41.0459 1220 wbengine - ok
15:19:41.0490 1220 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:19:41.0506 1220 WbioSrvc - ok
15:19:41.0552 1220 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:19:41.0584 1220 wcncsvc - ok
15:19:41.0599 1220 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:19:41.0599 1220 WcsPlugInService - ok
15:19:41.0630 1220 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:19:41.0630 1220 Wd - ok
15:19:41.0662 1220 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:19:41.0693 1220 Wdf01000 - ok
15:19:41.0708 1220 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:19:41.0708 1220 WdiServiceHost - ok
15:19:41.0724 1220 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:19:41.0724 1220 WdiSystemHost - ok
15:19:41.0755 1220 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:19:41.0771 1220 WebClient - ok
15:19:41.0786 1220 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:19:41.0802 1220 Wecsvc - ok
15:19:41.0818 1220 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:19:41.0833 1220 wercplsupport - ok
15:19:41.0864 1220 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:19:41.0864 1220 WerSvc - ok
15:19:41.0896 1220 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:19:41.0896 1220 WfpLwf - ok
15:19:41.0927 1220 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:19:41.0927 1220 WIMMount - ok
15:19:41.0942 1220 WinDefend - ok
15:19:41.0942 1220 WinHttpAutoProxySvc - ok
15:19:42.0005 1220 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:19:42.0005 1220 Winmgmt - ok
15:19:42.0098 1220 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:19:42.0161 1220 WinRM - ok
15:19:42.0208 1220 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:19:42.0208 1220 WinUsb - ok
15:19:42.0239 1220 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:19:42.0270 1220 Wlansvc - ok
15:19:42.0442 1220 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:19:42.0457 1220 wlidsvc - ok
15:19:42.0504 1220 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:19:42.0504 1220 WmiAcpi - ok
15:19:42.0535 1220 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:19:42.0551 1220 wmiApSrv - ok
15:19:42.0566 1220 WMPNetworkSvc - ok
15:19:42.0598 1220 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:19:42.0598 1220 WPCSvc - ok
15:19:42.0629 1220 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:19:42.0629 1220 WPDBusEnum - ok
15:19:42.0660 1220 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:19:42.0660 1220 ws2ifsl - ok
15:19:42.0691 1220 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:19:42.0691 1220 wscsvc - ok
15:19:42.0691 1220 WSearch - ok
15:19:42.0816 1220 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:19:42.0894 1220 wuauserv - ok
15:19:42.0956 1220 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:19:42.0956 1220 WudfPf - ok
15:19:42.0988 1220 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:19:43.0003 1220 WUDFRd - ok
15:19:43.0050 1220 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:19:43.0050 1220 wudfsvc - ok
15:19:43.0097 1220 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:19:43.0097 1220 WwanSvc - ok
15:19:43.0144 1220 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:19:43.0159 1220 yukonw7 - ok
15:19:43.0190 1220 ================ Scan global ===============================
15:19:43.0206 1220 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:19:43.0253 1220 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:19:43.0284 1220 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:19:43.0331 1220 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:19:43.0346 1220 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:19:43.0362 1220 [Global] - ok
15:19:43.0362 1220 ================ Scan MBR ==================================
15:19:43.0378 1220 [ C5BDF904F5719AF5B9D08D4AED02DEFA ] \Device\Harddisk0\DR0
15:19:43.0721 1220 \Device\Harddisk0\DR0 - ok
15:19:43.0721 1220 ================ Scan VBR ==================================
15:19:43.0736 1220 [ 2F2BCB299500FC7BB096E4B0C86A4E8E ] \Device\Harddisk0\DR0\Partition1
15:19:43.0736 1220 \Device\Harddisk0\DR0\Partition1 - ok
15:19:43.0752 1220 [ 36926DA07BC0866B85431309BB86EF0F ] \Device\Harddisk0\DR0\Partition2
15:19:43.0752 1220 \Device\Harddisk0\DR0\Partition2 - ok
15:19:43.0783 1220 [ 566E1FFE9FC00D9549FE954A2D802A7A ] \Device\Harddisk0\DR0\Partition3
15:19:43.0799 1220 \Device\Harddisk0\DR0\Partition3 - ok
15:19:43.0830 1220 [ FEFD32DFBFC7D5F6AC654D90F68380BF ] \Device\Harddisk0\DR0\Partition4
15:19:43.0846 1220 \Device\Harddisk0\DR0\Partition4 - ok
15:19:43.0846 1220 ============================================================
15:19:43.0846 1220 Scan finished
15:19:43.0846 1220 ============================================================
15:19:43.0861 1588 Detected object count: 0
15:19:43.0861 1588 Actual detected object count: 0
durden83
Regular Member
 
Posts: 44
Joined: October 3rd, 2011, 9:19 am

Re: Strange programs behaviour

Unread postby durden83 » October 12th, 2012, 9:28 am

Sorry for the previous post.
I tried to copy and paste the OTL log, and it doesn't seem to work.
It's like somebody is copying wrong stuff here just to confuse us.
Very, very bad...

Anyway I will try again. This is OTL log.

OTL logfile created on: 12/10/2012 14:53:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,10% Memory free
7,99 Gb Paging File | 6,03 Gb Available in Paging File | 75,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,32 Gb Total Space | 273,73 Gb Free Space | 60,52% Space Free | Partition Type: NTFS
Drive D: | 13,14 Gb Total Space | 2,19 Gb Free Space | 16,67% Space Free | Partition Type: NTFS

Computer Name: DANIELE-PC | User Name: Daniele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/12 14:49:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniele\Desktop\OTL.exe
PRC - [2012/09/15 15:54:27 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Daniele\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2009/07/23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 11:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/09 15:01:50 | 000,877,320 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/10 12:06:15 | 000,460,312 | ---- | M] () -- C:\Users\Daniele\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/10 12:06:12 | 004,005,912 | ---- | M] () -- C:\Users\Daniele\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 12:04:44 | 000,156,712 | ---- | M] () -- C:\Users\Daniele\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 12:04:43 | 000,275,496 | ---- | M] () -- C:\Users\Daniele\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 12:04:42 | 002,168,360 | ---- | M] () -- C:\Users\Daniele\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/06/14 16:16:08 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 11:42:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 11:41:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 11:41:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 11:41:19 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/18 21:15:46 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/18 21:15:09 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/18 21:14:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/18 21:14:20 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/18 21:12:27 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/18 21:12:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/18 21:11:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/18 21:11:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/18 21:11:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/18 21:10:40 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010/11/13 01:50:53 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/05 03:55:37 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.dll
MOD - [2009/08/28 15:53:38 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_it_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009/08/28 15:53:38 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_it_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009/08/28 15:53:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_it_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009/08/28 08:49:06 | 000,116,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2009/07/23 11:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/15 17:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 17:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 17:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 17:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 17:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 17:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 17:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 17:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/02 20:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2009/02/22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/29 15:20:09 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/05/10 14:29:32 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 20:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 20:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 12:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 08:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 07:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C00E0BF8-48B6-4F81-999A-E5DC7825DC64}
IE:64bit: - HKLM\..\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}: "URL" = http://slirsredirect.search.aol.com/sli ... 120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it
IE:64bit: - HKLM\..\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}: "URL" = http://it.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {C00E0BF8-48B6-4F81-999A-E5DC7825DC64}
IE - HKLM\..\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}: "URL" = http://slirsredirect.search.aol.com/sli ... 120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it
IE - HKLM\..\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}: "URL" = http://it.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109986 ... 22688f2702
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=d64cdd400000000000000022688f2702
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\..\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\..\SearchScopes\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}: "URL" = http://slirsredirect.search.aol.com/sli ... 120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\..\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}: "URL" = http://it.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniele\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniele\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/03 22:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/03 22:11:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/03 22:11:51 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Daniele\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniele\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniele\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Daniele\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Controllo URL Kaspersky = C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Tastiera Virtuale = C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Gmail = C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programmi\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-771243840-78172450-3136486695-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-771243840-78172450-3136486695-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-771243840-78172450-3136486695-1001..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-771243840-78172450-3136486695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF091CE3-5C51-410C-8B83-001318138050}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0614F53-470D-4844-9F16-17940AB5374E}: DhcpNameServer = 192.168.0.11 192.168.0.190
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e1b0ddd-9a9a-11e1-b4df-00269e63c98d}\Shell - "" = AutoRun
O33 - MountPoints2\{1e1b0ddd-9a9a-11e1-b4df-00269e63c98d}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 14:49:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniele\Desktop\OTL.exe
[2012/10/12 14:37:58 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{A72A7B22-5237-4881-A459-CBEF1DFCC9B8}
[2012/10/11 22:51:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\syncdb
[2012/10/11 15:18:51 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{203A3491-C358-40B0-8ED5-7CFAC5DE8F40}
[2012/10/10 16:01:12 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 16:01:12 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 16:01:12 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 16:01:12 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 16:01:10 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 16:01:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 16:01:09 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 16:01:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 16:01:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 16:01:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 16:01:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 16:01:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 16:01:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 16:01:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 16:01:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 16:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 16:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 16:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 16:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 16:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 16:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 16:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 16:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 16:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 16:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 16:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 16:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 16:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 16:01:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 16:01:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 16:01:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 16:01:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 16:01:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 16:01:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 16:01:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 16:01:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 16:01:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 16:01:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 16:01:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 16:01:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 16:01:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/10 16:00:44 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 16:00:43 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 16:00:43 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 16:00:38 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 15:59:51 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 15:59:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/10 15:49:17 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{06E5826C-E074-4D3D-97AD-996747E468CC}
[2012/10/09 14:05:44 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{C14A1DF1-1858-45F5-9989-93B3051E1DE7}
[2012/10/08 12:36:30 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{D56D344E-B35D-4332-B4B6-C0A7B9121875}
[2012/10/08 12:17:36 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{727CC052-E444-438A-A887-ED9A8D5BC171}
[2012/10/07 19:55:19 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{58DF81FF-2143-44BE-8CD5-3AB5FB51CA57}
[2012/10/06 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{C49D85D5-EEE4-44FE-B7AA-78E93F0212EA}
[2012/10/06 01:30:22 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{AB7B4B32-BF52-4501-9736-7073C18B096C}
[2012/10/05 12:45:36 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{D362C4B2-63F4-45B6-B0FD-8A017548C7A8}
[2012/10/04 15:18:31 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{5D26B4CA-28EA-4F54-AB88-42C23B2EE2C2}
[2012/10/03 14:50:28 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{803D7A1E-BE76-47E1-B09C-5610F8B323AF}
[2012/10/03 00:17:55 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{81880A0F-7EE7-4D46-8813-2C1EC2007EAE}
[2012/10/02 14:31:52 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{4FA4CAF4-DFC1-458B-A1FB-2FD174D80781}
[2012/10/01 15:25:42 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{117D0D45-1890-4A74-A7D9-471EEC4CF3FD}
[2012/09/30 16:49:26 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{6026E1B2-F00D-4AAF-8754-CCE6A152D3C4}
[2012/09/30 04:48:56 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{18D63E0D-294E-478B-8889-F1C973F007D1}
[2012/09/29 15:38:58 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{B65EDF60-F82E-4A6D-B966-D7C15A775867}
[2012/09/28 16:06:33 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{16D291B1-0A19-459E-A654-3EC80CD31A2F}
[2012/09/28 04:06:06 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{845E25E9-5CB4-4D2A-BFB6-4D0368CCA3D4}
[2012/09/27 15:01:21 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{F63EF44B-10D2-4C30-AFF7-0C91220C5B0C}
[2012/09/26 17:06:27 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/25 08:45:06 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{5713AB65-5A06-4FAA-BD97-EEE2E6341B7E}
[2012/09/24 14:59:08 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{7997DFE4-5485-428D-B013-99A0E382D738}
[2012/09/24 02:58:39 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{24F4DB28-28E1-491A-9E08-4AE3DE3D17CA}
[2012/09/22 03:00:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 03:00:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 03:00:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 03:00:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 03:00:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 03:00:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 03:00:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 03:00:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 03:00:42 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 03:00:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 03:00:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 03:00:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 03:00:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 03:00:39 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/22 03:00:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 02:27:23 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{0F3A613A-A573-4D8D-8A59-593DA875C2FF}
[2012/09/21 13:56:18 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{438A6DFC-77C7-4B74-B3D3-671D85AAF4CB}
[2012/09/20 09:51:44 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{C504D3BC-4D51-440F-9B4E-CFA4641D4E25}
[2012/09/19 17:48:47 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{A20B6B6C-9C60-4D99-A2A7-6956307CFDA6}
[2012/09/19 02:13:35 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{9DB3E3CA-E578-4AE0-BB77-039DBD7718EA}
[2012/09/19 01:56:38 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{AB42241C-0729-46CD-846D-5715142D43D6}
[2012/09/18 08:58:06 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{54F2F412-23BA-4F14-B808-2AE508C13687}
[2012/09/17 13:18:41 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{83477EE6-40AB-4F8D-8F78-9767634B24D4}
[2012/09/16 17:07:20 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{422D1CBF-CCB2-470F-88F9-9DBE032E98D0}
[2012/09/16 03:52:17 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{B73854F2-2D7A-4A71-B26E-B68172EC2BA0}
[2012/09/15 15:50:09 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{64FCC32D-802E-4A3A-A29E-E6BECE2F65DC}
[2012/09/15 03:48:02 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{141AB4F4-1903-4068-8064-61287AA8C773}
[2012/09/14 15:33:03 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{4071762A-25BE-406E-AE33-AF4CCF016ACC}
[2012/09/14 03:32:31 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{DCAD3E2F-79A4-47A5-9C59-058ABDEFA176}
[2012/09/13 13:24:08 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{66327CE4-A043-4013-94C7-CED9A749EE08}
[2012/09/12 23:46:21 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{5DA63BEC-EAA3-4DCE-9160-35D9D211DB9F}
[1 C:\Users\Daniele\*.tmp files -> C:\Users\Daniele\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/12 14:59:46 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-771243840-78172450-3136486695-1001UA.job
[2012/10/12 14:57:41 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDaniele.job
[2012/10/12 14:49:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniele\Desktop\OTL.exe
[2012/10/12 14:43:52 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 14:43:52 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 14:36:40 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/12 14:35:58 | 004,977,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/12 14:35:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 14:35:30 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/12 05:26:00 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/11 15:59:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-771243840-78172450-3136486695-1001Core.job
[2012/10/11 03:03:07 | 000,002,491 | ---- | M] () -- C:\Users\Daniele\Desktop\Google Chrome.lnk
[2012/09/13 13:27:52 | 001,541,382 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/13 13:27:52 | 000,698,570 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/09/13 13:27:52 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/13 13:27:52 | 000,127,764 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/09/13 13:27:52 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Users\Daniele\*.tmp files -> C:\Users\Daniele\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/21 14:14:48 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDaniele.job
[2012/06/25 15:57:51 | 000,003,584 | ---- | C] () -- C:\Users\Daniele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/17 15:53:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/05/10 14:32:13 | 000,017,408 | ---- | C] () -- C:\Users\Daniele\AppData\Local\WebpageIcons.db

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/21 21:40:33 | 000,000,000 | ---D | M] -- C:\Users\Daniele\AppData\Roaming\Babylon
[2012/05/30 01:50:30 | 000,000,000 | ---D | M] -- C:\Users\Daniele\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/21 22:18:05 | 000,000,000 | ---D | M] -- C:\Users\Daniele\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/06/29 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\Daniele\AppData\Roaming\DAEMON Tools Lite
[2012/07/10 18:38:55 | 000,000,000 | ---D | M] -- C:\Users\Daniele\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/06/20 01:18:55 | 000,000,000 | ---D | M] -- C:\Users\Daniele\AppData\Roaming\WildTangent
[2012/06/26 16:21:22 | 000,000,000 | ---D | M] -- C:\Users\Daniele\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
durden83
Regular Member
 
Posts: 44
Joined: October 3rd, 2011, 9:19 am

Re: Strange programs behaviour

Unread postby durden83 » October 12th, 2012, 9:37 am

This is Extras log:

OTL Extras logfile created on: 12/10/2012 14:53:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,10% Memory free
7,99 Gb Paging File | 6,03 Gb Available in Paging File | 75,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,32 Gb Total Space | 273,73 Gb Free Space | 60,52% Space Free | Partition Type: NTFS
Drive D: | 13,14 Gb Total Space | 2,19 Gb Free Space | 16,67% Space Free | Partition Type: NTFS

Computer Name: DANIELE-PC | User Name: Daniele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F3ABB4B-E6E7-412C-A410-20F5A16E0B85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1AB11A21-CACE-45C9-A8D1-FC66AA5EC8A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1F7E7847-8152-42D1-8CB7-D711C9123327}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28E66510-B020-49D9-B522-1839CCD04EEF}" = lport=137 | protocol=17 | dir=in | app=system |
"{391DE509-A65F-4358-8290-207CAC21029C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{403E1923-5E64-4619-97CE-D2199CAED353}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42D49CC1-9DC6-429B-99C3-85EB16655C61}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4371BD6C-0066-4099-8465-B39BEBC7609F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4E1B856C-95E1-49E5-80ED-EBE98EB40B74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5016AA6C-ADB4-400E-B3EC-6F19D8382E71}" = rport=138 | protocol=17 | dir=out | app=system |
"{545B06A7-6EA0-46BB-858D-5947699AA104}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6944A796-2404-4F40-8919-EBB577FB4C67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C517146-123D-4A18-9AC2-E782E6AD2622}" = rport=139 | protocol=6 | dir=out | app=system |
"{7B39FF9D-66D5-4616-9DFC-EC696F2EB3F7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7B48A395-87F8-4DDE-B4ED-679103F14675}" = rport=445 | protocol=6 | dir=out | app=system |
"{7E5D8F0F-D5B1-45A2-A287-CF7B00B21FF3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7E896425-A082-449A-B644-D96E97BE29D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{7F59C207-D0F8-498D-B65C-DBE3F8A93F0C}" = lport=138 | protocol=17 | dir=in | app=system |
"{A72C8018-4358-4700-A698-99095E60B672}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB2516AD-E4B5-4304-AD29-1EA5682244CD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BB2A2D21-CE21-4225-8111-307FAEDC8B66}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2352F39-0CAF-4F00-922F-987A4EF3EE64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E991E803-9005-41F7-8B76-1630A8B73526}" = lport=139 | protocol=6 | dir=in | app=system |
"{F157B00D-EE82-43C1-A135-CB752BB31670}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB017D5A-89B7-423D-971A-2E4CA690D28D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FEDDB40-223D-44CD-8970-AF3A750ACC69}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe |
"{123F5CD6-ED4B-4939-A31F-2902D33075E2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{148AF2DC-74A5-4F79-825A-187AA47755AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C0F5A73-7C1A-42F9-B54E-8BEC9CA57DBA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{1CDEC572-0BC7-4C27-8AA8-FE719EE497EE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{20ABDC63-D180-4D17-BD6E-04C0A964DD99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2149EDC3-746F-462C-B6A8-A8EEA63ACDE9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{229D66EE-803C-4568-B3E5-7BAE3C4D142D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{2CD1A8CF-33C6-4FD8-A84D-A86BFB053C99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{430E74B4-4FA9-425C-B56C-DE1028518FBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49AC2C42-4B30-47B5-A5B0-0052CC3B6BD4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{4A782A83-4534-45EE-AB8A-30F610737F46}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe |
"{4B529203-7ECF-4E83-ADD2-0B529D062CDF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4C49DC7F-48E4-49ED-8AF7-80430F9115AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D7BB99E-7E39-4660-9D20-6F25F5D9C7D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{54595382-B60E-4611-A864-7C59B4685597}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{55875F1B-034A-44E0-A23D-26CE970CCEC0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{61C21A56-D25B-40F6-BB9B-ABD652790400}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{67C07906-AF02-4FD6-82F9-02DBF2556176}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{686065BC-6A8D-439F-8B44-4C13DA459B98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6E013A80-BBFB-4508-9D5E-18DC9816B946}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{800DE157-A741-4DE7-8772-9C57B242DEC9}" = protocol=6 | dir=out | app=system |
"{81BFFE7E-1788-47D8-8174-DEF129BEC729}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8541D97C-6611-48D9-A136-287A8FF71FA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8CE75B2F-8298-473B-9D20-375781CF0764}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{94CDF87B-B9B5-485F-88F1-5D0988399293}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95AA75BA-FBD7-41E0-A9EC-B9B35E2836BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C05ED51-407D-4709-95B3-167995C378B9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{9EDD727A-C800-412F-9C96-4038EFB59546}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A2361BFC-86BC-43DD-85DF-5ACD4E69104D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A3EECFE5-5A77-4C2D-A2F2-BE8F5967ECF3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{C0ABBB2C-48A2-4B11-BA9D-FEEDCFAAE2C2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C46E14B5-2E48-4B0C-864F-26006121EC1F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C8B4C8A2-A364-4978-99C4-CE436EF304DD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{C8DF78AC-5971-47B8-9406-56B4AFFAD695}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{D83E4AD7-4FDF-460B-A7FA-4B819E22938F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E4E9A0FB-7B39-4F61-8BFA-DD3D27A1BE94}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E89B14CD-78FC-4C76-B4A8-0FDDC10F633B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F67BBEA5-F3D4-404B-88D0-E18BE82150B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBBD6821-0132-4643-8833-08ED9CED76F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01651F94-6956-4F93-8AFE-0A30DB230BDB}" = HP 3D DriveGuard
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_HOMESTUDENTR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00AF-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Italian)
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Attiva Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F03CB3EF-DC16-35CE-B3C1-C68EA09E5E97}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"EasyBits Magic Desktop" = Magic Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"StarCraft II" = StarCraft II
"Trial Logosmartz Logo Maker Software 8.0" = Trial Logosmartz Logo Maker Software 8.0
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/07/2012 12:01:18 | Computer Name = Daniele-PC | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: googledrivesync.exe,
versione: 1.2.3123.250, timestamp: 0x4cdd6686 Nome del modulo che ha generato l'errore:
ntdll.dll, versione: 6.1.7601.17725, timestamp: 0x4ec49b8f Codice eccezione: 0xc0000005
Offset
errore 0x0002e3be ID processo che ha generato l'errore: 0xfa4 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cd63fb433fdc50 Percorso dell'applicazione che ha generato
l'errore: C:\Program Files (x86)\Google\Drive\googledrivesync.exe Percorso del modulo
che ha generato l'errore: C:\Windows\SysWOW64\ntdll.dll ID segnalazione: a43662de-d028-11e1-9fd3-00269e63c98d

Error - 07/08/2012 19:30:07 | Computer Name = Daniele-PC | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: googledrivesync.exe,
versione: 1.3.3209.2688, timestamp: 0x4cdd6686 Nome del modulo che ha generato l'errore:
ntdll.dll, versione: 6.1.7601.17725, timestamp: 0x4ec49b8f Codice eccezione: 0xc0000005
Offset
errore 0x0002e3be ID processo che ha generato l'errore: 0x90c Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cd74db4c25ca19 Percorso dell'applicazione che ha generato
l'errore: C:\Program Files (x86)\Google\Drive\googledrivesync.exe Percorso del modulo
che ha generato l'errore: C:\Windows\SysWOW64\ntdll.dll ID segnalazione: d1d62b58-e0e7-11e1-91f3-00269e63c98d

Error - 26/08/2012 22:27:53 | Computer Name = Daniele-PC | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: googledrivesync.exe,
versione: 1.3.3209.2688, timestamp: 0x4cdd6686 Nome del modulo che ha generato l'errore:
ntdll.dll, versione: 6.1.7601.17725, timestamp: 0x4ec49b8f Codice eccezione: 0xc0000005
Offset
errore 0x0002e41b ID processo che ha generato l'errore: 0xc28 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cd839008b6a478 Percorso dell'applicazione che ha generato
l'errore: C:\Program Files (x86)\Google\Drive\googledrivesync.exe Percorso del modulo
che ha generato l'errore: C:\Windows\SysWOW64\ntdll.dll ID segnalazione: cd2d9ab1-efee-11e1-b0b2-00269e63c98d

Error - 27/08/2012 21:46:02 | Computer Name = Daniele-PC | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: googledrivesync.exe,
versione: 1.3.3209.2688, timestamp: 0x4cdd6686 Nome del modulo che ha generato l'errore:
ntdll.dll, versione: 6.1.7601.17725, timestamp: 0x4ec49b8f Codice eccezione: 0xc0000005
Offset
errore 0x0002e3be ID processo che ha generato l'errore: 0x1064 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cd84601c9f2b5b Percorso dell'applicazione che ha generato
l'errore: C:\Program Files (x86)\Google\Drive\googledrivesync.exe Percorso del modulo
che ha generato l'errore: C:\Windows\SysWOW64\ntdll.dll ID segnalazione: 1f0c3c06-f0b2-11e1-8f27-00269e63c98d

Error - 12/09/2012 11:56:55 | Computer Name = Daniele-PC | Source = MsiInstaller | ID = 11310
Description =

Error - 12/09/2012 11:56:57 | Computer Name = Daniele-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 20/09/2012 10:37:20 | Computer Name = Daniele-PC | Source = VSS | ID = 13
Description =

Error - 20/09/2012 10:37:20 | Computer Name = Daniele-PC | Source = VSS | ID = 8193
Description =

Error - 20/09/2012 13:43:14 | Computer Name = Daniele-PC | Source = Application Hang | ID = 1002
Description = Il programma SC2Switcher.exe versione 1.5.3.23260 non interagisce
più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Centro operativo nel Pannello
di controllo. ID processo: c50 Ora di avvio: 01cd9757515dbc31 Ora di chiusura: 0 Percorso
applicazione: C:\Users\Daniele\Desktop\Starcraft II\Support\SC2Switcher.exe ID segnalazione:
a423a91b-034a-11e2-b06a-00269e63c98d

Error - 26/09/2012 15:17:52 | Computer Name = Daniele-PC | Source = Chrome | ID = 1
Description =

[ Hewlett-Packard Events ]
Error - 18/05/2012 07:38:45 | Computer Name = Daniele-PC | Source = Hewlett-Packard | ID = 0
Description = it-IT Index non compreso nell'intervallo. Richiesto valore non negativo
e minore della dimensione dell'insieme. Nome parametro: index mscorlib in System.Collections.ArrayList.get_Item(Int32
index) in System.Windows.WindowCollection.get_Item(Int32 index) in HPAssistant.App.App_Activated(Object
sender, EventArgs e) in System.Windows.Application.OnActivated(EventArgs e)
in System.Windows.Application.WmActivateApp(Int32 wParam) in System.Windows.Application.AppFilterMessage(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) in MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) in MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) in System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) in System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


[ System Events ]
Error - 12/09/2012 07:51:44 | Computer Name = Daniele-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio hpqwmiex non è stato avviato per il seguente errore: %%1053

Error - 12/09/2012 07:52:16 | Computer Name = Daniele-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio hpqwmiex.

Error - 12/09/2012 07:52:16 | Computer Name = Daniele-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio hpqwmiex non è stato avviato per il seguente errore: %%1053

Error - 12/09/2012 19:30:04 | Computer Name = Daniele-PC | Source = ACPI | ID = 327693
Description = : il controller integrato (EC) non ha risposto entro il periodo di
timeout specificato. È possibile che si sia verificato un errore hardware o firmware
dell'EC o che l'accesso all'EC da parte del BIOS non sia corretto. È consigliabile
richiedere una versione aggiornata del BIOS al produttore del computer. In alcuni
casi, questo errore può impedire il funzionamento corretto del computer.

Error - 12/09/2012 21:12:49 | Computer Name = Daniele-PC | Source = EventLog | ID = 6008
Description = Precedente arresto del sistema inatteso a 03:11:14 su ?13/?09/?2012.

Error - 13/09/2012 07:23:35 | Computer Name = Daniele-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 14/09/2012 21:45:53 | Computer Name = Daniele-PC | Source = EventLog | ID = 6008
Description = Precedente arresto del sistema inatteso a 17:16:19 su ?14/?09/?2012.

Error - 16/09/2012 00:10:50 | Computer Name = Daniele-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Servizio Segnalazione errori Windows.

Error - 16/09/2012 00:14:25 | Computer Name = Daniele-PC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 millisecondi) durante l'attesa della risposta alla
transazione dal servizio AVP.

Error - 16/09/2012 11:04:35 | Computer Name = Daniele-PC | Source = EventLog | ID = 6008
Description = Precedente arresto del sistema inatteso a 06:21:11 su ?16/?09/?2012.


< End of report >
durden83
Regular Member
 
Posts: 44
Joined: October 3rd, 2011, 9:19 am

Re: Strange programs behaviour

Unread postby durden83 » October 12th, 2012, 9:39 am

This is Tdsskiller log:

15:19:01.0555 4640 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:19:01.0711 4640 ============================================================
15:19:01.0711 4640 Current date / time: 2012/10/12 15:19:01.0711
15:19:01.0711 4640 SystemInfo:
15:19:01.0711 4640
15:19:01.0711 4640 OS Version: 6.1.7601 ServicePack: 1.0
15:19:01.0711 4640 Product type: Workstation
15:19:01.0711 4640 ComputerName: DANIELE-PC
15:19:01.0711 4640 UserName: Daniele
15:19:01.0711 4640 Windows directory: C:\Windows
15:19:01.0711 4640 System windows directory: C:\Windows
15:19:01.0711 4640 Running under WOW64
15:19:01.0711 4640 Processor architecture: Intel x64
15:19:01.0711 4640 Number of processors: 2
15:19:01.0711 4640 Page size: 0x1000
15:19:01.0711 4640 Boot type: Normal boot
15:19:01.0711 4640 ============================================================
15:19:03.0099 4640 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:03.0115 4640 ============================================================
15:19:03.0115 4640 \Device\Harddisk0\DR0:
15:19:03.0115 4640 MBR partitions:
15:19:03.0115 4640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:19:03.0115 4640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x388A5800
15:19:03.0115 4640 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38909800, BlocksNum 0x1A48800
15:19:03.0115 4640 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
15:19:03.0115 4640 ============================================================
15:19:03.0146 4640 C: <-> \Device\Harddisk0\DR0\Partition2
15:19:03.0177 4640 D: <-> \Device\Harddisk0\DR0\Partition3
15:19:03.0177 4640 ============================================================
15:19:03.0177 4640 Initialize success
15:19:03.0177 4640 ============================================================
15:19:20.0586 1220 ============================================================
15:19:20.0586 1220 Scan started
15:19:20.0586 1220 Mode: Manual;
15:19:20.0586 1220 ============================================================
15:19:22.0084 1220 ================ Scan system memory ========================
15:19:22.0084 1220 System memory - ok
15:19:22.0084 1220 ================ Scan services =============================
15:19:22.0255 1220 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:19:22.0271 1220 1394ohci - ok
15:19:22.0302 1220 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
15:19:22.0318 1220 Accelerometer - ok
15:19:22.0364 1220 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:19:22.0380 1220 ACPI - ok
15:19:22.0427 1220 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:19:22.0427 1220 AcpiPmi - ok
15:19:22.0489 1220 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:19:22.0505 1220 adp94xx - ok
15:19:22.0536 1220 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:19:22.0536 1220 adpahci - ok
15:19:22.0552 1220 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:19:22.0552 1220 adpu320 - ok
15:19:22.0583 1220 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:19:22.0583 1220 AeLookupSvc - ok
15:19:22.0723 1220 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
15:19:22.0723 1220 AESTFilters - ok
15:19:22.0801 1220 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:19:22.0817 1220 AFD - ok
15:19:22.0895 1220 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
15:19:22.0926 1220 AgereSoftModem - ok
15:19:22.0973 1220 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:19:22.0973 1220 agp440 - ok
15:19:23.0020 1220 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:19:23.0020 1220 ALG - ok
15:19:23.0051 1220 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:19:23.0051 1220 aliide - ok
15:19:23.0098 1220 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:19:23.0113 1220 AMD External Events Utility - ok
15:19:23.0129 1220 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:19:23.0129 1220 amdide - ok
15:19:23.0160 1220 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:19:23.0160 1220 AmdK8 - ok
15:19:23.0191 1220 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:19:23.0191 1220 AmdPPM - ok
15:19:23.0254 1220 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:19:23.0254 1220 amdsata - ok
15:19:23.0285 1220 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:19:23.0285 1220 amdsbs - ok
15:19:23.0300 1220 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:19:23.0300 1220 amdxata - ok
15:19:23.0347 1220 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:19:23.0347 1220 AppID - ok
15:19:23.0394 1220 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:19:23.0394 1220 AppIDSvc - ok
15:19:23.0441 1220 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:19:23.0441 1220 Appinfo - ok
15:19:23.0488 1220 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:19:23.0488 1220 arc - ok
15:19:23.0519 1220 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:19:23.0519 1220 arcsas - ok
15:19:23.0550 1220 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:19:23.0550 1220 AsyncMac - ok
15:19:23.0581 1220 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:19:23.0597 1220 atapi - ok
15:19:23.0690 1220 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:19:23.0753 1220 athr - ok
15:19:23.0800 1220 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:19:23.0800 1220 AtiHdmiService - ok
15:19:23.0956 1220 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:19:24.0112 1220 atikmdag - ok
15:19:24.0174 1220 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
15:19:24.0174 1220 AtiPcie - ok
15:19:24.0236 1220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:19:24.0268 1220 AudioEndpointBuilder - ok
15:19:24.0314 1220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:19:24.0314 1220 AudioSrv - ok
15:19:24.0392 1220 [ 2718DC27571BD1E37813F5759D2DC118 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
15:19:24.0392 1220 AVP - ok
15:19:24.0439 1220 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:19:24.0455 1220 AxInstSV - ok
15:19:24.0502 1220 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:19:24.0533 1220 b06bdrv - ok
15:19:24.0564 1220 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:19:24.0580 1220 b57nd60a - ok
15:19:24.0626 1220 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:19:24.0626 1220 BDESVC - ok
15:19:24.0642 1220 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:19:24.0642 1220 Beep - ok
15:19:24.0720 1220 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:19:24.0736 1220 BFE - ok
15:19:24.0782 1220 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:19:24.0814 1220 BITS - ok
15:19:24.0845 1220 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:19:24.0845 1220 blbdrive - ok
15:19:24.0892 1220 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:19:24.0892 1220 bowser - ok
15:19:24.0923 1220 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:19:24.0923 1220 BrFiltLo - ok
15:19:24.0938 1220 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:19:24.0938 1220 BrFiltUp - ok
15:19:24.0985 1220 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:19:24.0985 1220 Browser - ok
15:19:24.0985 1220 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:19:25.0001 1220 Brserid - ok
15:19:25.0001 1220 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:19:25.0001 1220 BrSerWdm - ok
15:19:25.0016 1220 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:19:25.0016 1220 BrUsbMdm - ok
15:19:25.0016 1220 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:19:25.0016 1220 BrUsbSer - ok
15:19:25.0063 1220 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:19:25.0063 1220 BTHMODEM - ok
15:19:25.0141 1220 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:19:25.0172 1220 bthserv - ok
15:19:25.0219 1220 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:19:25.0235 1220 cdfs - ok
15:19:25.0282 1220 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:19:25.0297 1220 cdrom - ok
15:19:25.0344 1220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:19:25.0344 1220 CertPropSvc - ok
15:19:25.0391 1220 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:19:25.0391 1220 circlass - ok
15:19:25.0422 1220 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:19:25.0438 1220 CLFS - ok
15:19:25.0516 1220 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:25.0516 1220 clr_optimization_v2.0.50727_32 - ok
15:19:25.0547 1220 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:19:25.0547 1220 clr_optimization_v2.0.50727_64 - ok
15:19:25.0640 1220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:19:25.0640 1220 clr_optimization_v4.0.30319_32 - ok
15:19:25.0672 1220 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:19:25.0672 1220 clr_optimization_v4.0.30319_64 - ok
15:19:25.0703 1220 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:19:25.0703 1220 CmBatt - ok
15:19:25.0734 1220 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:19:25.0750 1220 cmdide - ok
15:19:25.0796 1220 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:19:25.0812 1220 CNG - ok
15:19:25.0937 1220 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:19:25.0937 1220 Com4QLBEx - ok
15:19:25.0984 1220 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:19:25.0984 1220 Compbatt - ok
15:19:26.0030 1220 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:19:26.0030 1220 CompositeBus - ok
15:19:26.0046 1220 COMSysApp - ok
15:19:26.0077 1220 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:19:26.0077 1220 crcdisk - ok
15:19:26.0140 1220 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:19:26.0155 1220 CryptSvc - ok
15:19:26.0218 1220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:19:26.0233 1220 DcomLaunch - ok
15:19:26.0280 1220 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:19:26.0296 1220 defragsvc - ok
15:19:26.0342 1220 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:19:26.0342 1220 DfsC - ok
15:19:26.0389 1220 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:19:26.0405 1220 Dhcp - ok
15:19:26.0436 1220 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:19:26.0436 1220 discache - ok
15:19:26.0467 1220 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:19:26.0483 1220 Disk - ok
15:19:26.0514 1220 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:19:26.0530 1220 Dnscache - ok
15:19:26.0576 1220 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:19:26.0576 1220 dot3svc - ok
15:19:26.0639 1220 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:19:26.0639 1220 DPS - ok
15:19:26.0670 1220 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:19:26.0670 1220 drmkaud - ok
15:19:26.0717 1220 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:19:26.0732 1220 dtsoftbus01 - ok
15:19:26.0795 1220 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:19:26.0826 1220 DXGKrnl - ok
15:19:26.0857 1220 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:19:26.0873 1220 EapHost - ok
15:19:26.0966 1220 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:19:27.0076 1220 ebdrv - ok
15:19:27.0122 1220 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:19:27.0122 1220 EFS - ok
15:19:27.0200 1220 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:19:27.0247 1220 ehRecvr - ok
15:19:27.0263 1220 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:19:27.0263 1220 ehSched - ok
15:19:27.0294 1220 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:19:27.0310 1220 elxstor - ok
15:19:27.0341 1220 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
15:19:27.0341 1220 enecir - ok
15:19:27.0372 1220 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:19:27.0372 1220 ErrDev - ok
15:19:27.0419 1220 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:19:27.0434 1220 EventSystem - ok
15:19:27.0450 1220 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:19:27.0450 1220 exfat - ok
15:19:27.0466 1220 ezSharedSvc - ok
15:19:27.0497 1220 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:19:27.0497 1220 fastfat - ok
15:19:27.0559 1220 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:19:27.0575 1220 Fax - ok
15:19:27.0590 1220 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:19:27.0606 1220 fdc - ok
15:19:27.0637 1220 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:19:27.0637 1220 fdPHost - ok
15:19:27.0653 1220 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:19:27.0653 1220 FDResPub - ok
15:19:27.0700 1220 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:19:27.0700 1220 FileInfo - ok
15:19:27.0731 1220 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:19:27.0731 1220 Filetrace - ok
15:19:27.0731 1220 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:19:27.0746 1220 flpydisk - ok
15:19:27.0793 1220 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:19:27.0793 1220 FltMgr - ok
15:19:27.0856 1220 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:19:27.0902 1220 FontCache - ok
15:19:27.0965 1220 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:19:27.0980 1220 FontCache3.0.0.0 - ok
15:19:27.0996 1220 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:19:27.0996 1220 FsDepends - ok
15:19:28.0043 1220 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:19:28.0043 1220 Fs_Rec - ok
15:19:28.0105 1220 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:19:28.0214 1220 fvevol - ok
15:19:28.0246 1220 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:19:28.0246 1220 gagp30kx - ok
15:19:28.0355 1220 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:19:28.0355 1220 GameConsoleService - ok
15:19:28.0417 1220 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:19:28.0464 1220 gpsvc - ok
15:19:28.0542 1220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:19:28.0542 1220 gupdate - ok
15:19:28.0558 1220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:19:28.0558 1220 gupdatem - ok
15:19:28.0589 1220 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:19:28.0589 1220 hcw85cir - ok
15:19:28.0651 1220 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:19:28.0667 1220 HdAudAddService - ok
15:19:28.0698 1220 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:19:28.0698 1220 HDAudBus - ok
15:19:28.0729 1220 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:19:28.0729 1220 HidBatt - ok
15:19:28.0729 1220 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:19:28.0745 1220 HidBth - ok
15:19:28.0760 1220 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:19:28.0760 1220 HidIr - ok
15:19:28.0792 1220 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:19:28.0792 1220 hidserv - ok
15:19:28.0838 1220 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:19:28.0838 1220 HidUsb - ok
15:19:28.0870 1220 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:19:28.0885 1220 hkmsvc - ok
15:19:28.0916 1220 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:19:28.0916 1220 HomeGroupListener - ok
15:19:28.0963 1220 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:19:28.0979 1220 HomeGroupProvider - ok
15:19:29.0026 1220 [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:19:29.0026 1220 HP Health Check Service - ok
15:19:29.0072 1220 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
15:19:29.0072 1220 hpdskflt - ok
15:19:29.0119 1220 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:19:29.0119 1220 HpqKbFiltr - ok
15:19:29.0182 1220 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:19:29.0182 1220 hpqwmiex - ok
15:19:29.0244 1220 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:19:29.0244 1220 HpSAMD - ok
15:19:29.0275 1220 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
15:19:29.0291 1220 hpsrv - ok
15:19:29.0353 1220 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:19:29.0384 1220 HTTP - ok
15:19:29.0431 1220 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:19:29.0431 1220 hwpolicy - ok
15:19:29.0494 1220 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:19:29.0494 1220 i8042prt - ok
15:19:29.0556 1220 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:19:29.0572 1220 iaStorV - ok
15:19:29.0650 1220 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:19:29.0681 1220 idsvc - ok
15:19:29.0868 1220 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:19:30.0040 1220 igfx - ok
15:19:30.0071 1220 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:19:30.0071 1220 iirsp - ok
15:19:30.0118 1220 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:19:30.0149 1220 IKEEXT - ok
15:19:30.0180 1220 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:19:30.0180 1220 intelide - ok
15:19:30.0211 1220 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:19:30.0211 1220 intelppm - ok
15:19:30.0289 1220 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:19:30.0289 1220 IPBusEnum - ok
15:19:30.0336 1220 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:19:30.0336 1220 IpFilterDriver - ok
15:19:30.0383 1220 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:19:30.0414 1220 iphlpsvc - ok
15:19:30.0461 1220 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:19:30.0461 1220 IPMIDRV - ok
15:19:30.0508 1220 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:19:30.0508 1220 IPNAT - ok
15:19:30.0539 1220 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:19:30.0539 1220 IRENUM - ok
15:19:30.0570 1220 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:19:30.0570 1220 isapnp - ok
15:19:30.0601 1220 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:19:30.0617 1220 iScsiPrt - ok
15:19:30.0664 1220 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:19:30.0664 1220 kbdclass - ok
15:19:30.0695 1220 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:19:30.0695 1220 kbdhid - ok
15:19:30.0710 1220 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:19:30.0710 1220 KeyIso - ok
15:19:30.0788 1220 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
15:19:30.0788 1220 KL1 - ok
15:19:30.0820 1220 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
15:19:30.0820 1220 kl2 - ok
15:19:30.0866 1220 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
15:19:30.0882 1220 KLIF - ok
15:19:30.0898 1220 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
15:19:30.0898 1220 KLIM6 - ok
15:19:30.0898 1220 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
15:19:30.0898 1220 klmouflt - ok
15:19:30.0944 1220 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:19:30.0960 1220 KSecDD - ok
15:19:30.0991 1220 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:19:31.0007 1220 KSecPkg - ok
15:19:31.0054 1220 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:19:31.0054 1220 ksthunk - ok
15:19:31.0100 1220 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:19:31.0116 1220 KtmRm - ok
15:19:31.0178 1220 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:19:31.0178 1220 LanmanServer - ok
15:19:31.0225 1220 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:19:31.0225 1220 LanmanWorkstation - ok
15:19:31.0288 1220 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:19:31.0288 1220 LightScribeService - ok
15:19:31.0319 1220 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:19:31.0319 1220 lltdio - ok
15:19:31.0366 1220 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:19:31.0366 1220 lltdsvc - ok
15:19:31.0397 1220 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:19:31.0397 1220 lmhosts - ok
15:19:31.0428 1220 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:19:31.0444 1220 LSI_FC - ok
15:19:31.0444 1220 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:19:31.0444 1220 LSI_SAS - ok
15:19:31.0459 1220 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:19:31.0459 1220 LSI_SAS2 - ok
15:19:31.0475 1220 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:19:31.0475 1220 LSI_SCSI - ok
15:19:31.0490 1220 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:19:31.0490 1220 luafv - ok
15:19:31.0537 1220 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:19:31.0553 1220 Mcx2Svc - ok
15:19:31.0568 1220 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:19:31.0568 1220 megasas - ok
15:19:31.0600 1220 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:19:31.0600 1220 MegaSR - ok
15:19:31.0631 1220 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:19:31.0631 1220 MMCSS - ok
15:19:31.0646 1220 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:19:31.0646 1220 Modem - ok
15:19:31.0662 1220 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:19:31.0662 1220 monitor - ok
15:19:31.0693 1220 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:19:31.0693 1220 mouclass - ok
15:19:31.0709 1220 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:19:31.0709 1220 mouhid - ok
15:19:31.0756 1220 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:19:31.0756 1220 mountmgr - ok
15:19:31.0787 1220 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:19:31.0787 1220 mpio - ok
15:19:31.0802 1220 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:19:31.0802 1220 mpsdrv - ok
15:19:31.0865 1220 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:19:31.0896 1220 MpsSvc - ok
15:19:31.0943 1220 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:19:31.0943 1220 MRxDAV - ok
15:19:31.0974 1220 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:19:31.0990 1220 mrxsmb - ok
15:19:32.0021 1220 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:19:32.0021 1220 mrxsmb10 - ok
15:19:32.0036 1220 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:19:32.0036 1220 mrxsmb20 - ok
15:19:32.0068 1220 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:19:32.0083 1220 msahci - ok
15:19:32.0130 1220 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:19:32.0130 1220 msdsm - ok
15:19:32.0146 1220 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:19:32.0146 1220 MSDTC - ok
15:19:32.0177 1220 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:19:32.0177 1220 Msfs - ok
15:19:32.0208 1220 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:19:32.0208 1220 mshidkmdf - ok
15:19:32.0239 1220 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:19:32.0239 1220 msisadrv - ok
15:19:32.0255 1220 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:19:32.0270 1220 MSiSCSI - ok
15:19:32.0270 1220 msiserver - ok
15:19:32.0302 1220 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:19:32.0302 1220 MSKSSRV - ok
15:19:32.0302 1220 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:19:32.0317 1220 MSPCLOCK - ok
15:19:32.0317 1220 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:19:32.0317 1220 MSPQM - ok
15:19:32.0364 1220 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:19:32.0380 1220 MsRPC - ok
15:19:32.0426 1220 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:19:32.0426 1220 mssmbios - ok
15:19:32.0426 1220 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:19:32.0426 1220 MSTEE - ok
15:19:32.0442 1220 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:19:32.0442 1220 MTConfig - ok
15:19:32.0458 1220 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:19:32.0458 1220 Mup - ok
15:19:32.0504 1220 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:19:32.0536 1220 napagent - ok
15:19:32.0567 1220 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:19:32.0567 1220 NativeWifiP - ok
15:19:32.0660 1220 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:19:32.0692 1220 NDIS - ok
15:19:32.0723 1220 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:19:32.0723 1220 NdisCap - ok
15:19:32.0754 1220 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:19:32.0754 1220 NdisTapi - ok
15:19:32.0801 1220 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:19:32.0801 1220 Ndisuio - ok
15:19:32.0848 1220 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:19:32.0863 1220 NdisWan - ok
15:19:32.0894 1220 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:19:32.0894 1220 NDProxy - ok
15:19:32.0926 1220 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:19:32.0926 1220 NetBIOS - ok
15:19:32.0972 1220 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:19:32.0972 1220 NetBT - ok
15:19:32.0988 1220 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:19:33.0004 1220 Netlogon - ok
15:19:33.0050 1220 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:19:33.0066 1220 Netman - ok
15:19:33.0097 1220 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:19:33.0097 1220 netprofm - ok
15:19:33.0128 1220 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:19:33.0128 1220 NetTcpPortSharing - ok
15:19:33.0284 1220 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
15:19:33.0425 1220 netw5v64 - ok
15:19:33.0440 1220 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:19:33.0440 1220 nfrd960 - ok
15:19:33.0503 1220 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:19:33.0518 1220 NlaSvc - ok
15:19:33.0534 1220 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:19:33.0534 1220 Npfs - ok
15:19:33.0565 1220 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:19:33.0581 1220 nsi - ok
15:19:33.0612 1220 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:19:33.0612 1220 nsiproxy - ok
15:19:33.0721 1220 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:19:33.0799 1220 Ntfs - ok
15:19:33.0815 1220 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:19:33.0815 1220 Null - ok
15:19:33.0862 1220 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:19:33.0862 1220 nvraid - ok
15:19:33.0877 1220 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:19:33.0877 1220 nvstor - ok
15:19:33.0908 1220 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:19:33.0908 1220 nv_agp - ok
15:19:33.0986 1220 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:19:34.0002 1220 odserv - ok
15:19:34.0033 1220 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:19:34.0049 1220 ohci1394 - ok
15:19:34.0096 1220 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:19:34.0096 1220 ose - ok
15:19:34.0127 1220 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:19:34.0142 1220 p2pimsvc - ok
15:19:34.0158 1220 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:19:34.0174 1220 p2psvc - ok
15:19:34.0205 1220 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:19:34.0205 1220 Parport - ok
15:19:34.0236 1220 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:19:34.0236 1220 partmgr - ok
15:19:34.0252 1220 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:19:34.0267 1220 PcaSvc - ok
15:19:34.0298 1220 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:19:34.0314 1220 pci - ok
15:19:34.0330 1220 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:19:34.0330 1220 pciide - ok
15:19:34.0361 1220 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:19:34.0361 1220 pcmcia - ok
15:19:34.0392 1220 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:19:34.0392 1220 pcw - ok
15:19:34.0423 1220 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:19:34.0423 1220 PEAUTH - ok
15:19:34.0517 1220 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:19:34.0517 1220 PerfHost - ok
15:19:34.0626 1220 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:19:34.0688 1220 pla - ok
15:19:34.0798 1220 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:19:34.0813 1220 PlugPlay - ok
15:19:34.0876 1220 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:19:34.0876 1220 PNRPAutoReg - ok
15:19:34.0907 1220 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:19:34.0907 1220 PNRPsvc - ok
15:19:34.0954 1220 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:19:34.0969 1220 PolicyAgent - ok
15:19:35.0016 1220 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:19:35.0016 1220 Power - ok
15:19:35.0063 1220 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:19:35.0063 1220 PptpMiniport - ok
15:19:35.0094 1220 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:19:35.0094 1220 Processor - ok
15:19:35.0141 1220 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:19:35.0156 1220 ProfSvc - ok
15:19:35.0172 1220 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:19:35.0172 1220 ProtectedStorage - ok
15:19:35.0219 1220 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:19:35.0219 1220 Psched - ok
15:19:35.0281 1220 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:19:35.0344 1220 ql2300 - ok
15:19:35.0375 1220 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:19:35.0375 1220 ql40xx - ok
15:19:35.0390 1220 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:19:35.0406 1220 QWAVE - ok
15:19:35.0422 1220 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:19:35.0422 1220 QWAVEdrv - ok
15:19:35.0422 1220 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:19:35.0437 1220 RasAcd - ok
15:19:35.0468 1220 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:19:35.0468 1220 RasAgileVpn - ok
15:19:35.0500 1220 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:19:35.0500 1220 RasAuto - ok
15:19:35.0546 1220 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:19:35.0546 1220 Rasl2tp - ok
15:19:35.0578 1220 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:19:35.0578 1220 RasMan - ok
15:19:35.0609 1220 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:19:35.0609 1220 RasPppoe - ok
15:19:35.0624 1220 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:19:35.0640 1220 RasSstp - ok
15:19:35.0656 1220 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:19:35.0671 1220 rdbss - ok
15:19:35.0702 1220 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:19:35.0702 1220 rdpbus - ok
15:19:35.0718 1220 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:19:35.0718 1220 RDPCDD - ok
15:19:35.0749 1220 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:19:35.0749 1220 RDPENCDD - ok
15:19:35.0780 1220 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:19:35.0780 1220 RDPREFMP - ok
15:19:35.0812 1220 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:19:35.0827 1220 RDPWD - ok
15:19:35.0890 1220 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:19:35.0890 1220 rdyboost - ok
15:19:35.0921 1220 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:19:35.0921 1220 RemoteAccess - ok
15:19:35.0968 1220 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:19:35.0968 1220 RemoteRegistry - ok
15:19:36.0030 1220 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:19:36.0030 1220 RichVideo - ok
15:19:36.0061 1220 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:19:36.0061 1220 RpcEptMapper - ok
15:19:36.0092 1220 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:19:36.0108 1220 RpcLocator - ok
15:19:36.0155 1220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:19:36.0170 1220 RpcSs - ok
15:19:36.0217 1220 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:19:36.0217 1220 rspndr - ok
15:19:36.0264 1220 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:19:36.0280 1220 RTL8167 - ok
15:19:36.0295 1220 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:19:36.0295 1220 SamSs - ok
15:19:36.0342 1220 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:19:36.0342 1220 sbp2port - ok
15:19:36.0373 1220 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:19:36.0373 1220 SCardSvr - ok
15:19:36.0420 1220 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:19:36.0420 1220 scfilter - ok
15:19:36.0482 1220 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:19:36.0529 1220 Schedule - ok
15:19:36.0576 1220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:19:36.0576 1220 SCPolicySvc - ok
15:19:36.0638 1220 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:19:36.0638 1220 sdbus - ok
15:19:36.0685 1220 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:19:36.0701 1220 SDRSVC - ok
15:19:36.0716 1220 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:19:36.0732 1220 secdrv - ok
15:19:36.0763 1220 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:19:36.0763 1220 seclogon - ok
15:19:36.0794 1220 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:19:36.0810 1220 SENS - ok
15:19:36.0841 1220 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:19:36.0841 1220 SensrSvc - ok
15:19:36.0857 1220 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:19:36.0857 1220 Serenum - ok
15:19:36.0888 1220 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:19:36.0888 1220 Serial - ok
15:19:36.0935 1220 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:19:36.0935 1220 sermouse - ok
15:19:36.0997 1220 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:19:37.0013 1220 SessionEnv - ok
15:19:37.0044 1220 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:19:37.0044 1220 sffdisk - ok
15:19:37.0060 1220 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:19:37.0060 1220 sffp_mmc - ok
15:19:37.0091 1220 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:19:37.0091 1220 sffp_sd - ok
15:19:37.0122 1220 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:19:37.0122 1220 sfloppy - ok
15:19:37.0153 1220 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:19:37.0153 1220 SharedAccess - ok
15:19:37.0200 1220 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:19:37.0216 1220 ShellHWDetection - ok
15:19:37.0231 1220 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:19:37.0247 1220 SiSRaid2 - ok
15:19:37.0262 1220 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:19:37.0262 1220 SiSRaid4 - ok
15:19:37.0340 1220 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:19:37.0340 1220 SkypeUpdate - ok
15:19:37.0372 1220 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:19:37.0387 1220 Smb - ok
15:19:37.0418 1220 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:19:37.0434 1220 SNMPTRAP - ok
15:19:37.0450 1220 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:19:37.0450 1220 spldr - ok
15:19:37.0496 1220 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:19:37.0512 1220 Spooler - ok
15:19:37.0637 1220 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:19:37.0746 1220 sppsvc - ok
15:19:37.0793 1220 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:19:37.0793 1220 sppuinotify - ok
15:19:37.0824 1220 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:19:37.0840 1220 srv - ok
15:19:37.0855 1220 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:19:37.0871 1220 srv2 - ok
15:19:37.0902 1220 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:19:37.0902 1220 SrvHsfHDA - ok
15:19:37.0964 1220 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:19:38.0011 1220 SrvHsfV92 - ok
15:19:38.0042 1220 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:19:38.0074 1220 SrvHsfWinac - ok
15:19:38.0105 1220 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:19:38.0105 1220 srvnet - ok
15:19:38.0152 1220 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:19:38.0152 1220 SSDPSRV - ok
15:19:38.0167 1220 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:19:38.0167 1220 SstpSvc - ok
15:19:38.0292 1220 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
15:19:38.0308 1220 STacSV - ok
15:19:38.0339 1220 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:19:38.0339 1220 stexstor - ok
15:19:38.0401 1220 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:19:38.0417 1220 STHDA - ok
15:19:38.0495 1220 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:19:38.0526 1220 stisvc - ok
15:19:38.0573 1220 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:19:38.0573 1220 swenum - ok
15:19:38.0604 1220 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:19:38.0635 1220 swprv - ok
15:19:38.0682 1220 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:19:38.0682 1220 SynTP - ok
15:19:38.0760 1220 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:19:38.0822 1220 SysMain - ok
15:19:38.0869 1220 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:19:38.0869 1220 TabletInputService - ok
15:19:38.0900 1220 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:19:38.0916 1220 TapiSrv - ok
15:19:38.0947 1220 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:19:38.0947 1220 TBS - ok
15:19:39.0041 1220 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:19:39.0119 1220 Tcpip - ok
15:19:39.0181 1220 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:19:39.0197 1220 TCPIP6 - ok
15:19:39.0244 1220 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:19:39.0244 1220 tcpipreg - ok
15:19:39.0275 1220 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:19:39.0275 1220 TDPIPE - ok
15:19:39.0322 1220 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:19:39.0322 1220 TDTCP - ok
15:19:39.0368 1220 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:19:39.0368 1220 tdx - ok
15:19:39.0415 1220 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:19:39.0415 1220 TermDD - ok
15:19:39.0446 1220 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:19:39.0493 1220 TermService - ok
15:19:39.0524 1220 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:19:39.0524 1220 Themes - ok
15:19:39.0556 1220 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:19:39.0556 1220 THREADORDER - ok
15:19:39.0587 1220 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:19:39.0587 1220 TrkWks - ok
15:19:39.0649 1220 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:19:39.0665 1220 TrustedInstaller - ok
15:19:39.0696 1220 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:19:39.0696 1220 tssecsrv - ok
15:19:39.0743 1220 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:19:39.0758 1220 TsUsbFlt - ok
15:19:39.0805 1220 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:19:39.0805 1220 tunnel - ok
15:19:39.0836 1220 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:19:39.0836 1220 uagp35 - ok
15:19:39.0883 1220 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:19:39.0883 1220 udfs - ok
15:19:39.0946 1220 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:19:39.0961 1220 UI0Detect - ok
15:19:39.0977 1220 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:19:39.0977 1220 uliagpkx - ok
15:19:40.0039 1220 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:19:40.0039 1220 umbus - ok
15:19:40.0070 1220 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:19:40.0070 1220 UmPass - ok
15:19:40.0102 1220 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:19:40.0117 1220 upnphost - ok
15:19:40.0148 1220 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:19:40.0148 1220 usbccgp - ok
15:19:40.0195 1220 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:19:40.0195 1220 usbcir - ok
15:19:40.0211 1220 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:19:40.0211 1220 usbehci - ok
15:19:40.0273 1220 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
15:19:40.0273 1220 usbfilter - ok
15:19:40.0289 1220 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:19:40.0304 1220 usbhub - ok
15:19:40.0304 1220 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:19:40.0304 1220 usbohci - ok
15:19:40.0336 1220 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:19:40.0336 1220 usbprint - ok
15:19:40.0351 1220 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:19:40.0351 1220 USBSTOR - ok
15:19:40.0382 1220 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:19:40.0382 1220 usbuhci - ok
15:19:40.0398 1220 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:19:40.0414 1220 usbvideo - ok
15:19:40.0429 1220 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:19:40.0445 1220 UxSms - ok
15:19:40.0460 1220 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:19:40.0460 1220 VaultSvc - ok
15:19:40.0507 1220 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:19:40.0507 1220 vdrvroot - ok
15:19:40.0554 1220 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:19:40.0570 1220 vds - ok
15:19:40.0601 1220 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:19:40.0601 1220 vga - ok
15:19:40.0616 1220 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:19:40.0616 1220 VgaSave - ok
15:19:40.0663 1220 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:19:40.0663 1220 vhdmp - ok
15:19:40.0694 1220 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:19:40.0710 1220 viaide - ok
15:19:40.0726 1220 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:19:40.0726 1220 volmgr - ok
15:19:40.0772 1220 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:19:40.0788 1220 volmgrx - ok
15:19:40.0819 1220 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:19:40.0819 1220 volsnap - ok
15:19:40.0835 1220 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:19:40.0835 1220 vsmraid - ok
15:19:40.0913 1220 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:19:40.0960 1220 VSS - ok
15:19:41.0006 1220 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:19:41.0006 1220 vwifibus - ok
15:19:41.0038 1220 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:19:41.0038 1220 vwififlt - ok
15:19:41.0069 1220 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:19:41.0084 1220 W32Time - ok
15:19:41.0131 1220 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:19:41.0131 1220 WacomPen - ok
15:19:41.0194 1220 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:19:41.0194 1220 WANARP - ok
15:19:41.0225 1220 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:19:41.0225 1220 Wanarpv6 - ok
15:19:41.0303 1220 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:19:41.0334 1220 WatAdminSvc - ok
15:19:41.0396 1220 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:19:41.0459 1220 wbengine - ok
15:19:41.0490 1220 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:19:41.0506 1220 WbioSrvc - ok
15:19:41.0552 1220 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:19:41.0584 1220 wcncsvc - ok
15:19:41.0599 1220 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:19:41.0599 1220 WcsPlugInService - ok
15:19:41.0630 1220 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:19:41.0630 1220 Wd - ok
15:19:41.0662 1220 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:19:41.0693 1220 Wdf01000 - ok
15:19:41.0708 1220 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:19:41.0708 1220 WdiServiceHost - ok
15:19:41.0724 1220 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:19:41.0724 1220 WdiSystemHost - ok
15:19:41.0755 1220 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:19:41.0771 1220 WebClient - ok
15:19:41.0786 1220 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:19:41.0802 1220 Wecsvc - ok
15:19:41.0818 1220 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:19:41.0833 1220 wercplsupport - ok
15:19:41.0864 1220 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:19:41.0864 1220 WerSvc - ok
15:19:41.0896 1220 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:19:41.0896 1220 WfpLwf - ok
15:19:41.0927 1220 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:19:41.0927 1220 WIMMount - ok
15:19:41.0942 1220 WinDefend - ok
15:19:41.0942 1220 WinHttpAutoProxySvc - ok
15:19:42.0005 1220 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:19:42.0005 1220 Winmgmt - ok
15:19:42.0098 1220 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:19:42.0161 1220 WinRM - ok
15:19:42.0208 1220 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:19:42.0208 1220 WinUsb - ok
15:19:42.0239 1220 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:19:42.0270 1220 Wlansvc - ok
15:19:42.0442 1220 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:19:42.0457 1220 wlidsvc - ok
15:19:42.0504 1220 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:19:42.0504 1220 WmiAcpi - ok
15:19:42.0535 1220 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:19:42.0551 1220 wmiApSrv - ok
15:19:42.0566 1220 WMPNetworkSvc - ok
15:19:42.0598 1220 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:19:42.0598 1220 WPCSvc - ok
15:19:42.0629 1220 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:19:42.0629 1220 WPDBusEnum - ok
15:19:42.0660 1220 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:19:42.0660 1220 ws2ifsl - ok
15:19:42.0691 1220 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:19:42.0691 1220 wscsvc - ok
15:19:42.0691 1220 WSearch - ok
15:19:42.0816 1220 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:19:42.0894 1220 wuauserv - ok
15:19:42.0956 1220 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:19:42.0956 1220 WudfPf - ok
15:19:42.0988 1220 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:19:43.0003 1220 WUDFRd - ok
15:19:43.0050 1220 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:19:43.0050 1220 wudfsvc - ok
15:19:43.0097 1220 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:19:43.0097 1220 WwanSvc - ok
15:19:43.0144 1220 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:19:43.0159 1220 yukonw7 - ok
15:19:43.0190 1220 ================ Scan global ===============================
15:19:43.0206 1220 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:19:43.0253 1220 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:19:43.0284 1220 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:19:43.0331 1220 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:19:43.0346 1220 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:19:43.0362 1220 [Global] - ok
15:19:43.0362 1220 ================ Scan MBR ==================================
15:19:43.0378 1220 [ C5BDF904F5719AF5B9D08D4AED02DEFA ] \Device\Harddisk0\DR0
15:19:43.0721 1220 \Device\Harddisk0\DR0 - ok
15:19:43.0721 1220 ================ Scan VBR ==================================
15:19:43.0736 1220 [ 2F2BCB299500FC7BB096E4B0C86A4E8E ] \Device\Harddisk0\DR0\Partition1
15:19:43.0736 1220 \Device\Harddisk0\DR0\Partition1 - ok
15:19:43.0752 1220 [ 36926DA07BC0866B85431309BB86EF0F ] \Device\Harddisk0\DR0\Partition2
15:19:43.0752 1220 \Device\Harddisk0\DR0\Partition2 - ok
15:19:43.0783 1220 [ 566E1FFE9FC00D9549FE954A2D802A7A ] \Device\Harddisk0\DR0\Partition3
15:19:43.0799 1220 \Device\Harddisk0\DR0\Partition3 - ok
15:19:43.0830 1220 [ FEFD32DFBFC7D5F6AC654D90F68380BF ] \Device\Harddisk0\DR0\Partition4
15:19:43.0846 1220 \Device\Harddisk0\DR0\Partition4 - ok
15:19:43.0846 1220 ============================================================
15:19:43.0846 1220 Scan finished
15:19:43.0846 1220 ============================================================
15:19:43.0861 1588 Detected object count: 0
15:19:43.0861 1588 Actual detected object count: 0
durden83
Regular Member
 
Posts: 44
Joined: October 3rd, 2011, 9:19 am

Re: Strange programs behaviour

Unread postby Gary R » October 12th, 2012, 11:30 am

OK, now I can see what's probably causing the problem ....

First

Please right-click on SQW7-Vista_x64.TXT and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt

Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also be available as
    C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

Next

Please download SystemLook from one of the links below and save it to your Desktop.
For 64 bit Systems:
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • OTL fix log
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Strange programs behaviour

Unread postby durden83 » October 12th, 2012, 3:22 pm

This is OTL fix log:

viewtopic.php?f=11&t=60559&p=616308#p616308
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI 32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMAN CS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
========== FILES ==========
File/Folder C:\Users\Daniele\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Daniele\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Daniele\AppData\Local\Ilivid Player not found.
File/Folder C:\Users\Daniele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\Daniele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Daniele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Daniele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Daniele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Daniele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\Daniele\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\Daniele\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\Daniele\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\Daniele\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\Daniele\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\Daniele\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Daniele\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Daniele\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\Daniele\AppData\LocalLow\searchquband not found.
File/Folder C:\Users\Daniele\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\Daniele\Downloads\SweetImSetup.exe not found.
C:\Users\Daniele\Downloads\iLividSetupV1.exe moved successfully.
File/Folder C:\Users\Daniele\AppData\LocalLow\DataMngr not found.
File/Folder C:\Users\Daniele\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\Daniele\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files (x86)\iLivid not found.
File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
File\Folder C:\Program Files (x86)\Savevid not found.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Daniele\Desktop\cmd.bat deleted successfully.
C:\Users\Daniele\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Daniele
->Temp folder emptied: 2330124627 bytes
->Temporary Internet Files folder emptied: 77045769 bytes
->Java cache emptied: 463 bytes
->Google Chrome cache emptied: 377328404 bytes
->Flash cache emptied: 110492 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 168859218 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045844 bytes
RecycleBin emptied: 11690045045 bytes

Total Files Cleaned = 14.000,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10122012_204334

Files\Folders moved on Reboot...
File\Folder C:\Users\Daniele\AppData\Local\Temp\etilqs_GbfEEyHJkairjzZ not found!
File\Folder C:\Users\Daniele\AppData\Local\Temp\etilqs_OLFpz4xQbsPFR5V not found!
File\Folder C:\Users\Daniele\AppData\Local\Temp\etilqs_PVklDxPDsQyxLfl not found!
C:\Users\Daniele\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Daniele\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

--------------------------------------------------------------------------------------

This is SystemLook.txt:

1 111<Q9999A99999999999999999QQQQQQQQQQQQQQQQQQQQQQQQQ9999999999999999999999999999AAASystemLook 30.07.11 by jpshortstuff
Log created at 20:53 on 12/10/2012 by Daniele
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Daniele\Desktop\Daniele\Downloads\iLividSetupV1 (1).exe --a---- 2063040 bytes [09:49 11/05/2012] [03:02 23/01/2012] 4C6096B5B655DECA34EF8B08228893C8
C:\Users\Daniele\Desktop\Daniele\Downloads\iLividSetupV1.exe --a---- 2063040 bytes [09:49 11/05/2012] [02:21 23/01/2012] 4C6096B5B655DECA34EF8B08228893C8
C:\Users\Daniele\Downloads\iLividSetupV1 (1).exe --a---- 823648 bytes [14:52 31/08/2012] [14:52 31/08/2012] 45EA069D86B511DA3134D0791CCCC380
C:\_OTL\MovedFiles\10122012_204334\C_Users\Daniele\Downloads\iLividSetupV1.exe --a---- 516136 bytes [14:55 20/06/2012] [14:55 20/06/2012] 14BC8FA3F014A7DDF9AE82CC67C837F9

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
"URL"="http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
"URL"="http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
"URL"="http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
"URL"="http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
"URL"="http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
"URL"="http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
"URL"="http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930"
[HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
"URL"="http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930"

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
durden83
Regular Member
 
Posts: 44
Joined: October 3rd, 2011, 9:19 am

Re: Strange programs behaviour

Unread postby Gary R » October 13th, 2012, 4:59 am

OK, now for stage 2 ....

First

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java(TM) 6 Update 14 (64-bit)


Old versions of java can be exploited.

Reboot your computer afterwards.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C00E0BF8-48B6-4F81-999A-E5DC7825DC64}
IE:64bit: - HKLM\..\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}: "URL" = http://slirsredirect.search.aol.com/sli ... 120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it
IE:64bit: - HKLM\..\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}: "URL" = http://it.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
IE - HKLM\..\SearchScopes,DefaultScope = {C00E0BF8-48B6-4F81-999A-E5DC7825DC64}
IE - HKLM\..\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}: "URL" = http://slirsredirect.search.aol.com/sli ... 120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it
IE - HKLM\..\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}: "URL" = http://it.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109986 ... 22688f2702
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=d64cdd400000000000000022688f2702
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\..\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\..\SearchScopes\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}: "URL" = http://slirsredirect.search.aol.com/sli ... 120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it
IE - HKU\S-1-5-21-771243840-78172450-3136486695-1001\..\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}: "URL" = http://it.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O33 - MountPoints2\{1e1b0ddd-9a9a-11e1-b4df-00269e63c98d}\Shell - "" = AutoRun
O33 - MountPoints2\{1e1b0ddd-9a9a-11e1-b4df-00269e63c98d}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
[2012/10/10 15:49:17 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{06E5826C-E074-4D3D-97AD-996747E468CC}
[2012/10/09 14:05:44 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{C14A1DF1-1858-45F5-9989-93B3051E1DE7}
[2012/10/08 12:36:30 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{D56D344E-B35D-4332-B4B6-C0A7B9121875}
[2012/10/08 12:17:36 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{727CC052-E444-438A-A887-ED9A8D5BC171}
[2012/10/07 19:55:19 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{58DF81FF-2143-44BE-8CD5-3AB5FB51CA57}
[2012/10/06 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{C49D85D5-EEE4-44FE-B7AA-78E93F0212EA}
[2012/10/06 01:30:22 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{AB7B4B32-BF52-4501-9736-7073C18B096C}
[2012/10/05 12:45:36 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{D362C4B2-63F4-45B6-B0FD-8A017548C7A8}
[2012/10/04 15:18:31 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{5D26B4CA-28EA-4F54-AB88-42C23B2EE2C2}
[2012/10/03 14:50:28 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{803D7A1E-BE76-47E1-B09C-5610F8B323AF}
[2012/10/03 00:17:55 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{81880A0F-7EE7-4D46-8813-2C1EC2007EAE}
[2012/10/02 14:31:52 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{4FA4CAF4-DFC1-458B-A1FB-2FD174D80781}
[2012/10/01 15:25:42 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{117D0D45-1890-4A74-A7D9-471EEC4CF3FD}
[2012/09/30 16:49:26 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{6026E1B2-F00D-4AAF-8754-CCE6A152D3C4}
[2012/09/30 04:48:56 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{18D63E0D-294E-478B-8889-F1C973F007D1}
[2012/09/29 15:38:58 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{B65EDF60-F82E-4A6D-B966-D7C15A775867}
[2012/09/28 16:06:33 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{16D291B1-0A19-459E-A654-3EC80CD31A2F}
[2012/09/28 04:06:06 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{845E25E9-5CB4-4D2A-BFB6-4D0368CCA3D4}
[2012/09/27 15:01:21 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{F63EF44B-10D2-4C30-AFF7-0C91220C5B0C}
[2012/09/25 08:45:06 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{5713AB65-5A06-4FAA-BD97-EEE2E6341B7E}
[2012/09/24 14:59:08 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{7997DFE4-5485-428D-B013-99A0E382D738}
[2012/09/24 02:58:39 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{24F4DB28-28E1-491A-9E08-4AE3DE3D17CA}
[2012/09/22 02:27:23 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{0F3A613A-A573-4D8D-8A59-593DA875C2FF}
[2012/09/21 13:56:18 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{438A6DFC-77C7-4B74-B3D3-671D85AAF4CB}
[2012/09/20 09:51:44 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{C504D3BC-4D51-440F-9B4E-CFA4641D4E25}
[2012/09/19 17:48:47 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{A20B6B6C-9C60-4D99-A2A7-6956307CFDA6}
[2012/09/19 02:13:35 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{9DB3E3CA-E578-4AE0-BB77-039DBD7718EA}
[2012/09/19 01:56:38 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{AB42241C-0729-46CD-846D-5715142D43D6}
[2012/09/18 08:58:06 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{54F2F412-23BA-4F14-B808-2AE508C13687}
[2012/09/17 13:18:41 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{83477EE6-40AB-4F8D-8F78-9767634B24D4}
[2012/09/16 17:07:20 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{422D1CBF-CCB2-470F-88F9-9DBE032E98D0}
[2012/09/16 03:52:17 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{B73854F2-2D7A-4A71-B26E-B68172EC2BA0}
[2012/09/15 15:50:09 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{64FCC32D-802E-4A3A-A29E-E6BECE2F65DC}
[2012/09/15 03:48:02 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{141AB4F4-1903-4068-8064-61287AA8C773}
[2012/09/14 15:33:03 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{4071762A-25BE-406E-AE33-AF4CCF016ACC}
[2012/09/14 03:32:31 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{DCAD3E2F-79A4-47A5-9C59-058ABDEFA176}
[2012/09/13 13:24:08 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{66327CE4-A043-4013-94C7-CED9A749EE08}
[2012/09/12 23:46:21 | 000,000,000 | ---D | C] -- C:\Users\Daniele\AppData\Local\{5DA63BEC-EAA3-4DCE-9160-35D9D211DB9F}
[1 C:\Users\Daniele\*.tmp files -> C:\Users\Daniele\*.tmp -> ]
[2012/05/21 21:40:33 | 000,000,000 | ---D | M] -- C:\Users\Daniele\AppData\Roaming\Babylon

:Files
C:\Users\Daniele\Desktop\Daniele\Downloads\iLividSetupV1 (1).exe
C:\Users\Daniele\Desktop\Daniele\Downloads\iLividSetupV1.exe
C:\Users\Daniele\Downloads\iLividSetupV1 (1).exe

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
[-HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
[-HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Trolltech]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Strange programs behaviour

Unread postby durden83 » October 13th, 2012, 1:50 pm

Hi there.
This is my OTL fix log:

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDE475A-D677-4927-A573-5A066A4F6EFE}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDE475A-D677-4927-A573-5A066A4F6EFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
HKU\S-1-5-21-771243840-78172450-3136486695-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FDE475A-D677-4927-A573-5A066A4F6EFE}\ not found.
Registry key HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}\ not found.
Registry key HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e1b0ddd-9a9a-11e1-b4df-00269e63c98d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e1b0ddd-9a9a-11e1-b4df-00269e63c98d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e1b0ddd-9a9a-11e1-b4df-00269e63c98d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e1b0ddd-9a9a-11e1-b4df-00269e63c98d}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
C:\Users\Daniele\AppData\Local\{06E5826C-E074-4D3D-97AD-996747E468CC} folder moved successfully.
C:\Users\Daniele\AppData\Local\{C14A1DF1-1858-45F5-9989-93B3051E1DE7} folder moved successfully.
C:\Users\Daniele\AppData\Local\{D56D344E-B35D-4332-B4B6-C0A7B9121875} folder moved successfully.
C:\Users\Daniele\AppData\Local\{727CC052-E444-438A-A887-ED9A8D5BC171} folder moved successfully.
C:\Users\Daniele\AppData\Local\{58DF81FF-2143-44BE-8CD5-3AB5FB51CA57} folder moved successfully.
C:\Users\Daniele\AppData\Local\{C49D85D5-EEE4-44FE-B7AA-78E93F0212EA} folder moved successfully.
C:\Users\Daniele\AppData\Local\{AB7B4B32-BF52-4501-9736-7073C18B096C} folder moved successfully.
C:\Users\Daniele\AppData\Local\{D362C4B2-63F4-45B6-B0FD-8A017548C7A8} folder moved successfully.
C:\Users\Daniele\AppData\Local\{5D26B4CA-28EA-4F54-AB88-42C23B2EE2C2} folder moved successfully.
C:\Users\Daniele\AppData\Local\{803D7A1E-BE76-47E1-B09C-5610F8B323AF} folder moved successfully.
C:\Users\Daniele\AppData\Local\{81880A0F-7EE7-4D46-8813-2C1EC2007EAE} folder moved successfully.
C:\Users\Daniele\AppData\Local\{4FA4CAF4-DFC1-458B-A1FB-2FD174D80781} folder moved successfully.
C:\Users\Daniele\AppData\Local\{117D0D45-1890-4A74-A7D9-471EEC4CF3FD} folder moved successfully.
C:\Users\Daniele\AppData\Local\{6026E1B2-F00D-4AAF-8754-CCE6A152D3C4} folder moved successfully.
C:\Users\Daniele\AppData\Local\{18D63E0D-294E-478B-8889-F1C973F007D1} folder moved successfully.
C:\Users\Daniele\AppData\Local\{B65EDF60-F82E-4A6D-B966-D7C15A775867} folder moved successfully.
C:\Users\Daniele\AppData\Local\{16D291B1-0A19-459E-A654-3EC80CD31A2F} folder moved successfully.
C:\Users\Daniele\AppData\Local\{845E25E9-5CB4-4D2A-BFB6-4D0368CCA3D4} folder moved successfully.
C:\Users\Daniele\AppData\Local\{F63EF44B-10D2-4C30-AFF7-0C91220C5B0C} folder moved successfully.
C:\Users\Daniele\AppData\Local\{5713AB65-5A06-4FAA-BD97-EEE2E6341B7E} folder moved successfully.
C:\Users\Daniele\AppData\Local\{7997DFE4-5485-428D-B013-99A0E382D738} folder moved successfully.
C:\Users\Daniele\AppData\Local\{24F4DB28-28E1-491A-9E08-4AE3DE3D17CA} folder moved successfully.
C:\Users\Daniele\AppData\Local\{0F3A613A-A573-4D8D-8A59-593DA875C2FF} folder moved successfully.
C:\Users\Daniele\AppData\Local\{438A6DFC-77C7-4B74-B3D3-671D85AAF4CB} folder moved successfully.
C:\Users\Daniele\AppData\Local\{C504D3BC-4D51-440F-9B4E-CFA4641D4E25} folder moved successfully.
C:\Users\Daniele\AppData\Local\{A20B6B6C-9C60-4D99-A2A7-6956307CFDA6} folder moved successfully.
C:\Users\Daniele\AppData\Local\{9DB3E3CA-E578-4AE0-BB77-039DBD7718EA} folder moved successfully.
C:\Users\Daniele\AppData\Local\{AB42241C-0729-46CD-846D-5715142D43D6} folder moved successfully.
C:\Users\Daniele\AppData\Local\{54F2F412-23BA-4F14-B808-2AE508C13687} folder moved successfully.
C:\Users\Daniele\AppData\Local\{83477EE6-40AB-4F8D-8F78-9767634B24D4} folder moved successfully.
C:\Users\Daniele\AppData\Local\{422D1CBF-CCB2-470F-88F9-9DBE032E98D0} folder moved successfully.
C:\Users\Daniele\AppData\Local\{B73854F2-2D7A-4A71-B26E-B68172EC2BA0} folder moved successfully.
C:\Users\Daniele\AppData\Local\{64FCC32D-802E-4A3A-A29E-E6BECE2F65DC} folder moved successfully.
C:\Users\Daniele\AppData\Local\{141AB4F4-1903-4068-8064-61287AA8C773} folder moved successfully.
C:\Users\Daniele\AppData\Local\{4071762A-25BE-406E-AE33-AF4CCF016ACC} folder moved successfully.
C:\Users\Daniele\AppData\Local\{DCAD3E2F-79A4-47A5-9C59-058ABDEFA176} folder moved successfully.
C:\Users\Daniele\AppData\Local\{66327CE4-A043-4013-94C7-CED9A749EE08} folder moved successfully.
C:\Users\Daniele\AppData\Local\{5DA63BEC-EAA3-4DCE-9160-35D9D211DB9F} folder moved successfully.
File/Folder C:\Users\Daniele\*.tmp not found.
C:\Users\Daniele\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
C:\Users\Daniele\Desktop\Daniele\Downloads\iLividSetupV1 (1).exe moved successfully.
C:\Users\Daniele\Desktop\Daniele\Downloads\iLividSetupV1.exe moved successfully.
C:\Users\Daniele\Downloads\iLividSetupV1 (1).exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D71D461C-C390-4DEE-952D-A69A0D8CF453}\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-771243840-78172450-3136486695-1001\Software\Trolltech\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 10132012_115545

------------------------------------------------------------------------------------------------------------------------

This is E-set log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ef6f21105c7b7041b20eeac11a36dd4d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-13 01:28:21
# local_time=2012-10-13 03:28:21 (+0100, ora legale Europa occidentale)
# country="Italy"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 13469633 13469633 0 0
# compatibility_mode=5893 16776573 100 94 76941 101752466 0 0
# compatibility_mode=8192 67108863 100 0 320 320 0 0
# scanned=250681
# found=12
# cleaned=0
# scan_time=12285
C:\Users\Daniele\Desktop\DTLite4454-0315.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Daniele\Desktop\Daniele\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Daniele\Desktop\Daniele\Installazioni programmi\Skype et similia\SoftonicDownloader29287.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Daniele\Desktop\Daniele\Installazioni programmi\Skype et similia\SoftonicDownloader_per_teamspeak.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Daniele\Desktop\Keygen AP\Adobe.Photoshop.CS5.1.Extended.v12.1.European.Incl.Keymaker-CORE\keygen.exe a variant of Win32/Keygen.BH application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Daniele\Downloads\ADLSoft_UnCompressor_v2 (1).exe a variant of Win32/InstallCore.T application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Daniele\Downloads\ADLSoft_UnCompressor_v2.exe a variant of Win32/InstallCore.T application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Daniele\Downloads\SoftonicDownloader_per_daemon-tools.exe a variant of Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Daniele\Downloads\SoftonicDownloader_per_logosmartz.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Daniele\Downloads\SoftonicDownloader_per_softkey-revealer.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10122012_204334\C_Users\Daniele\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10132012_115545\C_Users\Daniele\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I

------------------------------

About pc's behaviour:
In these days my impeller is going faster and is doing very strange sounds.
The windows resize without me giving commands.
As you can see in Eset log there are some threats detected.
I didn't touch teamspeask or installed it, but it seems that it is on my pc. How can that be possible?
Can u tell me if there's something wrong?
If so, how can i prevent that next time? And why this expensive antivirus doesn't detect anything, even if it is updated?
durden83
Regular Member
 
Posts: 44
Joined: October 3rd, 2011, 9:19 am

Re: Strange programs behaviour

Unread postby Gary R » October 13th, 2012, 5:55 pm

Download CKScanner to your Desktop.
  • Doubleclick CKScanner.exe to launch it.
  • Click Search For Files.
  • After a couple minutes a list will appear in the panel to the right.
  • Click Save List To File.
  • A message box will verify the file saved.
  • Close CKScanner.
  • Copy/paste the contents of ckfiles.txt in your next reply please (it will be on your Desktop).
  • Please run the program once only.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Strange programs behaviour

Unread postby durden83 » October 15th, 2012, 5:34 pm

My pc has been stolen.
So we can close this post.
Thank you anyway!!
durden83
Regular Member
 
Posts: 44
Joined: October 3rd, 2011, 9:19 am

Re: Strange programs behaviour

Unread postby Gary R » October 16th, 2012, 2:04 am

Sorry to hear that, hope you were covered by your insurance.

As we can't progress any further with things now, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware