Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect, firewall disabled, malware help


  • This topic is locked This topic is locked
35 replies to this topic

#1 fly-free

fly-free

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 29 May 2012 - 02:25 PM

Hi there, I need help removing a malware.

Windows firewall is disabled and no way to make it work again.
Antivirus keeps clearing something.

Here is the requested log


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Emanuele at 20:57:10 on 2012-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4031.2295 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\RegService.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files (x86)\avira\antivir desktop\avscan.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5942&r=27361110t805l0364z135t4942d353
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5942&r=27361110t805l0364z135t4942d353
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5942&r=27361110t805l0364z135t4942d353
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
mRun: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: I&nvia a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{6069D03B-B280-4EA7-9F51-523C68079A24} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9BFA0F52-63BB-410B-859F-B7E8C0C5FE6D} : NameServer = 192.168.1.1
TCP: Interfaces\{9BFA0F52-63BB-410B-859F-B7E8C0C5FE6D}\14356434 : DhcpNameServer = 10.5.0.1 66.103.80.4 66.103.64.4
TCP: Interfaces\{9BFA0F52-63BB-410B-859F-B7E8C0C5FE6D}\14C6963656D23323538353434313 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9BFA0F52-63BB-410B-859F-B7E8C0C5FE6D}\24F696E676F60284F6473707F647 : DhcpNameServer = 10.1.0.2
TCP: Interfaces\{9BFA0F52-63BB-410B-859F-B7E8C0C5FE6D}\35072796E64702D49664962323030302249344 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9BFA0F52-63BB-410B-859F-B7E8C0C5FE6D}\C4F646765614473516E64607F696E647 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
{0347C33E-8762-4905-BF09-768834316C61}
{326E768D-4182-46FD-9C16-1449A49795F4}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
mRun-x64: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Predefinito)]
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
IE-X64: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Pianificatore;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-29 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-29 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Communication Modem Device Manager II;Communication Modem Device Manager II;C:\Windows\SysWOW64\RegService.exe [2010-11-10 135168]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-11-26 788000]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\system32\Drivers\FPSensor.sys --> C:\Windows\system32\Drivers\FPSensor.sys [?]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IGBASVC;EgisTec Service;C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2009-9-5 3450368]
R2 inpoutx64;inpoutx64;C:\Windows\system32\Drivers\inpoutx64.sys --> C:\Windows\system32\Drivers\inpoutx64.sys [?]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-3-25 5018624]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-26 2320920]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\system32\DRIVERS\johci.sys --> C:\Windows\system32\DRIVERS\johci.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servizio di Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-9 135664]
S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-11-26 253952]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;C:\Windows\system32\DRIVERS\cmusbser.sys --> C:\Windows\system32\DRIVERS\cmusbser.sys [?]
S3 enecirhid;ENE CIR HID Receiver;C:\Windows\system32\DRIVERS\enecirhid.sys --> C:\Windows\system32\DRIVERS\enecirhid.sys [?]
S3 enecirhidma;ENE CIR HIDmini Filter;C:\Windows\system32\DRIVERS\enecirhidma.sys --> C:\Windows\system32\DRIVERS\enecirhidma.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-9 135664]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 Ltn_stk7770P;PCTV LITEON TT128xDA based TV tuner device;C:\Windows\system32\DRIVERS\Ltn_stk7770P.sys --> C:\Windows\system32\DRIVERS\Ltn_stk7770P.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;Supporto stampa WSD via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\system32\drivers\ymidusbx64.sys --> C:\Windows\system32\drivers\ymidusbx64.sys [?]
S3 ysusb64;Yamaha Steinberg USB Audio;C:\Windows\system32\drivers\ysusb64.sys --> C:\Windows\system32\drivers\ysusb64.sys [?]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-24 62720]
S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-18 50432]
S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-18 144640]
S4 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-26 240160]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-29 18:54:12 -------- d-----w- C:\Users\Emanuele\AppData\Roaming\Avira
2012-05-29 17:59:01 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-05-29 17:59:01 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-05-29 17:59:00 -------- d-----w- C:\ProgramData\Avira
2012-05-29 17:59:00 -------- d-----w- C:\Program Files (x86)\Avira
2012-05-29 12:56:20 -------- d-----w- C:\Users\Emanuele\AppData\Roaming\Malwarebytes
2012-05-29 12:56:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-29 12:56:16 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-29 12:56:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-29 11:53:47 -------- d-----w- C:\Program Files (x86)\DiRT Showdown
2012-05-29 08:51:31 -------- d-----w- C:\Users\Emanuele\AppData\Local\{44B62185-0E48-4FFD-8903-ABF293D8D484}
2012-05-29 08:51:19 -------- d-----w- C:\Users\Emanuele\AppData\Local\{154FFCE8-4942-40C4-B08D-FC347D941706}
2012-05-29 08:33:15 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E3F693F-BCFC-4FD3-BBFF-F4C5D0B8BC99}\mpengine.dll
2012-05-28 22:08:21 -------- d-----w- C:\ProgramData\Toontrack
2012-05-28 21:59:30 45056 ----a-r- C:\Users\Emanuele\AppData\Roaming\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
2012-05-28 21:51:22 -------- d-----w- C:\Program Files (x86)\Toontrack
2012-05-27 22:18:29 -------- d-----w- C:\Users\Emanuele\AppData\Local\{28FC3CA6-D977-4E51-8820-015F4B0CB3ED}
2012-05-27 22:18:17 -------- d-----w- C:\Users\Emanuele\AppData\Local\{24AA71C3-0B31-4FA6-836E-6CEBD2DDE823}
2012-05-27 10:14:49 -------- d-----w- C:\Users\Emanuele\AppData\Local\{21635655-ADFB-4543-9C96-27C0324FB551}
2012-05-27 10:14:37 -------- d-----w- C:\Users\Emanuele\AppData\Local\{022A12D2-5285-4CEF-8FBA-6E84E817B3B7}
2012-05-26 16:20:03 -------- d-----w- C:\Users\Emanuele\AppData\Local\{2A9A6BDB-CBBE-4E0B-834D-D1744C63ADC4}
2012-05-26 16:19:51 -------- d-----w- C:\Users\Emanuele\AppData\Local\{3BB37054-16C9-44C3-B70E-4F651A1AD06C}
2012-05-25 14:28:31 -------- d-----w- C:\Users\Emanuele\AppData\Local\{45727E01-E719-411E-B56F-F138B8CF3E69}
2012-05-25 14:28:20 -------- d-----w- C:\Users\Emanuele\AppData\Local\{068D99DE-1B59-4217-87C8-0E24B6745608}
2012-05-24 10:10:39 -------- d-----w- C:\Users\Emanuele\AppData\Local\{A213ADC7-BBFB-41E3-9A0A-A2D609956185}
2012-05-23 16:57:07 -------- d-----w- C:\Users\Emanuele\AppData\Local\{4325ADCC-2D80-45CE-974C-DCD242B4A85B}
2012-05-23 16:56:51 -------- d-----w- C:\Users\Emanuele\AppData\Local\{AF2ABE16-3C3E-4AD9-A16D-E6FDD5392597}
2012-05-22 12:12:16 -------- d-----w- C:\Users\Emanuele\AppData\Local\{DD3E4573-31DA-4A40-B4A3-6B812B756DBF}
2012-05-22 12:12:05 -------- d-----w- C:\Users\Emanuele\AppData\Local\{23983768-8E47-449F-867C-902F8714AB71}
2012-05-21 12:53:27 -------- d-----w- C:\Users\Emanuele\AppData\Local\{A5013CEB-128D-43B0-B265-A6337A10A785}
2012-05-21 12:53:14 -------- d-----w- C:\Users\Emanuele\AppData\Local\{9B17AD9A-A77D-46C4-860A-DDE27DEB3779}
2012-05-20 13:44:10 -------- d-----w- C:\Program Files\CCleaner
2012-05-20 13:19:47 -------- d-----w- C:\Program Files (x86)\Solar System 3D Screensaver
2012-05-20 13:16:15 4305769 ----a-w- C:\Windows\SysWow64\Free Solar System Screensaver.scr
2012-05-20 12:57:39 -------- d-----w- C:\Program Files (x86)\ScreenSaverGift
2012-05-20 12:55:59 -------- d-----w- C:\Program Files (x86)\DesktopAnimated
2012-05-20 12:21:42 -------- d-----w- C:\Users\Emanuele\AppData\Roaming\TERMINAL Studio
2012-05-20 12:21:38 -------- d-----w- C:\Program Files (x86)\Free 3D Earth Screensaver
2012-05-20 12:09:18 -------- d-----w- C:\Users\Emanuele\AppData\Roaming\2Flyer
2012-05-20 11:44:18 -------- d-----w- C:\ProgramData\Laconic Software
2012-05-20 09:37:42 -------- d-----w- C:\Users\Emanuele\AppData\Local\{9B2BF2E0-8725-4A3F-B928-F3CF938B7C08}
2012-05-20 09:37:30 -------- d-----w- C:\Users\Emanuele\AppData\Local\{DE4DF44A-D00E-49BA-BBA7-5DEF1B5AA69E}
2012-05-19 12:04:52 -------- d-----w- C:\Users\Emanuele\AppData\Local\{EAFAB02A-886A-46C9-88ED-D08CE621DD5E}
2012-05-19 12:04:40 -------- d-----w- C:\Users\Emanuele\AppData\Local\{2BE4192C-1D73-46E8-B229-A7F3E539F7AC}
2012-05-18 23:25:33 -------- d-----w- C:\Users\Emanuele\AppData\Local\{BFF5487B-96F5-4659-8565-92A477185D59}
2012-05-18 23:25:21 -------- d-----w- C:\Users\Emanuele\AppData\Local\{C9250250-3C79-4B45-84BA-77BBB33996C1}
2012-05-18 09:05:57 -------- d-----w- C:\Users\Emanuele\AppData\Local\{F811DB19-CB6B-4821-8CA5-152651577AA3}
2012-05-17 10:48:45 -------- d-----w- C:\Users\Emanuele\AppData\Local\{2F80060C-1FB5-43D7-9642-2AACB281D834}
2012-05-16 11:33:12 -------- d-----w- C:\Users\Emanuele\AppData\Local\{9D6E8855-0F8A-479D-A5A5-03F5CD113AE8}
2012-05-16 11:32:57 -------- d-----w- C:\Users\Emanuele\AppData\Local\{090D649D-FB5D-44AA-80B4-BCDE898995D9}
2012-05-16 11:19:13 -------- d-----w- C:\Program Files (x86)\SimBin
2012-05-15 15:55:12 -------- d-----w- C:\GTR2
2012-05-15 11:20:08 -------- d-----w- C:\Users\Emanuele\AppData\Local\{B1AB6CCD-F2DB-44B8-A406-6FD1804EF4A1}
2012-05-15 11:19:55 -------- d-----w- C:\Users\Emanuele\AppData\Local\{86B754A8-D13F-4FBB-AA35-F777736C85CE}
2012-05-14 11:25:03 -------- d-----w- C:\Users\Emanuele\AppData\Local\{21B88279-548F-4E69-B174-395986AE7785}
2012-05-14 11:24:51 -------- d-----w- C:\Users\Emanuele\AppData\Local\{BE14F54C-B31A-4856-A39C-054C3D32B366}
2012-05-13 23:04:48 -------- d-----w- C:\Users\Emanuele\AppData\Local\{492DC4FE-BC53-4CB3-9F02-0E71F5544C99}
2012-05-13 14:21:33 -------- d-----w- C:\Users\Emanuele\AppData\Local\Asa_Applications
2012-05-13 14:21:31 -------- d-----w- C:\Users\Emanuele\AppData\Local\XmlEditor
2012-05-13 10:35:22 -------- d-----w- C:\Users\Emanuele\AppData\Local\{9EC83FE1-B74D-4273-A197-41E4D7735832}
2012-05-13 10:35:02 -------- d-----w- C:\Users\Emanuele\AppData\Local\{105E2875-1A8E-4CD7-9A4A-EA92E5F04F31}
2012-05-12 09:09:36 -------- d-----w- C:\Users\Emanuele\AppData\Local\{31B5E6B2-A3F2-4D9E-9208-42FD28AC619C}
2012-05-12 09:09:24 -------- d-----w- C:\Users\Emanuele\AppData\Local\{FBD73342-244D-4B2F-96A5-BEB47B849FC6}
2012-05-11 17:00:08 -------- d-----w- C:\Users\Emanuele\AppData\Local\{687E6354-7A6F-45F8-A8B3-C76CD0978602}
2012-05-11 16:59:52 -------- d-----w- C:\Users\Emanuele\AppData\Local\{C30EBE1F-A674-421C-820D-F0179744AFCE}
2012-05-10 11:35:48 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 11:35:47 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 11:35:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 11:35:43 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 11:35:41 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 11:35:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 11:35:13 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 11:34:59 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 11:34:57 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 11:34:57 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:34:56 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 11:34:56 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 11:34:56 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 10:18:38 -------- d-----w- C:\Users\Emanuele\AppData\Local\{ED616F72-1BB7-4083-8EEC-78DC21FC627F}
2012-05-10 10:18:26 -------- d-----w- C:\Users\Emanuele\AppData\Local\{0DCA88E5-839D-41D3-A1E3-6CFF5288F76C}
2012-05-09 15:41:12 -------- d-----w- C:\Users\Emanuele\AppData\Local\{0A0BF637-3821-43F5-97CB-FA10F00BBAB8}
2012-05-09 15:41:01 -------- d-----w- C:\Users\Emanuele\AppData\Local\{421722E2-255C-49E2-A4E4-16E2642154DC}
2012-05-06 13:39:01 -------- d-----w- C:\Users\Emanuele\AppData\Local\{695FD3B2-7199-4F80-A02A-968CEB74E84A}
2012-05-06 13:38:45 -------- d-----w- C:\Users\Emanuele\AppData\Local\{04A11C1D-1053-463F-A6B8-4C871CA718AF}
2012-05-05 21:50:14 -------- d-----w- C:\Users\Emanuele\AppData\Local\{E77D525D-B9C2-422D-A50A-520B85E5F9B6}
2012-05-04 17:57:23 -------- d-----w- C:\Users\Emanuele\AppData\Local\{5EDF5E3A-284C-43DD-8A09-EE1604958A8F}
2012-05-04 17:57:10 -------- d-----w- C:\Users\Emanuele\AppData\Local\{D5741BA8-230E-4233-9B3C-731F6CB35141}
2012-05-03 18:27:34 -------- d-----w- C:\Users\Emanuele\AppData\Local\{D02105E7-6B5B-4268-BB90-8F9448F1689E}
2012-05-03 18:27:22 -------- d-----w- C:\Users\Emanuele\AppData\Local\{C087F088-05EE-4155-A467-D049A7007D10}
2012-05-02 14:40:16 -------- d-----w- C:\Users\Emanuele\AppData\Local\{FC176C1A-1E4E-46EC-85EB-71FB88CA8FF6}
2012-05-02 14:40:05 -------- d-----w- C:\Users\Emanuele\AppData\Local\{D19DA69C-B294-4D63-87F2-315ABD566B7C}
2012-05-01 18:52:39 -------- d-----w- C:\Users\Emanuele\AppData\Local\{A55E234F-DC81-41FE-B14B-77FE7C5904C0}
2012-05-01 18:52:28 -------- d-----w- C:\Users\Emanuele\AppData\Local\{4F655663-3E07-4EB5-AE61-CAFC33EA4EFB}
2012-05-01 18:52:16 -------- d-----w- C:\Users\Emanuele\AppData\Local\{CEAC0B9C-F16D-4EC8-8E21-134B21E319A7}
2012-05-01 11:00:49 -------- d-----w- C:\Users\Emanuele\AppData\Local\{10BA6432-BA9D-4EBA-BCEB-7CADAC3F2C1F}
2012-05-01 11:00:37 -------- d-----w- C:\Users\Emanuele\AppData\Local\{50F1087E-66C5-46A6-80B3-167167446967}
2012-04-30 08:52:19 -------- d-----w- C:\Users\Emanuele\AppData\Local\{EC3612C1-EEDF-4C90-AAE8-91D6F03FBD61}
2012-04-30 08:52:03 -------- d-----w- C:\Users\Emanuele\AppData\Local\{3162AA68-A040-4229-9E35-539E7A52A694}
.
==================== Find3M ====================
.
2012-05-29 12:20:51 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-05-29 12:20:50 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-04-15 12:54:36 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-08 16:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 16:40:52 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-03-08 16:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 20:58:47,56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:13 PM

Posted 29 May 2012 - 08:51 PM

Hi

Please do the following:


For x64 bit systems download Farbar Recovery Scan Tool 64-Bit Download Link and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 fly-free

fly-free
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 30 May 2012 - 05:40 AM

Hi, many thanks for the help.

Here is the log:

Scan result of Farbar Recovery Scan Tool Version: 29-05-2012 02
Ran by SYSTEM at 30-05-2012 12:30:05
Running from G:\
Windows 7 Home Premium (X64) OS Language: Italian Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2009-10-29] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-10-06] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [261888 2009-09-23] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [200488 2009-10-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe" [3567616 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [258512 2012-02-03] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{9BFA0F52-63BB-410B-859F-B7E8C0C5FE6D}: [NameServer]192.168.1.1
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ======

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-02-03] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-02-03] (Avira Operations GmbH & Co. KG)
2 Communication Modem Device Manager II; "C:\Windows\SysWOW64\RegService.exe" -service [135168 2008-10-10] ()
2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [788000 2009-10-29] (Acer Incorporated)
2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3450368 2009-09-05] (Egis Technology Inc.)
3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5018624 2010-03-25] (Native Instruments GmbH)
4 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62720 2009-09-23] (NewTech Infosystems, Inc.)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-12-10] ()
2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [97312 2012-02-03] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132320 2012-02-03] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-02-03] (Avira GmbH)
3 cmusbser; C:\Windows\System32\Drivers\cmusbser.sys [118144 2008-09-01] (Mobile Connector)
3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [19968 2010-11-20] (Microsoft Corporation)
3 enecir; C:\Windows\System32\Drivers\enecir.sys [70656 2009-06-28] (ENE TECHNOLOGY INC.)
3 enecirhid; C:\Windows\System32\Drivers\enecirhid.sys [14848 2009-05-19] (ENE TECHNOLOGY INC.)
3 enecirhidma; C:\Windows\System32\Drivers\enecirhidma.sys [6656 2008-04-24] (ENE TECHNOLOGY INC.)
2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [36400 2009-12-28] (EgisTec)
2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2012-01-13] (Highresolution Enterprises [www.highrez.co.uk])
0 johci; C:\Windows\System32\Drivers\johci.sys [20392 2009-09-20] (JMicron )
3 Ltn_stk7770P; C:\Windows\System32\Drivers\Ltn_stk7770P.sys [694272 2009-08-05] (LITEON)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [239208 2011-12-02] (Realtek Semiconductor Corp.)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-21] (Duplex Secure Ltd.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-01-31] (Yamaha Corporation)
3 ysusb64; C:\Windows\System32\Drivers\ysusb64.sys [103752 2011-11-15] (Yamaha Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-30 02:14 - 2012-05-30 02:14 - 1395349 ____A C:\Users\Emanuele\Downloads\FRST64.exe
2012-05-30 02:08 - 2012-05-30 02:09 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{DAE76153-7E03-4C58-BB45-10626F68BC54}
2012-05-30 02:08 - 2012-05-30 02:08 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{E939EE60-7609-499F-91E7-19DD77B419AA}
2012-05-29 11:30 - 2012-05-29 11:30 - 0000658 ____A C:\Users\Emanuele\Downloads\defogger_disable.log
2012-05-29 11:30 - 2012-05-29 11:30 - 0000188 ____A C:\Users\Emanuele\defogger_reenable
2012-05-29 11:29 - 2012-05-29 11:29 - 0050477 ____A C:\Users\Emanuele\Downloads\Defogger.exe
2012-05-29 11:01 - 2012-05-29 11:01 - 0031020 ____A C:\Users\Emanuele\Desktop\DDS.txt
2012-05-29 11:01 - 2012-05-29 11:01 - 0012315 ____A C:\Users\Emanuele\Desktop\Attach.txt
2012-05-29 10:56 - 2012-05-29 10:56 - 0607260 ____R (Swearware) C:\Users\Emanuele\Desktop\dds.scr
2012-05-29 10:54 - 2012-05-29 10:54 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\Avira
2012-05-29 09:59 - 2012-05-29 09:59 - 0002034 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-05-29 09:59 - 2012-05-29 09:59 - 0000000 ____D C:\Users\All Users\Avira
2012-05-29 09:59 - 2012-05-29 09:59 - 0000000 ____D C:\Program Files (x86)\Avira
2012-05-29 09:59 - 2012-02-03 05:26 - 0132320 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-05-29 09:59 - 2012-02-03 05:26 - 0097312 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-05-29 09:59 - 2012-02-03 05:26 - 0027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-05-29 09:33 - 2012-05-29 10:22 - 0000000 ___SD C:\32788R22FWJFW
2012-05-29 09:30 - 2012-05-29 09:30 - 4731392 ____A (AVAST Software) C:\Users\Emanuele\Downloads\aswMBR.exe
2012-05-29 09:14 - 2012-05-29 09:14 - 4530590 ____R (Swearware) C:\Users\Emanuele\Desktop\ComboFix.exe
2012-05-29 09:14 - 2012-05-29 09:14 - 0853862 ____A C:\Users\Emanuele\Downloads\SecurityCheck.exe
2012-05-29 07:25 - 2012-05-29 10:24 - 0562264 ____A C:\Windows\ntbtlog.txt
2012-05-29 07:19 - 2012-05-29 07:19 - 0980480 ____A C:\Users\Emanuele\Downloads\MicrosoftFixit50267.msi
2012-05-29 07:10 - 2012-05-29 07:12 - 87765048 ____A C:\Users\Emanuele\Downloads\avira_free_antivirus_it.exe
2012-05-29 06:52 - 2012-05-29 06:52 - 0347424 ____A (Microsoft Corporation) C:\Users\Emanuele\Downloads\MicrosoftFixit.WindowsFirewall.RNP.133261733935359651.1.1.Run.exe
2012-05-29 06:46 - 2012-05-29 06:46 - 0005256 ____A C:\Users\Emanuele\Downloads\wscsvc.reg
2012-05-29 05:08 - 2012-05-29 05:08 - 0000736 ____A C:\Users\Emanuele\Desktop\Nuovo documento di testo.txt
2012-05-29 05:02 - 2012-05-29 10:21 - 0085314 ____A C:\Windows\PFRO.log
2012-05-29 04:57 - 2012-05-29 04:57 - 0082622 ____A C:\Users\Emanuele\Downloads\Extras.Txt
2012-05-29 04:56 - 2012-05-29 04:56 - 0133632 ____A C:\Users\Emanuele\Downloads\OTL.Txt
2012-05-29 04:56 - 2012-05-29 04:56 - 0001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-29 04:56 - 2012-05-29 04:56 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\Malwarebytes
2012-05-29 04:56 - 2012-05-29 04:56 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-29 04:56 - 2012-05-29 04:56 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-29 04:56 - 2012-04-04 05:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-05-29 04:53 - 2012-05-29 04:53 - 0139264 ____A () C:\Users\Emanuele\Downloads\RKUnhookerLE.EXE
2012-05-29 04:49 - 2012-05-29 04:50 - 0139890 ____A C:\TDSSKiller.2.7.38.0_29.05.2012_14.49.46_log.txt
2012-05-29 04:45 - 2012-05-29 04:45 - 2127448 ____A (Kaspersky Lab ZAO) C:\Users\Emanuele\Downloads\tdsskiller.exe
2012-05-29 04:45 - 2012-05-29 04:45 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Emanuele\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-29 04:45 - 2012-05-29 04:45 - 0595968 ____A (OldTimer Tools) C:\Users\Emanuele\Downloads\OTL.exe
2012-05-29 04:42 - 2012-05-29 04:42 - 0138120 ____A (ESET) C:\Users\Emanuele\Downloads\ESETSirefefRemover.exe
2012-05-29 04:37 - 2012-05-29 04:37 - 0176940 ____A C:\Users\Emanuele\Downloads\BFE.reg
2012-05-29 04:37 - 2012-05-29 04:37 - 0006396 ____A C:\Users\Emanuele\Downloads\MpsSvc.reg
2012-05-29 03:53 - 2012-05-29 04:19 - 0000000 ____D C:\Program Files (x86)\DiRT Showdown
2012-05-29 02:44 - 2012-05-29 04:07 - 0000000 ____D C:\Users\Emanuele\Downloads\ToonTrack.Superior.Drummer.v2.0.VSTi.RTAS.AU.HYBRID.AiRISO
2012-05-29 02:42 - 2012-05-29 02:48 - 0000000 ____D C:\Users\Emanuele\Downloads\ToonTrack.Superior.Drummer.VSTi.AU.RTAS.v2.3.0.Update.MAC.and WiN
2012-05-29 02:41 - 2012-05-29 02:41 - 0013363 ____A C:\Users\Emanuele\Downloads\ToonTrack_Superior_Drummer_VSTi_AU_RTAS_v2_3_0_Update_MAC_and_WiN-((Demonoid.me))_2653062.4248.torrent
2012-05-29 02:40 - 2012-05-29 02:40 - 0095085 ____A C:\Users\Emanuele\Downloads\(Demonoid.me)-ToonTrack_Superior_Drummer_v2_0_VSTi_RTAS_AU_HYBRID_AiRISO_2653062.4248.torrent
2012-05-29 02:18 - 2012-05-29 02:18 - 0018035 ____A C:\Users\Emanuele\Downloads\FXPansion_BFD_Percussion_Expansion_Pack_HYBRID_DVDR_D1-((Demonoid.me))_2653062.4248.torrent
2012-05-29 02:15 - 2012-05-29 02:15 - 0001556 ____A C:\Users\Emanuele\Downloads\FXpansion_BFD2_STANDALONE_VSTi_RTAS_v2_1_0_47_PROPER_500TH_RELEASE_ASSiGN_+-Demonoid.me-+_2653062.4248.torrent
2012-05-29 02:10 - 2012-05-29 02:10 - 0026340 ____A C:\Users\Emanuele\Downloads\FXPansion_BFD_v2_0_VSTi_RTAS_AU_HYBRID_DVDR_D4_DYNAMiCS_(Disc_4_of_5)-++Demonoid.me++_2653062.4248.torrent
2012-05-29 02:10 - 2012-05-29 02:10 - 0026232 ____A C:\Users\Emanuele\Downloads\((Demonoid.me))-FXPansion_BFD_v2_0_VSTi_RTAS_AU_HYBRID_DVDR_D5_DYNAMiCS_(Disc_5_of_5)_2653062.4248.torrent
2012-05-29 02:10 - 2012-05-29 02:10 - 0024879 ____A C:\Users\Emanuele\Downloads\(Demonoid.me)-FXPansion_BFD_v2_0_VSTi_RTAS_AU_HYBRID_DVDR_D3_DYNAMiCS_(Disc_3_of_5)_2653062.4248.torrent
2012-05-29 02:10 - 2012-05-29 02:10 - 0023948 ____A C:\Users\Emanuele\Downloads\[]Demonoid.me[]-FXPansion_BFD_v2_0_VSTi_RTAS_AU_HYBRID_DVDR_D2_DYNAMiCS_(Disc_2_of_5)_2653062.4248.torrent
2012-05-29 02:09 - 2012-05-29 02:09 - 0036147 ____A C:\Users\Emanuele\Downloads\++Demonoid.me++-FXPansion_BFD_v2_0_VSTi_RTAS_AU_HYBRID_DVDR_D1_DYNAMiCS_(Disc_1_of_5)_2653062.4248.torrent
2012-05-29 02:07 - 2012-05-29 02:07 - 0020281 ____A C:\Users\Emanuele\Downloads\o-Demonoid.me-o_FXPansion_BFD_Percussion_Expansion_Pack_HYBRID_DVDR_D2_AiRISO_2653062.4248.torrent
2012-05-29 02:00 - 2012-05-29 02:00 - 0000000 ____D C:\Users\Emanuele\Downloads\Avatar The Last Airbender S03e01-21[XviD-Ita Eng Mp3](TNT Village)
2012-05-29 01:44 - 2012-05-29 03:47 - 0000000 ____D C:\Users\Emanuele\Downloads\Avatar The Last Airbender S02e01-20[XviD-Ita Eng Mp3](TNT Village)
2012-05-29 01:44 - 2012-05-29 03:23 - 0000000 ____D C:\Users\Emanuele\Downloads\Avatar The Last Airbender S01e01-20[XviD-Ita Eng Mp3](TNT Village)
2012-05-29 01:42 - 2012-05-29 01:42 - 0176089 ____A C:\Users\Emanuele\Downloads\Avatar The Last Airbender S03e01-21.torrent
2012-05-29 01:42 - 2012-05-29 01:42 - 0153357 ____A C:\Users\Emanuele\Downloads\Avatar The Last Airbender S02e01-20.torrent
2012-05-29 01:41 - 2012-05-29 01:41 - 0182665 ____A C:\Users\Emanuele\Downloads\Avatar The Last Airbender S01e01-20.torrent
2012-05-29 00:51 - 2012-05-29 00:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{44B62185-0E48-4FFD-8903-ABF293D8D484}
2012-05-29 00:51 - 2012-05-29 00:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{154FFCE8-4942-40C4-B08D-FC347D941706}
2012-05-28 14:08 - 2012-05-28 14:08 - 0000000 ____D C:\Users\Emanuele\Documents\Toontrack
2012-05-28 14:08 - 2012-05-28 14:08 - 0000000 ____D C:\Users\All Users\Toontrack
2012-05-28 13:51 - 2012-05-28 13:51 - 0000000 ____D C:\Program Files (x86)\Toontrack
2012-05-28 09:18 - 2012-05-28 09:45 - 0000000 ____D C:\Users\Emanuele\Downloads\ToonTrack.Americana.EZX.Win.EXPANSION-AudioP2P
2012-05-28 08:47 - 2012-05-28 13:54 - 0000000 ____D C:\Users\Emanuele\Downloads\Toontrack EZdrummer v1.3.1 Update
2012-05-28 08:47 - 2012-05-28 08:47 - 0015779 ____A C:\Users\Emanuele\Downloads\((Demonoid.me))-ToonTrack_Americana_EZX_Win_EXPANSION_AudioP2P_2653062.4248.torrent
2012-05-28 08:46 - 2012-05-28 08:46 - 0017032 ____A C:\Users\Emanuele\Downloads\((Demonoid.me))-Toontrack_EZdrummer_v1_3_1_Update_2653062.4248.torrent
2012-05-28 08:39 - 2012-05-28 13:34 - 0000000 ____D C:\Users\Emanuele\Downloads\EZDRUMMER
2012-05-28 08:37 - 2012-05-28 08:37 - 0029905 ____A C:\Users\Emanuele\Downloads\+-Demonoid.me-+_Toontrack_Ezdrummer_1_16_all_8_expansions_in_1_dvd_(easy_autorun_feature)_2653062.4248.torrent
2012-05-27 14:18 - 2012-05-27 14:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{28FC3CA6-D977-4E51-8820-015F4B0CB3ED}
2012-05-27 14:18 - 2012-05-27 14:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{24AA71C3-0B31-4FA6-836E-6CEBD2DDE823}
2012-05-27 02:14 - 2012-05-27 02:14 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{21635655-ADFB-4543-9C96-27C0324FB551}
2012-05-27 02:14 - 2012-05-27 02:14 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{022A12D2-5285-4CEF-8FBA-6E84E817B3B7}
2012-05-26 08:20 - 2012-05-26 08:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{2A9A6BDB-CBBE-4E0B-834D-D1744C63ADC4}
2012-05-26 08:19 - 2012-05-26 08:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{3BB37054-16C9-44C3-B70E-4F651A1AD06C}
2012-05-25 15:11 - 2012-05-29 03:23 - 0000000 ____D C:\Users\Emanuele\Downloads\DiRT Showdown-FLT
2012-05-25 15:08 - 2012-05-25 15:09 - 0016874 ____A C:\Users\Emanuele\Downloads\DiRT_Showdown_FLT-_=Demonoid.me=__2653062.4248.torrent
2012-05-25 06:28 - 2012-05-25 06:28 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{45727E01-E719-411E-B56F-F138B8CF3E69}
2012-05-25 06:28 - 2012-05-25 06:28 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{068D99DE-1B59-4217-87C8-0E24B6745608}
2012-05-24 02:10 - 2012-05-24 02:10 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A213ADC7-BBFB-41E3-9A0A-A2D609956185}
2012-05-23 08:57 - 2012-05-23 08:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{4325ADCC-2D80-45CE-974C-DCD242B4A85B}
2012-05-23 08:56 - 2012-05-23 08:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{AF2ABE16-3C3E-4AD9-A16D-E6FDD5392597}
2012-05-22 04:12 - 2012-05-22 04:12 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{DD3E4573-31DA-4A40-B4A3-6B812B756DBF}
2012-05-22 04:12 - 2012-05-22 04:12 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{23983768-8E47-449F-867C-902F8714AB71}
2012-05-21 14:02 - 2012-05-24 02:58 - 0000000 ____D C:\Users\Emanuele\Desktop\Nuova cartella
2012-05-21 12:42 - 2012-05-21 12:42 - 515298802 ____A C:\Windows\MEMORY.DMP
2012-05-21 12:42 - 2012-05-21 12:42 - 0275912 ____A C:\Windows\Minidump\052112-25194-01.dmp
2012-05-21 04:53 - 2012-05-21 04:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A5013CEB-128D-43B0-B265-A6337A10A785}
2012-05-21 04:53 - 2012-05-21 04:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9B17AD9A-A77D-46C4-860A-DDE27DEB3779}
2012-05-20 12:38 - 2012-05-30 02:05 - 0004088 ____A C:\Windows\setupact.log
2012-05-20 12:38 - 2012-05-20 12:38 - 0000000 ____A C:\Windows\setuperr.log
2012-05-20 10:54 - 2012-05-20 10:54 - 0323662 ____A C:\Users\Emanuele\Documents\cc_20120520_205359.reg
2012-05-20 06:14 - 2012-05-20 06:14 - 0000000 ____D C:\Users\Emanuele\Downloads\wtcced
2012-05-20 05:47 - 2012-05-20 05:47 - 0000000 ____D C:\Users\Emanuele\Downloads\Autoruns
2012-05-20 05:44 - 2012-05-20 05:44 - 0000000 ____D C:\Program Files\CCleaner
2012-05-20 05:19 - 2012-05-20 05:21 - 0000000 ____D C:\Program Files (x86)\Solar System 3D Screensaver
2012-05-20 05:16 - 2006-10-22 05:53 - 4305769 ____A C:\Windows\SysWOW64\Free Solar System Screensaver.scr
2012-05-20 04:57 - 2012-05-20 04:57 - 0000000 ____D C:\Program Files (x86)\ScreenSaverGift
2012-05-20 04:55 - 2012-05-20 04:59 - 0000000 ____D C:\Program Files (x86)\DesktopAnimated
2012-05-20 04:21 - 2012-05-20 04:26 - 0000000 ____D C:\Program Files (x86)\Free 3D Earth Screensaver
2012-05-20 04:21 - 2012-05-20 04:21 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\TERMINAL Studio
2012-05-20 04:09 - 2012-05-20 04:11 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\2Flyer
2012-05-20 03:44 - 2012-05-20 04:11 - 0000000 ____D C:\Users\All Users\Laconic Software
2012-05-20 02:48 - 2012-05-20 02:48 - 0112516 ____A C:\Users\Emanuele\Downloads\Austin Powers - Il Controspione.torrent
2012-05-20 01:56 - 2012-05-20 01:56 - 0034411 ____A C:\Users\Emanuele\Downloads\Monty Python e il Senso della Vita.torrent
2012-05-20 01:55 - 2012-05-20 01:55 - 0227359 ____A C:\Users\Emanuele\Downloads\Full Monty.torrent
2012-05-20 01:37 - 2012-05-20 01:37 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{DE4DF44A-D00E-49BA-BBA7-5DEF1B5AA69E}
2012-05-20 01:37 - 2012-05-20 01:37 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9B2BF2E0-8725-4A3F-B928-F3CF938B7C08}
2012-05-19 04:04 - 2012-05-19 04:05 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{EAFAB02A-886A-46C9-88ED-D08CE621DD5E}
2012-05-19 04:04 - 2012-05-19 04:04 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{2BE4192C-1D73-46E8-B229-A7F3E539F7AC}
2012-05-18 15:25 - 2012-05-18 15:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C9250250-3C79-4B45-84BA-77BBB33996C1}
2012-05-18 15:25 - 2012-05-18 15:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{BFF5487B-96F5-4659-8565-92A477185D59}
2012-05-18 04:35 - 2011-12-07 01:24 - 0000000 ____D C:\Users\Emanuele\Downloads\Default GTR2 Reborn 06-12-2011
2012-05-18 01:05 - 2012-05-18 01:05 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{F811DB19-CB6B-4821-8CA5-152651577AA3}
2012-05-17 05:35 - 2012-05-17 05:35 - 0000000 ____D C:\Program Files\Logitech
2012-05-17 02:48 - 2012-05-17 02:48 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{2F80060C-1FB5-43D7-9642-2AACB281D834}
2012-05-16 12:43 - 2012-05-27 12:27 - 0002050 ____A C:\Users\Public\Desktop\Race Injection.lnk
2012-05-16 04:19 - 2012-05-16 04:19 - 0000000 ____D C:\Users\Emanuele\Documents\SimBin
2012-05-16 03:33 - 2012-05-16 03:33 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9D6E8855-0F8A-479D-A5A5-03F5CD113AE8}
2012-05-16 03:32 - 2012-05-16 03:33 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{090D649D-FB5D-44AA-80B4-BCDE898995D9}
2012-05-16 03:19 - 2012-05-24 02:17 - 0000000 ____D C:\Program Files (x86)\SimBin
2012-05-15 09:45 - 2012-05-15 18:58 - 0000000 ____D C:\Users\Emanuele\Downloads\Race.Injection-2xDVD5.BlueLions
2012-05-15 07:59 - 2012-05-26 09:15 - 0001400 ____A C:\Users\Emanuele\Desktop\GTR 2.lnk
2012-05-15 07:55 - 2012-05-18 04:51 - 0000000 ____D C:\GTR2
2012-05-15 03:45 - 2012-05-15 07:52 - 0000000 ____D C:\Users\Emanuele\Downloads\GTR 2
2012-05-15 03:20 - 2012-05-15 03:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{B1AB6CCD-F2DB-44B8-A406-6FD1804EF4A1}
2012-05-15 03:19 - 2012-05-15 03:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{86B754A8-D13F-4FBB-AA35-F777736C85CE}
2012-05-14 03:25 - 2012-05-14 03:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{21B88279-548F-4E69-B174-395986AE7785}
2012-05-14 03:24 - 2012-05-14 03:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{BE14F54C-B31A-4856-A39C-054C3D32B366}
2012-05-13 15:04 - 2012-05-13 15:04 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{492DC4FE-BC53-4CB3-9F02-0E71F5544C99}
2012-05-13 06:21 - 2012-05-13 06:21 - 0000000 ____D C:\Users\Emanuele\AppData\Local\XmlEditor
2012-05-13 06:21 - 2012-05-13 06:21 - 0000000 ____D C:\Users\Emanuele\AppData\Local\Asa_Applications
2012-05-13 02:35 - 2012-05-13 02:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9EC83FE1-B74D-4273-A197-41E4D7735832}
2012-05-13 02:35 - 2012-05-13 02:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{105E2875-1A8E-4CD7-9A4A-EA92E5F04F31}
2012-05-12 10:53 - 2012-05-12 10:54 - 0000000 ____D C:\Users\Emanuele\Downloads\xvi32
2012-05-12 01:09 - 2012-05-12 01:09 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{FBD73342-244D-4B2F-96A5-BEB47B849FC6}
2012-05-12 01:09 - 2012-05-12 01:09 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{31B5E6B2-A3F2-4D9E-9208-42FD28AC619C}
2012-05-11 09:00 - 2012-05-11 09:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{687E6354-7A6F-45F8-A8B3-C76CD0978602}
2012-05-11 08:59 - 2012-05-11 09:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C30EBE1F-A674-421C-820D-F0179744AFCE}
2012-05-11 07:37 - 2012-05-11 07:37 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 07:37 - 2012-05-11 07:37 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 03:35 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-10 03:35 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-10 03:35 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-10 03:35 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 03:35 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 03:35 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-10 03:35 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-10 03:34 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 02:18 - 2012-05-10 02:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{ED616F72-1BB7-4083-8EEC-78DC21FC627F}
2012-05-10 02:18 - 2012-05-10 02:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{0DCA88E5-839D-41D3-A1E3-6CFF5288F76C}
2012-05-09 07:41 - 2012-05-09 07:41 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{421722E2-255C-49E2-A4E4-16E2642154DC}
2012-05-09 07:41 - 2012-05-09 07:41 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{0A0BF637-3821-43F5-97CB-FA10F00BBAB8}
2012-05-06 05:39 - 2012-05-06 05:39 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{695FD3B2-7199-4F80-A02A-968CEB74E84A}
2012-05-06 05:38 - 2012-05-06 05:39 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{04A11C1D-1053-463F-A6B8-4C871CA718AF}
2012-05-05 13:50 - 2012-05-05 13:50 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{E77D525D-B9C2-422D-A50A-520B85E5F9B6}
2012-05-04 09:57 - 2012-05-04 09:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D5741BA8-230E-4233-9B3C-731F6CB35141}
2012-05-04 09:57 - 2012-05-04 09:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{5EDF5E3A-284C-43DD-8A09-EE1604958A8F}
2012-05-04 07:43 - 2012-05-04 07:43 - 0000165 ___AH C:\Users\Emanuele\Desktop\~$P90X Workout Manager.xlsm
2012-05-03 10:27 - 2012-05-03 10:27 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D02105E7-6B5B-4268-BB90-8F9448F1689E}
2012-05-03 10:27 - 2012-05-03 10:27 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C087F088-05EE-4155-A467-D049A7007D10}
2012-05-02 06:40 - 2012-05-02 06:40 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{FC176C1A-1E4E-46EC-85EB-71FB88CA8FF6}
2012-05-02 06:40 - 2012-05-02 06:40 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D19DA69C-B294-4D63-87F2-315ABD566B7C}
2012-05-01 10:52 - 2012-05-01 10:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{CEAC0B9C-F16D-4EC8-8E21-134B21E319A7}
2012-05-01 10:52 - 2012-05-01 10:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A55E234F-DC81-41FE-B14B-77FE7C5904C0}
2012-05-01 10:52 - 2012-05-01 10:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{4F655663-3E07-4EB5-AE61-CAFC33EA4EFB}
2012-05-01 03:00 - 2012-05-01 03:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{50F1087E-66C5-46A6-80B3-167167446967}
2012-05-01 03:00 - 2012-05-01 03:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{10BA6432-BA9D-4EBA-BCEB-7CADAC3F2C1F}
2012-04-30 00:52 - 2012-04-30 00:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{EC3612C1-EEDF-4C90-AAE8-91D6F03FBD61}
2012-04-30 00:52 - 2012-04-30 00:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{3162AA68-A040-4229-9E35-539E7A52A694}


============ 3 Months Modified Files and Folders =============

2012-05-30 12:30 - 2012-05-30 12:29 - 0000000 ____D C:\FRST
2012-05-30 02:17 - 2009-12-27 23:58 - 1159108 ____A C:\Windows\WindowsUpdate.log
2012-05-30 02:14 - 2012-05-30 02:14 - 1395349 ____A C:\Users\Emanuele\Downloads\FRST64.exe
2012-05-30 02:14 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-30 02:14 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-30 02:11 - 2009-12-28 08:44 - 0731298 ____A C:\Windows\System32\perfh010.dat
2012-05-30 02:11 - 2009-12-28 08:44 - 0143430 ____A C:\Windows\System32\perfc010.dat
2012-05-30 02:11 - 2009-07-13 21:13 - 1633176 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-30 02:09 - 2012-05-30 02:08 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{DAE76153-7E03-4C58-BB45-10626F68BC54}
2012-05-30 02:08 - 2012-05-30 02:08 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{E939EE60-7609-499F-91E7-19DD77B419AA}
2012-05-30 02:08 - 2010-11-09 03:26 - 0000000 ____D C:\Users\Emanuele\AppData\Local\Windows Live
2012-05-30 02:05 - 2012-05-20 12:38 - 0004088 ____A C:\Windows\setupact.log
2012-05-30 02:05 - 2010-11-09 12:43 - 0001146 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-30 02:05 - 2009-12-27 23:55 - 3169927168 __ASH C:\hiberfil.sys
2012-05-30 02:05 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-29 11:30 - 2012-05-29 11:30 - 0000658 ____A C:\Users\Emanuele\Downloads\defogger_disable.log
2012-05-29 11:30 - 2012-05-29 11:30 - 0000188 ____A C:\Users\Emanuele\defogger_reenable
2012-05-29 11:30 - 2010-11-09 12:43 - 0001150 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-29 11:30 - 2010-11-08 10:58 - 0000000 ____D C:\users\Emanuele
2012-05-29 11:29 - 2012-05-29 11:29 - 0050477 ____A C:\Users\Emanuele\Downloads\Defogger.exe
2012-05-29 11:01 - 2012-05-29 11:01 - 0031020 ____A C:\Users\Emanuele\Desktop\DDS.txt
2012-05-29 11:01 - 2012-05-29 11:01 - 0012315 ____A C:\Users\Emanuele\Desktop\Attach.txt
2012-05-29 10:56 - 2012-05-29 10:56 - 0607260 ____R (Swearware) C:\Users\Emanuele\Desktop\dds.scr
2012-05-29 10:54 - 2012-05-29 10:54 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\Avira
2012-05-29 10:52 - 2011-09-16 03:51 - 0001172 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4124771047-1836047825-3481439714-1001UA.job
2012-05-29 10:24 - 2012-05-29 07:25 - 0562264 ____A C:\Windows\ntbtlog.txt
2012-05-29 10:22 - 2012-05-29 09:33 - 0000000 ___SD C:\32788R22FWJFW
2012-05-29 10:21 - 2012-05-29 05:02 - 0085314 ____A C:\Windows\PFRO.log
2012-05-29 09:59 - 2012-05-29 09:59 - 0002034 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-05-29 09:59 - 2012-05-29 09:59 - 0000000 ____D C:\Users\All Users\Avira
2012-05-29 09:59 - 2012-05-29 09:59 - 0000000 ____D C:\Program Files (x86)\Avira
2012-05-29 09:36 - 2010-12-04 11:49 - 0000270 _RASH C:\Users\All Users\ntuser.pol
2012-05-29 09:33 - 2009-07-13 21:08 - 0032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-29 09:30 - 2012-05-29 09:30 - 4731392 ____A (AVAST Software) C:\Users\Emanuele\Downloads\aswMBR.exe
2012-05-29 09:26 - 2010-11-09 14:15 - 0000000 ____D C:\Users\Emanuele\AppData\Local\Adobe
2012-05-29 09:26 - 2009-11-26 12:30 - 0000000 ____D C:\Users\All Users\Adobe
2012-05-29 09:14 - 2012-05-29 09:14 - 4530590 ____R (Swearware) C:\Users\Emanuele\Desktop\ComboFix.exe
2012-05-29 09:14 - 2012-05-29 09:14 - 0853862 ____A C:\Users\Emanuele\Downloads\SecurityCheck.exe
2012-05-29 07:19 - 2012-05-29 07:19 - 0980480 ____A C:\Users\Emanuele\Downloads\MicrosoftFixit50267.msi
2012-05-29 07:12 - 2012-05-29 07:10 - 87765048 ____A C:\Users\Emanuele\Downloads\avira_free_antivirus_it.exe
2012-05-29 06:53 - 2010-12-08 06:12 - 0000000 ____D C:\Users\Emanuele\AppData\Local\ElevatedDiagnostics
2012-05-29 06:52 - 2012-05-29 06:52 - 0347424 ____A (Microsoft Corporation) C:\Users\Emanuele\Downloads\MicrosoftFixit.WindowsFirewall.RNP.133261733935359651.1.1.Run.exe
2012-05-29 06:46 - 2012-05-29 06:46 - 0005256 ____A C:\Users\Emanuele\Downloads\wscsvc.reg
2012-05-29 05:08 - 2012-05-29 05:08 - 0000736 ____A C:\Users\Emanuele\Desktop\Nuovo documento di testo.txt
2012-05-29 04:57 - 2012-05-29 04:57 - 0082622 ____A C:\Users\Emanuele\Downloads\Extras.Txt
2012-05-29 04:56 - 2012-05-29 04:56 - 0133632 ____A C:\Users\Emanuele\Downloads\OTL.Txt
2012-05-29 04:56 - 2012-05-29 04:56 - 0001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-29 04:56 - 2012-05-29 04:56 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\Malwarebytes
2012-05-29 04:56 - 2012-05-29 04:56 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-29 04:56 - 2012-05-29 04:56 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-29 04:53 - 2012-05-29 04:53 - 0139264 ____A () C:\Users\Emanuele\Downloads\RKUnhookerLE.EXE
2012-05-29 04:50 - 2012-05-29 04:49 - 0139890 ____A C:\TDSSKiller.2.7.38.0_29.05.2012_14.49.46_log.txt
2012-05-29 04:45 - 2012-05-29 04:45 - 2127448 ____A (Kaspersky Lab ZAO) C:\Users\Emanuele\Downloads\tdsskiller.exe
2012-05-29 04:45 - 2012-05-29 04:45 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Emanuele\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-29 04:45 - 2012-05-29 04:45 - 0595968 ____A (OldTimer Tools) C:\Users\Emanuele\Downloads\OTL.exe
2012-05-29 04:42 - 2012-05-29 04:42 - 0138120 ____A (ESET) C:\Users\Emanuele\Downloads\ESETSirefefRemover.exe
2012-05-29 04:37 - 2012-05-29 04:37 - 0176940 ____A C:\Users\Emanuele\Downloads\BFE.reg
2012-05-29 04:37 - 2012-05-29 04:37 - 0006396 ____A C:\Users\Emanuele\Downloads\MpsSvc.reg
2012-05-29 04:26 - 2010-12-15 13:23 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\uTorrent
2012-05-29 04:20 - 2011-04-29 03:07 - 0122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-29 04:20 - 2011-04-29 03:07 - 0109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-05-29 04:20 - 2011-04-29 03:07 - 0000000 ____D C:\Program Files (x86)\BRS
2012-05-29 04:19 - 2012-05-29 03:53 - 0000000 ____D C:\Program Files (x86)\DiRT Showdown
2012-05-29 04:07 - 2012-05-29 02:44 - 0000000 ____D C:\Users\Emanuele\Downloads\ToonTrack.Superior.Drummer.v2.0.VSTi.RTAS.AU.HYBRID.AiRISO
2012-05-29 03:52 - 2010-12-03 11:46 - 0000441 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-05-29 03:47 - 2012-05-29 01:44 - 0000000 ____D C:\Users\Emanuele\Downloads\Avatar The Last Airbender S02e01-20[XviD-Ita Eng Mp3](TNT Village)
2012-05-29 03:23 - 2012-05-29 01:44 - 0000000 ____D C:\Users\Emanuele\Downloads\Avatar The Last Airbender S01e01-20[XviD-Ita Eng Mp3](TNT Village)
2012-05-29 03:23 - 2012-05-25 15:11 - 0000000 ____D C:\Users\Emanuele\Downloads\DiRT Showdown-FLT
2012-05-29 02:48 - 2012-05-29 02:42 - 0000000 ____D C:\Users\Emanuele\Downloads\ToonTrack.Superior.Drummer.VSTi.AU.RTAS.v2.3.0.Update.MAC.and WiN
2012-05-29 02:41 - 2012-05-29 02:41 - 0013363 ____A C:\Users\Emanuele\Downloads\ToonTrack_Superior_Drummer_VSTi_AU_RTAS_v2_3_0_Update_MAC_and_WiN-((Demonoid.me))_2653062.4248.torrent
2012-05-29 02:40 - 2012-05-29 02:40 - 0095085 ____A C:\Users\Emanuele\Downloads\(Demonoid.me)-ToonTrack_Superior_Drummer_v2_0_VSTi_RTAS_AU_HYBRID_AiRISO_2653062.4248.torrent
2012-05-29 02:18 - 2012-05-29 02:18 - 0018035 ____A C:\Users\Emanuele\Downloads\FXPansion_BFD_Percussion_Expansion_Pack_HYBRID_DVDR_D1-((Demonoid.me))_2653062.4248.torrent
2012-05-29 02:15 - 2012-05-29 02:15 - 0001556 ____A C:\Users\Emanuele\Downloads\FXpansion_BFD2_STANDALONE_VSTi_RTAS_v2_1_0_47_PROPER_500TH_RELEASE_ASSiGN_+-Demonoid.me-+_2653062.4248.torrent
2012-05-29 02:10 - 2012-05-29 02:10 - 0026340 ____A C:\Users\Emanuele\Downloads\FXPansion_BFD_v2_0_VSTi_RTAS_AU_HYBRID_DVDR_D4_DYNAMiCS_(Disc_4_of_5)-++Demonoid.me++_2653062.4248.torrent
2012-05-29 02:10 - 2012-05-29 02:10 - 0026232 ____A C:\Users\Emanuele\Downloads\((Demonoid.me))-FXPansion_BFD_v2_0_VSTi_RTAS_AU_HYBRID_DVDR_D5_DYNAMiCS_(Disc_5_of_5)_2653062.4248.torrent
2012-05-29 02:10 - 2012-05-29 02:10 - 0024879 ____A C:\Users\Emanuele\Downloads\(Demonoid.me)-FXPansion_BFD_v2_0_VSTi_RTAS_AU_HYBRID_DVDR_D3_DYNAMiCS_(Disc_3_of_5)_2653062.4248.torrent
2012-05-29 02:10 - 2012-05-29 02:10 - 0023948 ____A C:\Users\Emanuele\Downloads\[]Demonoid.me[]-FXPansion_BFD_v2_0_VSTi_RTAS_AU_HYBRID_DVDR_D2_DYNAMiCS_(Disc_2_of_5)_2653062.4248.torrent
2012-05-29 02:09 - 2012-05-29 02:09 - 0036147 ____A C:\Users\Emanuele\Downloads\++Demonoid.me++-FXPansion_BFD_v2_0_VSTi_RTAS_AU_HYBRID_DVDR_D1_DYNAMiCS_(Disc_1_of_5)_2653062.4248.torrent
2012-05-29 02:07 - 2012-05-29 02:07 - 0020281 ____A C:\Users\Emanuele\Downloads\o-Demonoid.me-o_FXPansion_BFD_Percussion_Expansion_Pack_HYBRID_DVDR_D2_AiRISO_2653062.4248.torrent
2012-05-29 02:00 - 2012-05-29 02:00 - 0000000 ____D C:\Users\Emanuele\Downloads\Avatar The Last Airbender S03e01-21[XviD-Ita Eng Mp3](TNT Village)
2012-05-29 01:48 - 2011-07-09 10:27 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\vlc
2012-05-29 01:42 - 2012-05-29 01:42 - 0176089 ____A C:\Users\Emanuele\Downloads\Avatar The Last Airbender S03e01-21.torrent
2012-05-29 01:42 - 2012-05-29 01:42 - 0153357 ____A C:\Users\Emanuele\Downloads\Avatar The Last Airbender S02e01-20.torrent
2012-05-29 01:41 - 2012-05-29 01:41 - 0182665 ____A C:\Users\Emanuele\Downloads\Avatar The Last Airbender S01e01-20.torrent
2012-05-29 00:51 - 2012-05-29 00:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{44B62185-0E48-4FFD-8903-ABF293D8D484}
2012-05-29 00:51 - 2012-05-29 00:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{154FFCE8-4942-40C4-B08D-FC347D941706}
2012-05-28 15:01 - 2012-01-12 12:23 - 0000000 ____D C:\Users\Emanuele\Documents\Cubase Projects
2012-05-28 14:08 - 2012-05-28 14:08 - 0000000 ____D C:\Users\Emanuele\Documents\Toontrack
2012-05-28 14:08 - 2012-05-28 14:08 - 0000000 ____D C:\Users\All Users\Toontrack
2012-05-28 13:59 - 2010-12-26 03:38 - 0000000 ____D C:\Program Files (x86)\VstPlugins
2012-05-28 13:54 - 2012-05-28 08:47 - 0000000 ____D C:\Users\Emanuele\Downloads\Toontrack EZdrummer v1.3.1 Update
2012-05-28 13:51 - 2012-05-28 13:51 - 0000000 ____D C:\Program Files (x86)\Toontrack
2012-05-28 13:46 - 2010-11-21 05:36 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\DAEMON Tools Lite
2012-05-28 13:34 - 2012-05-28 08:39 - 0000000 ____D C:\Users\Emanuele\Downloads\EZDRUMMER
2012-05-28 09:45 - 2012-05-28 09:18 - 0000000 ____D C:\Users\Emanuele\Downloads\ToonTrack.Americana.EZX.Win.EXPANSION-AudioP2P
2012-05-28 08:47 - 2012-05-28 08:47 - 0015779 ____A C:\Users\Emanuele\Downloads\((Demonoid.me))-ToonTrack_Americana_EZX_Win_EXPANSION_AudioP2P_2653062.4248.torrent
2012-05-28 08:46 - 2012-05-28 08:46 - 0017032 ____A C:\Users\Emanuele\Downloads\((Demonoid.me))-Toontrack_EZdrummer_v1_3_1_Update_2653062.4248.torrent
2012-05-28 08:37 - 2012-05-28 08:37 - 0029905 ____A C:\Users\Emanuele\Downloads\+-Demonoid.me-+_Toontrack_Ezdrummer_1_16_all_8_expansions_in_1_dvd_(easy_autorun_feature)_2653062.4248.torrent
2012-05-28 01:28 - 2011-09-16 03:51 - 0001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4124771047-1836047825-3481439714-1001Core.job
2012-05-27 14:18 - 2012-05-27 14:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{28FC3CA6-D977-4E51-8820-015F4B0CB3ED}
2012-05-27 14:18 - 2012-05-27 14:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{24AA71C3-0B31-4FA6-836E-6CEBD2DDE823}
2012-05-27 12:27 - 2012-05-16 12:43 - 0002050 ____A C:\Users\Public\Desktop\Race Injection.lnk
2012-05-27 02:14 - 2012-05-27 02:14 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{21635655-ADFB-4543-9C96-27C0324FB551}
2012-05-27 02:14 - 2012-05-27 02:14 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{022A12D2-5285-4CEF-8FBA-6E84E817B3B7}
2012-05-26 09:15 - 2012-05-15 07:59 - 0001400 ____A C:\Users\Emanuele\Desktop\GTR 2.lnk
2012-05-26 08:20 - 2012-05-26 08:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{2A9A6BDB-CBBE-4E0B-834D-D1744C63ADC4}
2012-05-26 08:20 - 2012-05-26 08:19 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{3BB37054-16C9-44C3-B70E-4F651A1AD06C}
2012-05-25 15:09 - 2012-05-25 15:08 - 0016874 ____A C:\Users\Emanuele\Downloads\DiRT_Showdown_FLT-_=Demonoid.me=__2653062.4248.torrent
2012-05-25 06:28 - 2012-05-25 06:28 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{45727E01-E719-411E-B56F-F138B8CF3E69}
2012-05-25 06:28 - 2012-05-25 06:28 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{068D99DE-1B59-4217-87C8-0E24B6745608}
2012-05-24 03:54 - 2011-08-02 12:40 - 0000000 ____D C:\Cakewalk Projects
2012-05-24 02:58 - 2012-05-21 14:02 - 0000000 ____D C:\Users\Emanuele\Desktop\Nuova cartella
2012-05-24 02:17 - 2012-05-16 03:19 - 0000000 ____D C:\Program Files (x86)\SimBin
2012-05-24 02:10 - 2012-05-24 02:10 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A213ADC7-BBFB-41E3-9A0A-A2D609956185}
2012-05-23 08:57 - 2012-05-23 08:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{4325ADCC-2D80-45CE-974C-DCD242B4A85B}
2012-05-23 08:57 - 2012-05-23 08:56 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{AF2ABE16-3C3E-4AD9-A16D-E6FDD5392597}
2012-05-22 04:12 - 2012-05-22 04:12 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{DD3E4573-31DA-4A40-B4A3-6B812B756DBF}
2012-05-22 04:12 - 2012-05-22 04:12 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{23983768-8E47-449F-867C-902F8714AB71}
2012-05-21 12:42 - 2012-05-21 12:42 - 515298802 ____A C:\Windows\MEMORY.DMP
2012-05-21 12:42 - 2012-05-21 12:42 - 0275912 ____A C:\Windows\Minidump\052112-25194-01.dmp
2012-05-21 12:42 - 2010-11-09 02:21 - 0000000 ____D C:\Windows\Minidump
2012-05-21 05:27 - 2012-04-15 06:31 - 0000000 ____D C:\Users\Emanuele\Desktop\P90X.Xtreme
2012-05-21 04:53 - 2012-05-21 04:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A5013CEB-128D-43B0-B265-A6337A10A785}
2012-05-21 04:53 - 2012-05-21 04:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9B17AD9A-A77D-46C4-860A-DDE27DEB3779}
2012-05-21 04:13 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-20 12:38 - 2012-05-20 12:38 - 0000000 ____A C:\Windows\setuperr.log
2012-05-20 10:54 - 2012-05-20 10:54 - 0323662 ____A C:\Users\Emanuele\Documents\cc_20120520_205359.reg
2012-05-20 10:48 - 2011-08-02 01:18 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-20 10:48 - 2010-11-09 10:13 - 0000000 ____D C:\Program Files (x86)\Steam
2012-05-20 10:47 - 2012-02-11 10:41 - 0000000 ____D C:\Users\Emanuele\AppData\Local\CrashDumps
2012-05-20 10:47 - 2010-11-19 02:32 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\Skype
2012-05-20 10:47 - 2010-11-09 03:37 - 0000000 ____D C:\Users\Emanuele\Tracing
2012-05-20 10:47 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\ModemLogs
2012-05-20 10:47 - 2007-07-11 17:49 - 0000000 ____D C:\Windows\Panther
2012-05-20 06:14 - 2012-05-20 06:14 - 0000000 ____D C:\Users\Emanuele\Downloads\wtcced
2012-05-20 05:47 - 2012-05-20 05:47 - 0000000 ____D C:\Users\Emanuele\Downloads\Autoruns
2012-05-20 05:44 - 2012-05-20 05:44 - 0000000 ____D C:\Program Files\CCleaner
2012-05-20 05:21 - 2012-05-20 05:19 - 0000000 ____D C:\Program Files (x86)\Solar System 3D Screensaver
2012-05-20 04:59 - 2012-05-20 04:55 - 0000000 ____D C:\Program Files (x86)\DesktopAnimated
2012-05-20 04:57 - 2012-05-20 04:57 - 0000000 ____D C:\Program Files (x86)\ScreenSaverGift
2012-05-20 04:26 - 2012-05-20 04:21 - 0000000 ____D C:\Program Files (x86)\Free 3D Earth Screensaver
2012-05-20 04:21 - 2012-05-20 04:21 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\TERMINAL Studio
2012-05-20 04:11 - 2012-05-20 04:09 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\2Flyer
2012-05-20 04:11 - 2012-05-20 03:44 - 0000000 ____D C:\Users\All Users\Laconic Software
2012-05-20 02:48 - 2012-05-20 02:48 - 0112516 ____A C:\Users\Emanuele\Downloads\Austin Powers - Il Controspione.torrent
2012-05-20 01:56 - 2012-05-20 01:56 - 0034411 ____A C:\Users\Emanuele\Downloads\Monty Python e il Senso della Vita.torrent
2012-05-20 01:55 - 2012-05-20 01:55 - 0227359 ____A C:\Users\Emanuele\Downloads\Full Monty.torrent
2012-05-20 01:37 - 2012-05-20 01:37 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{DE4DF44A-D00E-49BA-BBA7-5DEF1B5AA69E}
2012-05-20 01:37 - 2012-05-20 01:37 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9B2BF2E0-8725-4A3F-B928-F3CF938B7C08}
2012-05-19 12:52 - 2011-08-17 09:06 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\Mozilla
2012-05-19 04:05 - 2012-05-19 04:04 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{EAFAB02A-886A-46C9-88ED-D08CE621DD5E}
2012-05-19 04:04 - 2012-05-19 04:04 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{2BE4192C-1D73-46E8-B229-A7F3E539F7AC}
2012-05-18 15:25 - 2012-05-18 15:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C9250250-3C79-4B45-84BA-77BBB33996C1}
2012-05-18 15:25 - 2012-05-18 15:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{BFF5487B-96F5-4659-8565-92A477185D59}
2012-05-18 04:51 - 2012-05-15 07:55 - 0000000 ____D C:\GTR2
2012-05-18 01:05 - 2012-05-18 01:05 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{F811DB19-CB6B-4821-8CA5-152651577AA3}
2012-05-17 05:35 - 2012-05-17 05:35 - 0000000 ____D C:\Program Files\Logitech
2012-05-17 05:35 - 2011-04-29 06:45 - 0000000 ____D C:\Program Files\Common Files\Logitech
2012-05-17 02:48 - 2012-05-17 02:48 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{2F80060C-1FB5-43D7-9642-2AACB281D834}
2012-05-16 04:19 - 2012-05-16 04:19 - 0000000 ____D C:\Users\Emanuele\Documents\SimBin
2012-05-16 03:33 - 2012-05-16 03:33 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9D6E8855-0F8A-479D-A5A5-03F5CD113AE8}
2012-05-16 03:33 - 2012-05-16 03:32 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{090D649D-FB5D-44AA-80B4-BCDE898995D9}
2012-05-16 03:00 - 2009-11-26 11:47 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-15 18:58 - 2012-05-15 09:45 - 0000000 ____D C:\Users\Emanuele\Downloads\Race.Injection-2xDVD5.BlueLions
2012-05-15 07:52 - 2012-05-15 03:45 - 0000000 ____D C:\Users\Emanuele\Downloads\GTR 2
2012-05-15 03:40 - 2012-04-22 04:25 - 0000000 ____D C:\Users\Emanuele\Downloads\Due South Soundtrack
2012-05-15 03:20 - 2012-05-15 03:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{B1AB6CCD-F2DB-44B8-A406-6FD1804EF4A1}
2012-05-15 03:20 - 2012-05-15 03:19 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{86B754A8-D13F-4FBB-AA35-F777736C85CE}
2012-05-14 03:25 - 2012-05-14 03:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{21B88279-548F-4E69-B174-395986AE7785}
2012-05-14 03:25 - 2012-05-14 03:24 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{BE14F54C-B31A-4856-A39C-054C3D32B366}
2012-05-13 15:04 - 2012-05-13 15:04 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{492DC4FE-BC53-4CB3-9F02-0E71F5544C99}
2012-05-13 06:21 - 2012-05-13 06:21 - 0000000 ____D C:\Users\Emanuele\AppData\Local\XmlEditor
2012-05-13 06:21 - 2012-05-13 06:21 - 0000000 ____D C:\Users\Emanuele\AppData\Local\Asa_Applications
2012-05-13 02:35 - 2012-05-13 02:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9EC83FE1-B74D-4273-A197-41E4D7735832}
2012-05-13 02:35 - 2012-05-13 02:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{105E2875-1A8E-4CD7-9A4A-EA92E5F04F31}
2012-05-12 10:54 - 2012-05-12 10:53 - 0000000 ____D C:\Users\Emanuele\Downloads\xvi32
2012-05-12 01:09 - 2012-05-12 01:09 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{FBD73342-244D-4B2F-96A5-BEB47B849FC6}
2012-05-12 01:09 - 2012-05-12 01:09 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{31B5E6B2-A3F2-4D9E-9208-42FD28AC619C}
2012-05-11 09:00 - 2012-05-11 09:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{687E6354-7A6F-45F8-A8B3-C76CD0978602}
2012-05-11 09:00 - 2012-05-11 08:59 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C30EBE1F-A674-421C-820D-F0179744AFCE}
2012-05-11 07:39 - 2010-11-08 14:23 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 07:37 - 2012-05-11 07:37 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-11 07:37 - 2012-05-11 07:37 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 09:20 - 2009-07-13 20:45 - 0434048 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 09:02 - 2009-11-26 12:15 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 08:52 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-10 02:18 - 2012-05-10 02:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{ED616F72-1BB7-4083-8EEC-78DC21FC627F}
2012-05-10 02:18 - 2012-05-10 02:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{0DCA88E5-839D-41D3-A1E3-6CFF5288F76C}
2012-05-09 07:41 - 2012-05-09 07:41 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{421722E2-255C-49E2-A4E4-16E2642154DC}
2012-05-09 07:41 - 2012-05-09 07:41 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{0A0BF637-3821-43F5-97CB-FA10F00BBAB8}
2012-05-06 05:39 - 2012-05-06 05:39 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{695FD3B2-7199-4F80-A02A-968CEB74E84A}
2012-05-06 05:39 - 2012-05-06 05:38 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{04A11C1D-1053-463F-A6B8-4C871CA718AF}
2012-05-05 13:50 - 2012-05-05 13:50 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{E77D525D-B9C2-422D-A50A-520B85E5F9B6}
2012-05-04 09:57 - 2012-05-04 09:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D5741BA8-230E-4233-9B3C-731F6CB35141}
2012-05-04 09:57 - 2012-05-04 09:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{5EDF5E3A-284C-43DD-8A09-EE1604958A8F}
2012-05-04 07:43 - 2012-05-04 07:43 - 0000165 ___AH C:\Users\Emanuele\Desktop\~$P90X Workout Manager.xlsm
2012-05-03 10:27 - 2012-05-03 10:27 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D02105E7-6B5B-4268-BB90-8F9448F1689E}
2012-05-03 10:27 - 2012-05-03 10:27 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C087F088-05EE-4155-A467-D049A7007D10}
2012-05-02 06:40 - 2012-05-02 06:40 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{FC176C1A-1E4E-46EC-85EB-71FB88CA8FF6}
2012-05-02 06:40 - 2012-05-02 06:40 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D19DA69C-B294-4D63-87F2-315ABD566B7C}
2012-05-01 10:52 - 2012-05-01 10:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{CEAC0B9C-F16D-4EC8-8E21-134B21E319A7}
2012-05-01 10:52 - 2012-05-01 10:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A55E234F-DC81-41FE-B14B-77FE7C5904C0}
2012-05-01 10:52 - 2012-05-01 10:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{4F655663-3E07-4EB5-AE61-CAFC33EA4EFB}
2012-05-01 03:00 - 2012-05-01 03:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{50F1087E-66C5-46A6-80B3-167167446967}
2012-05-01 03:00 - 2012-05-01 03:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{10BA6432-BA9D-4EBA-BCEB-7CADAC3F2C1F}
2012-04-30 00:52 - 2012-04-30 00:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{EC3612C1-EEDF-4C90-AAE8-91D6F03FBD61}
2012-04-30 00:52 - 2012-04-30 00:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{3162AA68-A040-4229-9E35-539E7A52A694}
2012-04-29 10:10 - 2011-07-16 10:36 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\dvdcss
2012-04-29 09:57 - 2012-04-29 09:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{B08BF473-83FE-4DFE-AF8C-C2D6AAB1C3A7}
2012-04-29 09:57 - 2012-04-29 09:56 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{81A9B3DA-C86B-4D0E-86E8-7577323457D3}
2012-04-29 01:53 - 2012-04-29 01:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{5AE4AE50-4529-44ED-8422-EE700B4D5EC4}
2012-04-28 10:05 - 2012-04-28 10:05 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{5D3C3488-CF77-4D7C-A72E-9F864AF91FD6}
2012-04-28 10:05 - 2012-04-28 10:05 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{4CA4EF63-4FD4-47E6-AB49-281BF32A42B0}
2012-04-28 04:20 - 2012-04-28 04:20 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\Milestone
2012-04-28 01:27 - 2012-04-28 01:27 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{EAC1B83F-0CE6-43F1-919F-2E7D51898D95}
2012-04-28 01:27 - 2012-04-28 01:27 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{31893BF5-56BF-45BE-A7AE-45AE0A0802B8}
2012-04-27 06:57 - 2012-04-27 06:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{8DF29668-D408-47A7-9F95-02DEE6FE775B}
2012-04-27 06:57 - 2012-04-27 06:56 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{3C0B2812-1D1A-4C81-AACD-8ECEAE0F8413}
2012-04-26 15:29 - 2012-04-26 15:29 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{30CB7E48-41CF-47E7-9BDD-C7850EE979C8}
2012-04-26 15:29 - 2012-04-26 15:28 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C5272ED0-403E-47D0-A5BE-1DE15CD681FA}
2012-04-25 14:37 - 2012-04-25 14:37 - 0000000 ____D C:\Program Files\Bohemia Interactive
2012-04-25 13:49 - 2012-04-25 13:49 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{1987084D-19F3-4D50-A600-77DE168D3BF4}
2012-04-24 00:50 - 2012-04-24 00:50 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{6432CD15-1E5C-465B-A577-2410BB40554B}
2012-04-24 00:50 - 2012-04-24 00:50 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{37AA4769-1C20-4087-9E01-004E8E507690}
2012-04-23 02:08 - 2012-04-23 02:08 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{B1D3A991-2C30-44DB-8EA9-852AD23B179B}
2012-04-23 02:08 - 2012-04-23 02:08 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{24DFEDFB-5454-46FC-AA84-56760EC0FBD3}
2012-04-22 14:07 - 2012-04-22 14:07 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{DC490CC9-F4C0-4F2A-A413-FDB8940D56D1}
2012-04-22 14:07 - 2012-04-22 14:07 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{AE872363-C410-4A56-B6D5-E36DB95E054C}
2012-04-21 14:17 - 2012-04-21 14:17 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{81FC0344-EDFB-4225-8065-1FB45DB11D1C}
2012-04-21 14:17 - 2012-04-21 14:16 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{272A100F-186D-49D3-A765-E2FB5521CEF0}
2012-04-21 01:38 - 2012-04-21 01:38 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{92765DA9-DECD-4626-8458-C7019877A638}
2012-04-21 01:38 - 2012-04-21 01:38 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{91A14E0D-8C5A-45E5-96C9-75D3470E1B5E}
2012-04-20 04:27 - 2012-04-20 04:27 - 0000000 ____D C:\Program Files (x86)\MyTomTom 3
2012-04-20 04:27 - 2011-09-16 02:56 - 0000000 ____D C:\Users\Emanuele\AppData\Local\TomTom
2012-04-20 00:36 - 2012-04-20 00:36 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{7DDD1B05-84AE-4137-8294-67CE9682BABB}
2012-04-20 00:36 - 2012-04-20 00:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{76D3B75C-28BD-46B5-B4B0-A608CCBF2A3E}
2012-04-19 02:59 - 2012-04-19 02:58 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{7477E3D1-ED8D-46FF-96F5-5D2869FEF530}
2012-04-19 02:58 - 2012-04-19 02:58 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D80C2BEC-4B93-499E-98A5-C374DAE8A258}
2012-04-18 13:26 - 2012-04-18 13:26 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9555EDED-391E-46C2-B464-F7F3EF0B393E}
2012-04-18 13:26 - 2012-04-18 13:26 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{18942D62-35A7-4E8E-941D-F83B2CDE71FC}
2012-04-16 04:35 - 2012-04-16 04:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D408B3D0-E58D-4D7D-BC7E-26672A928C0A}
2012-04-16 04:35 - 2012-04-16 04:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{6A9AF951-15D0-4AA7-BA0C-7A15C653DFF3}
2012-04-15 04:54 - 2012-04-15 04:54 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-15 04:54 - 2012-04-15 04:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-15 04:54 - 2012-04-15 04:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-15 04:54 - 2012-04-15 04:54 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-15 04:54 - 2011-03-22 01:05 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-15 04:53 - 2012-04-15 04:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{8C73A99D-717A-456E-A451-AC093B6F5687}
2012-04-15 04:53 - 2012-04-15 04:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{7712F119-D097-44F3-A061-8060E6AF8597}
2012-04-15 04:53 - 2012-04-15 04:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{4D9E0B0E-9F3D-4BC4-AD63-97583E64F400}
2012-04-15 04:52 - 2012-04-15 04:52 - 0000000 ____D C:\Windows\it
2012-04-15 04:50 - 2010-11-13 13:09 - 0000000 ____D C:\Program Files\Windows Live
2012-04-15 04:50 - 2009-12-28 01:33 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-15 04:44 - 2012-04-15 04:44 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{58465D54-67E6-43FC-B25D-8D60201BC5D9}
2012-04-15 04:44 - 2012-04-15 04:43 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{8040DE2B-A9EE-427F-9C46-BE11E52D81F0}
2012-04-14 08:47 - 2012-04-14 08:47 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{E328B0A6-35C1-40EE-BF8A-21FEA0610520}
2012-04-12 13:34 - 2012-04-12 13:33 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{ADBE9AF8-0556-47AC-93AC-1AA67B324D36}
2012-04-12 06:50 - 2009-07-13 18:34 - 0000672 ____A C:\Windows\win.ini
2012-04-11 03:51 - 2012-04-11 03:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{F05A2BB8-49DD-4EB7-AD66-0AFFA329CA67}
2012-04-10 04:08 - 2012-04-10 04:08 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{754B85D8-5505-4B3F-A998-843FA5DE7FED}
2012-04-09 02:38 - 2012-04-09 02:37 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C0037E05-B023-435A-B577-FB46F7310E8F}
2012-04-08 02:14 - 2012-04-08 02:14 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{FAB0CA7E-2BFB-44AB-B4FE-34B3755BBE2D}
2012-04-07 01:51 - 2012-04-07 01:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{87CCD574-7263-4884-A252-A57BBD427FB2}
2012-04-06 08:50 - 2012-04-06 08:50 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{7D4BFEBE-1648-42F9-93D7-3935A4F6C92E}
2012-04-05 03:26 - 2012-04-05 03:26 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{11117A8C-9536-41EE-B003-64ACEFBE5779}
2012-04-04 12:40 - 2012-04-04 12:40 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{459BCC7A-CE87-4070-B5CC-887396AD41C7}
2012-04-04 05:56 - 2012-05-29 04:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 02:11 - 2012-04-03 02:11 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{92FC7002-AB8D-40B7-BC68-4B3FF3AEC7BE}
2012-04-02 07:26 - 2012-04-02 07:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{ABDCE405-34B6-4EB0-8423-3A24C7AA2CCE}
2012-04-01 05:51 - 2012-04-01 05:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{3E17CBF0-F20A-4FE3-AA39-B49CEA46CD8E}
2012-03-31 08:22 - 2010-12-10 14:12 - 0000000 ____D C:\Users\Emanuele\Documents\My Games
2012-03-31 02:50 - 2012-03-31 02:50 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D2137130-B755-4C20-B0D9-17AF5441B020}
2012-03-30 22:05 - 2012-05-10 03:35 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-10 03:35 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-10 03:35 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-10 03:35 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 06:54 - 2012-03-30 06:54 - 0000000 ____D C:\PFiles
2012-03-30 05:05 - 2012-03-30 05:04 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{B5DE945F-8B91-46F7-A760-9E0240BFC566}
2012-03-30 03:35 - 2012-05-10 03:34 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 11:23 - 2012-03-28 03:18 - 0392519 ____A C:\Users\Emanuele\Downloads\FMTC-4.4 MAR2012.xlsx
2012-03-29 02:01 - 2012-03-29 02:01 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{82AF420B-406D-4128-B9F3-CB5EC4363A7F}
2012-03-27 02:32 - 2012-03-27 02:32 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9096307C-E3F1-4EE0-BBD5-7FB003D6FA33}
2012-03-27 02:32 - 2012-03-27 02:32 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{53A6B0B1-17CE-465F-A866-7EF93F82D703}
2012-03-26 02:59 - 2012-03-26 02:59 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A086D0EB-52C5-40E2-889C-B37A530A90CF}
2012-03-26 02:59 - 2012-03-26 02:59 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{3FEC9A69-67EF-4151-8602-BDBE051B8FDC}
2012-03-25 14:58 - 2012-03-25 14:58 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{8689E22C-7636-4C04-8D04-A911E2ED3774}
2012-03-25 14:58 - 2012-03-25 14:58 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{82378C57-934B-454E-9FDC-5D54C0CAB948}
2012-03-25 02:58 - 2012-03-25 02:58 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{093EF34B-98AE-4CD3-823B-DF92DC569D34}
2012-03-25 02:58 - 2012-03-25 02:58 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{026C0DA1-FAC5-4691-B242-8B5B1DB66B99}
2012-03-24 04:35 - 2012-03-24 04:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{8CCCD6F2-81A7-4E9E-8A4F-C28FAD7A01A4}
2012-03-24 04:35 - 2012-03-24 04:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{3EFCD07A-2383-4DF9-913B-13EB0199084E}
2012-03-23 04:13 - 2012-03-23 04:13 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{96EEAA7A-C8B1-4A36-A959-F6C76E902B5D}
2012-03-22 02:51 - 2012-03-22 02:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{CACC00BC-97BF-431D-AC8A-18D7C415CCA2}
2012-03-22 02:51 - 2012-03-22 02:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{608B4594-505C-4470-9F3D-5DF88A45B906}
2012-03-21 07:33 - 2012-03-21 07:33 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{FF0D48E5-63BD-4A44-9DED-84ADBBAEAFFA}
2012-03-21 07:33 - 2012-03-21 07:32 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{96D309C9-EDBA-4EDD-B3E1-8D92BF72E69E}
2012-03-20 10:11 - 2012-03-20 10:11 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{B5DEF024-D272-49F1-BB74-B3E89156D979}
2012-03-20 10:11 - 2012-03-20 10:11 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{6706B502-FB45-43D8-B068-AD0117A5572F}
2012-03-18 02:48 - 2012-03-18 02:48 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{E08C56D8-9CB9-40F4-AB89-C77CE5C690CD}
2012-03-18 02:48 - 2012-03-18 02:48 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{271B887C-EAD1-456C-BBAA-0895979D6548}
2012-03-17 05:01 - 2012-03-17 05:01 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{76865BB2-26C1-4D0E-A2C4-9AE5D7B20B1D}
2012-03-17 05:01 - 2012-03-17 05:01 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{245B4958-7BAC-48D2-A7CC-28EE18DAB75F}
2012-03-16 23:58 - 2012-05-10 03:35 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 14:46 - 2012-03-15 14:46 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{48D58564-F977-4820-B3F5-7E85ED89E4D2}
2012-03-15 04:36 - 2012-03-15 04:36 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{6C8888DF-55A7-48F4-8C96-7926CE5ED961}
2012-03-14 04:02 - 2012-03-12 11:33 - 0000000 ____D C:\Users\Emanuele\Downloads\Tony Hawks Pro Skater 4 2CD's + Serial
2012-03-14 03:57 - 2012-03-14 03:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{84F8EA8B-5394-4F23-B0AE-39EEAED64016}
2012-03-14 03:57 - 2012-03-14 03:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{0855FD49-C2DB-4B9C-84A3-DCA52DA74F02}
2012-03-13 07:06 - 2012-03-13 07:06 - 0665434 ____A C:\Users\Emanuele\Downloads\tony_hawks_pro_skater_4_g.txt
2012-03-13 05:36 - 2012-03-13 05:36 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{B4D925BD-F2E4-4429-844A-044033BF56FB}
2012-03-13 05:36 - 2012-03-13 05:36 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{4DD5D21B-700E-4328-9555-3319C895AAB3}
2012-03-12 15:56 - 2012-03-12 15:55 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D2AC8A88-512E-4A8B-A3BC-C11233D124D3}
2012-03-12 15:55 - 2012-03-12 15:55 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{5E7415CD-392B-42E0-8787-7D2C6A80313B}
2012-03-12 12:43 - 2012-03-12 12:43 - 0002017 ____A C:\Users\Public\Desktop\Tony Hawks Pro Skater 4.lnk
2012-03-12 12:43 - 2012-03-12 12:43 - 0000000 ____D C:\Program Files (x86)\GameSpy Arcade
2012-03-12 12:40 - 2012-03-12 12:40 - 0000000 ____D C:\Program Files (x86)\Aspyr
2012-03-12 11:53 - 2011-08-19 05:53 - 0000000 ____D C:\Users\Emanuele\AppData\Roaming\Mp3tag
2012-03-12 01:19 - 2012-03-12 01:19 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{22B11691-A09E-4C0B-9478-AA65B1F47EBB}
2012-03-12 01:19 - 2012-03-12 01:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{34A8442A-5679-44FB-A773-F5170BD72DA6}
2012-03-11 02:53 - 2012-03-11 02:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D04E8515-556F-4C5B-B866-B45DC92954B2}
2012-03-11 02:53 - 2012-03-11 02:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{294ABA21-1419-4297-A86C-C90716BBD9C9}
2012-03-10 07:14 - 2012-03-10 07:13 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{E9FA8FED-2C7D-40D4-8A00-3BC3B29BD178}
2012-03-10 07:13 - 2012-03-10 07:13 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{B473AD33-B19E-4286-A536-C46A43E6170C}
2012-03-09 10:27 - 2012-03-09 10:27 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{F3181FB8-D480-4D0A-A250-3971879AB336}
2012-03-09 10:27 - 2012-03-09 10:27 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{39150318-E720-4F54-8299-D46590A333F0}
2012-03-09 06:03 - 2011-06-09 03:02 - 0000000 ____D C:\Program Files (x86)\XG-Wizard
2012-03-08 08:50 - 2012-03-08 08:50 - 0049016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll
2012-03-08 08:40 - 2012-04-15 04:50 - 0048488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-03-08 08:37 - 2012-03-08 08:37 - 0302448 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR
2012-03-07 14:41 - 2012-03-07 14:41 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A9DC21E4-7FF8-458E-A665-9B3DE3E7D643}
2012-03-07 14:41 - 2012-03-07 14:41 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{38EF5A74-B03C-4C6C-8702-F582E821E0AC}
2012-03-06 06:54 - 2012-03-06 06:54 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D456DAC9-E9AF-4779-B2CC-2DFFD662BD8B}
2012-03-06 06:54 - 2012-03-06 06:54 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D3C20275-27BA-4EA9-8862-C80F8E6E8675}
2012-03-06 04:56 - 2012-03-06 04:54 - 7050616 ____A C:\Users\Emanuele\Downloads\finepix_s9600_manual_01.pdf
2012-03-05 15:38 - 2012-03-05 15:38 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{355AB6E2-B591-4223-89C8-44D4AE697278}
2012-03-05 15:38 - 2012-03-05 15:38 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{1560A41E-2B88-4B3D-847C-771576BB3218}
2012-03-05 05:20 - 2012-03-05 05:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C8C8AC72-8A60-4A35-868A-83F9F95A9E81}
2012-03-05 05:20 - 2012-03-05 05:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{BCBB5422-9A5E-44E8-898D-D7D142ADF742}
2012-03-04 12:00 - 2012-03-04 12:00 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-03-04 05:32 - 2012-03-04 05:32 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D11F54F9-8E97-4BD5-9C75-2AFB2DB2A7CB}
2012-03-04 05:32 - 2012-03-04 05:32 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{547378C0-1449-4E39-86FB-858C189DD2DE}
2012-03-03 14:14 - 2012-03-03 14:13 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{2A15CA82-6CB1-4356-A15F-DE1D9AF84D1E}
2012-03-03 14:13 - 2012-03-03 14:13 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{0AE883E8-8355-4C39-90C7-5FD26C3940F9}
2012-03-02 22:35 - 2012-05-10 03:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-10 03:35 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-02 01:20 - 2012-03-02 01:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{7175AC28-2F0E-451E-A405-733E8CDB9E5A}
2012-03-02 01:20 - 2012-03-02 01:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{6016BE87-94E8-4803-9252-36DF94684631}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 4030.77 MB
Available physical RAM: 3283.74 MB
Total Pagefile: 4028.92 MB
Available Pagefile: 3271.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:450.16 GB) (Free:108.51 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

N. disco Stato Dimensioni Disponibile Din GPT
-------- ------------- ------------- ------------- --- ---
Disco 0 Online 465 Gbytes 0 byte
Disco 1 Online 981 Mbytes 0 byte

Partitions of Disk 0:
===============

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Ripristino 12 Gb 31 Kb
Partizione 2 OEM 3584 Mb 12 Gb
Partizione 3 Primario 101 Mb 15 Gb
Partizione 0 Esteso 450 Gb 15 Gb
Partizione 4 Logico 450 Gb 15 Gb

======================================================================================================

Disk: 0
La partizione attualmente selezionata Š la partizione 1.

Partizione 1
Tipo : 27
Nascosta: SŤ
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partizione 12 Gb Integro Nascosto

======================================================================================================

Disk: 0
La partizione attualmente selezionata Š la partizione 2.

Partizione 2
Tipo : 12
Nascosta: SŤ
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 ARCADE NTFS Partizione 3584 Mb Integro Nascosto

======================================================================================================

Disk: 0
La partizione attualmente selezionata Š la partizione 3.

Partizione 3
Tipo : 07
Nascosta: No
Attiva: SŤ

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partizione 101 Mb Integro

======================================================================================================

Disk: 0
La partizione attualmente selezionata Š la partizione 4.

Partizione 4
Tipo : 07
Nascosta: No
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Acer NTFS Partizione 450 Gb Integro

======================================================================================================

Partitions of Disk 1:
===============

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 980 Mb 16 Kb

======================================================================================================

Disk: 1
La partizione attualmente selezionata Š la partizione 1.

Partizione 1
Tipo : 0B
Nascosta: No
Attiva: SŤ

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Rimovibile 980 Mb Integro

======================================================================================================

==========================================================

Last Boot: 2012-05-19 03:03

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:13 PM

Posted 30 May 2012 - 04:55 PM

Hi,

I see a number of "torrent" files on your system, generally that indicates the files are obtained via copyright infringement (pirated), which in most countries is illegal. It has been my experience that the large majority of users are infected through torrent downloads. You cannot trust the source and you are likely re-infecting your machine over and over by participating in this practice. Bleeping Computer does not condone downloading copyrighted material.
I strongly suggest removing those files from your computer.



Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
2012-05-30 02:08 - 2012-05-30 02:09 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{DAE76153-7E03-4C58-BB45-10626F68BC54}
2012-05-30 02:08 - 2012-05-30 02:08 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{E939EE60-7609-499F-91E7-19DD77B419AA}
2012-05-29 00:51 - 2012-05-29 00:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{44B62185-0E48-4FFD-8903-ABF293D8D484}
2012-05-29 00:51 - 2012-05-29 00:51 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{154FFCE8-4942-40C4-B08D-FC347D941706}
2012-05-27 14:18 - 2012-05-27 14:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{28FC3CA6-D977-4E51-8820-015F4B0CB3ED}
2012-05-27 14:18 - 2012-05-27 14:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{24AA71C3-0B31-4FA6-836E-6CEBD2DDE823}
2012-05-27 02:14 - 2012-05-27 02:14 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{21635655-ADFB-4543-9C96-27C0324FB551}
2012-05-27 02:14 - 2012-05-27 02:14 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{022A12D2-5285-4CEF-8FBA-6E84E817B3B7}
2012-05-26 08:20 - 2012-05-26 08:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{2A9A6BDB-CBBE-4E0B-834D-D1744C63ADC4}
2012-05-26 08:19 - 2012-05-26 08:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{3BB37054-16C9-44C3-B70E-4F651A1AD06C}
2012-05-25 06:28 - 2012-05-25 06:28 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{45727E01-E719-411E-B56F-F138B8CF3E69}
2012-05-25 06:28 - 2012-05-25 06:28 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{068D99DE-1B59-4217-87C8-0E24B6745608}
2012-05-24 02:10 - 2012-05-24 02:10 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A213ADC7-BBFB-41E3-9A0A-A2D609956185}
2012-05-23 08:57 - 2012-05-23 08:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{4325ADCC-2D80-45CE-974C-DCD242B4A85B}
2012-05-23 08:56 - 2012-05-23 08:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{AF2ABE16-3C3E-4AD9-A16D-E6FDD5392597}
2012-05-22 04:12 - 2012-05-22 04:12 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{DD3E4573-31DA-4A40-B4A3-6B812B756DBF}
2012-05-22 04:12 - 2012-05-22 04:12 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{23983768-8E47-449F-867C-902F8714AB71}
2012-05-21 04:53 - 2012-05-21 04:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A5013CEB-128D-43B0-B265-A6337A10A785}
2012-05-21 04:53 - 2012-05-21 04:53 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9B17AD9A-A77D-46C4-860A-DDE27DEB3779}
2012-05-20 01:37 - 2012-05-20 01:37 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{DE4DF44A-D00E-49BA-BBA7-5DEF1B5AA69E}
2012-05-20 01:37 - 2012-05-20 01:37 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9B2BF2E0-8725-4A3F-B928-F3CF938B7C08}
2012-05-19 04:04 - 2012-05-19 04:05 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{EAFAB02A-886A-46C9-88ED-D08CE621DD5E}
2012-05-19 04:04 - 2012-05-19 04:04 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{2BE4192C-1D73-46E8-B229-A7F3E539F7AC}
2012-05-18 15:25 - 2012-05-18 15:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C9250250-3C79-4B45-84BA-77BBB33996C1}
2012-05-18 15:25 - 2012-05-18 15:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{BFF5487B-96F5-4659-8565-92A477185D59}
2012-05-18 04:35 - 2011-12-07 01:24 - 0000000 ____D C:\Users\Emanuele\Downloads\Default GTR2 Reborn 06-12-2011
2012-05-18 01:05 - 2012-05-18 01:05 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{F811DB19-CB6B-4821-8CA5-152651577AA3}
2012-05-17 02:48 - 2012-05-17 02:48 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{2F80060C-1FB5-43D7-9642-2AACB281D834}
2012-05-16 03:33 - 2012-05-16 03:33 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9D6E8855-0F8A-479D-A5A5-03F5CD113AE8}
2012-05-16 03:32 - 2012-05-16 03:33 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{090D649D-FB5D-44AA-80B4-BCDE898995D9}
2012-05-15 03:20 - 2012-05-15 03:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{B1AB6CCD-F2DB-44B8-A406-6FD1804EF4A1}
2012-05-15 03:19 - 2012-05-15 03:20 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{86B754A8-D13F-4FBB-AA35-F777736C85CE}
2012-05-14 03:25 - 2012-05-14 03:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{21B88279-548F-4E69-B174-395986AE7785}
2012-05-14 03:24 - 2012-05-14 03:25 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{BE14F54C-B31A-4856-A39C-054C3D32B366}
2012-05-13 15:04 - 2012-05-13 15:04 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{492DC4FE-BC53-4CB3-9F02-0E71F5544C99}
2012-05-13 02:35 - 2012-05-13 02:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{9EC83FE1-B74D-4273-A197-41E4D7735832}
2012-05-13 02:35 - 2012-05-13 02:35 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{105E2875-1A8E-4CD7-9A4A-EA92E5F04F31}
2012-05-12 01:09 - 2012-05-12 01:09 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{FBD73342-244D-4B2F-96A5-BEB47B849FC6}
2012-05-12 01:09 - 2012-05-12 01:09 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{31B5E6B2-A3F2-4D9E-9208-42FD28AC619C}
2012-05-11 09:00 - 2012-05-11 09:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{687E6354-7A6F-45F8-A8B3-C76CD0978602}
2012-05-11 08:59 - 2012-05-11 09:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C30EBE1F-A674-421C-820D-F0179744AFCE}
2012-05-10 02:18 - 2012-05-10 02:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{ED616F72-1BB7-4083-8EEC-78DC21FC627F}
2012-05-10 02:18 - 2012-05-10 02:18 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{0DCA88E5-839D-41D3-A1E3-6CFF5288F76C}
2012-05-09 07:41 - 2012-05-09 07:41 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{421722E2-255C-49E2-A4E4-16E2642154DC}
2012-05-09 07:41 - 2012-05-09 07:41 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{0A0BF637-3821-43F5-97CB-FA10F00BBAB8}
2012-05-06 05:39 - 2012-05-06 05:39 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{695FD3B2-7199-4F80-A02A-968CEB74E84A}
2012-05-06 05:38 - 2012-05-06 05:39 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{04A11C1D-1053-463F-A6B8-4C871CA718AF}
2012-05-05 13:50 - 2012-05-05 13:50 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{E77D525D-B9C2-422D-A50A-520B85E5F9B6}
2012-05-04 09:57 - 2012-05-04 09:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D5741BA8-230E-4233-9B3C-731F6CB35141}
2012-05-04 09:57 - 2012-05-04 09:57 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{5EDF5E3A-284C-43DD-8A09-EE1604958A8F}
2012-05-03 10:27 - 2012-05-03 10:27 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D02105E7-6B5B-4268-BB90-8F9448F1689E}
2012-05-03 10:27 - 2012-05-03 10:27 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{C087F088-05EE-4155-A467-D049A7007D10}
2012-05-02 06:40 - 2012-05-02 06:40 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{FC176C1A-1E4E-46EC-85EB-71FB88CA8FF6}
2012-05-02 06:40 - 2012-05-02 06:40 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{D19DA69C-B294-4D63-87F2-315ABD566B7C}
2012-05-01 10:52 - 2012-05-01 10:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{CEAC0B9C-F16D-4EC8-8E21-134B21E319A7}
2012-05-01 10:52 - 2012-05-01 10:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{A55E234F-DC81-41FE-B14B-77FE7C5904C0}
2012-05-01 10:52 - 2012-05-01 10:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{4F655663-3E07-4EB5-AE61-CAFC33EA4EFB}
2012-05-01 03:00 - 2012-05-01 03:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{50F1087E-66C5-46A6-80B3-167167446967}
2012-05-01 03:00 - 2012-05-01 03:00 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{10BA6432-BA9D-4EBA-BCEB-7CADAC3F2C1F}
2012-04-30 00:52 - 2012-04-30 00:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{EC3612C1-EEDF-4C90-AAE8-91D6F03FBD61}
2012-04-30 00:52 - 2012-04-30 00:52 - 0000000 ____D C:\Users\Emanuele\AppData\Local\{3162AA68-A040-4229-9E35-539E7A52A694}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT

delete the copy of TDSSKiller that you have on your desktop

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


delete the copy of ComboFix that you have on your desktop

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 fly-free

fly-free
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 31 May 2012 - 05:25 AM

Ok,
I ran the FRST64 fix and the pc restarted normally.
The antivirus keeps finding the same virus as before.


Fixlog:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 29-05-2012 02
Ran by SYSTEM at 2012-05-31 12:12:29 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Users\Emanuele\AppData\Local\{DAE76153-7E03-4C58-BB45-10626F68BC54} moved successfully.
C:\Users\Emanuele\AppData\Local\{E939EE60-7609-499F-91E7-19DD77B419AA} moved successfully.
C:\Users\Emanuele\AppData\Local\{44B62185-0E48-4FFD-8903-ABF293D8D484} moved successfully.
C:\Users\Emanuele\AppData\Local\{154FFCE8-4942-40C4-B08D-FC347D941706} moved successfully.
C:\Users\Emanuele\AppData\Local\{28FC3CA6-D977-4E51-8820-015F4B0CB3ED} moved successfully.
C:\Users\Emanuele\AppData\Local\{24AA71C3-0B31-4FA6-836E-6CEBD2DDE823} moved successfully.
C:\Users\Emanuele\AppData\Local\{21635655-ADFB-4543-9C96-27C0324FB551} moved successfully.
C:\Users\Emanuele\AppData\Local\{022A12D2-5285-4CEF-8FBA-6E84E817B3B7} moved successfully.
C:\Users\Emanuele\AppData\Local\{2A9A6BDB-CBBE-4E0B-834D-D1744C63ADC4} moved successfully.
C:\Users\Emanuele\AppData\Local\{3BB37054-16C9-44C3-B70E-4F651A1AD06C} moved successfully.
C:\Users\Emanuele\AppData\Local\{45727E01-E719-411E-B56F-F138B8CF3E69} moved successfully.
C:\Users\Emanuele\AppData\Local\{068D99DE-1B59-4217-87C8-0E24B6745608} moved successfully.
C:\Users\Emanuele\AppData\Local\{A213ADC7-BBFB-41E3-9A0A-A2D609956185} moved successfully.
C:\Users\Emanuele\AppData\Local\{4325ADCC-2D80-45CE-974C-DCD242B4A85B} moved successfully.
C:\Users\Emanuele\AppData\Local\{AF2ABE16-3C3E-4AD9-A16D-E6FDD5392597} moved successfully.
C:\Users\Emanuele\AppData\Local\{DD3E4573-31DA-4A40-B4A3-6B812B756DBF} moved successfully.
C:\Users\Emanuele\AppData\Local\{23983768-8E47-449F-867C-902F8714AB71} moved successfully.
C:\Users\Emanuele\AppData\Local\{A5013CEB-128D-43B0-B265-A6337A10A785} moved successfully.
C:\Users\Emanuele\AppData\Local\{9B17AD9A-A77D-46C4-860A-DDE27DEB3779} moved successfully.
C:\Users\Emanuele\AppData\Local\{DE4DF44A-D00E-49BA-BBA7-5DEF1B5AA69E} moved successfully.
C:\Users\Emanuele\AppData\Local\{9B2BF2E0-8725-4A3F-B928-F3CF938B7C08} moved successfully.
C:\Users\Emanuele\AppData\Local\{EAFAB02A-886A-46C9-88ED-D08CE621DD5E} moved successfully.
C:\Users\Emanuele\AppData\Local\{2BE4192C-1D73-46E8-B229-A7F3E539F7AC} moved successfully.
C:\Users\Emanuele\AppData\Local\{C9250250-3C79-4B45-84BA-77BBB33996C1} moved successfully.
C:\Users\Emanuele\AppData\Local\{BFF5487B-96F5-4659-8565-92A477185D59} moved successfully.
C:\Users\Emanuele\Downloads\Default GTR2 Reborn 06-12-2011 moved successfully.
C:\Users\Emanuele\AppData\Local\{F811DB19-CB6B-4821-8CA5-152651577AA3} moved successfully.
C:\Users\Emanuele\AppData\Local\{2F80060C-1FB5-43D7-9642-2AACB281D834} moved successfully.
C:\Users\Emanuele\AppData\Local\{9D6E8855-0F8A-479D-A5A5-03F5CD113AE8} moved successfully.
C:\Users\Emanuele\AppData\Local\{090D649D-FB5D-44AA-80B4-BCDE898995D9} moved successfully.
C:\Users\Emanuele\AppData\Local\{B1AB6CCD-F2DB-44B8-A406-6FD1804EF4A1} moved successfully.
C:\Users\Emanuele\AppData\Local\{86B754A8-D13F-4FBB-AA35-F777736C85CE} moved successfully.
C:\Users\Emanuele\AppData\Local\{21B88279-548F-4E69-B174-395986AE7785} moved successfully.
C:\Users\Emanuele\AppData\Local\{BE14F54C-B31A-4856-A39C-054C3D32B366} moved successfully.
C:\Users\Emanuele\AppData\Local\{492DC4FE-BC53-4CB3-9F02-0E71F5544C99} moved successfully.
C:\Users\Emanuele\AppData\Local\{9EC83FE1-B74D-4273-A197-41E4D7735832} moved successfully.
C:\Users\Emanuele\AppData\Local\{105E2875-1A8E-4CD7-9A4A-EA92E5F04F31} moved successfully.
C:\Users\Emanuele\AppData\Local\{FBD73342-244D-4B2F-96A5-BEB47B849FC6} moved successfully.
C:\Users\Emanuele\AppData\Local\{31B5E6B2-A3F2-4D9E-9208-42FD28AC619C} moved successfully.
C:\Users\Emanuele\AppData\Local\{687E6354-7A6F-45F8-A8B3-C76CD0978602} moved successfully.
C:\Users\Emanuele\AppData\Local\{C30EBE1F-A674-421C-820D-F0179744AFCE} moved successfully.
C:\Users\Emanuele\AppData\Local\{ED616F72-1BB7-4083-8EEC-78DC21FC627F} moved successfully.
C:\Users\Emanuele\AppData\Local\{0DCA88E5-839D-41D3-A1E3-6CFF5288F76C} moved successfully.
C:\Users\Emanuele\AppData\Local\{421722E2-255C-49E2-A4E4-16E2642154DC} moved successfully.
C:\Users\Emanuele\AppData\Local\{0A0BF637-3821-43F5-97CB-FA10F00BBAB8} moved successfully.
C:\Users\Emanuele\AppData\Local\{695FD3B2-7199-4F80-A02A-968CEB74E84A} moved successfully.
C:\Users\Emanuele\AppData\Local\{04A11C1D-1053-463F-A6B8-4C871CA718AF} moved successfully.
C:\Users\Emanuele\AppData\Local\{E77D525D-B9C2-422D-A50A-520B85E5F9B6} moved successfully.
C:\Users\Emanuele\AppData\Local\{D5741BA8-230E-4233-9B3C-731F6CB35141} moved successfully.
C:\Users\Emanuele\AppData\Local\{5EDF5E3A-284C-43DD-8A09-EE1604958A8F} moved successfully.
C:\Users\Emanuele\AppData\Local\{D02105E7-6B5B-4268-BB90-8F9448F1689E} moved successfully.
C:\Users\Emanuele\AppData\Local\{C087F088-05EE-4155-A467-D049A7007D10} moved successfully.
C:\Users\Emanuele\AppData\Local\{FC176C1A-1E4E-46EC-85EB-71FB88CA8FF6} moved successfully.
C:\Users\Emanuele\AppData\Local\{D19DA69C-B294-4D63-87F2-315ABD566B7C} moved successfully.
C:\Users\Emanuele\AppData\Local\{CEAC0B9C-F16D-4EC8-8E21-134B21E319A7} moved successfully.
C:\Users\Emanuele\AppData\Local\{A55E234F-DC81-41FE-B14B-77FE7C5904C0} moved successfully.
C:\Users\Emanuele\AppData\Local\{4F655663-3E07-4EB5-AE61-CAFC33EA4EFB} moved successfully.
C:\Users\Emanuele\AppData\Local\{50F1087E-66C5-46A6-80B3-167167446967} moved successfully.
C:\Users\Emanuele\AppData\Local\{10BA6432-BA9D-4EBA-BCEB-7CADAC3F2C1F} moved successfully.
C:\Users\Emanuele\AppData\Local\{EC3612C1-EEDF-4C90-AAE8-91D6F03FBD61} moved successfully.
C:\Users\Emanuele\AppData\Local\{3162AA68-A040-4229-9E35-539E7A52A694} moved successfully.

==== End of Fixlog ====

#6 fly-free

fly-free
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 31 May 2012 - 05:31 AM

Than I ran TDSSKiller,
no virus found,
and it did't ask to reboot.


Log:


12:21:34.0790 4836 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:21:34.0978 4836 ============================================================
12:21:34.0979 4836 Current date / time: 2012/05/31 12:21:34.0978
12:21:34.0979 4836 SystemInfo:
12:21:34.0979 4836
12:21:34.0979 4836 OS Version: 6.1.7601 ServicePack: 1.0
12:21:34.0979 4836 Product type: Workstation
12:21:34.0979 4836 ComputerName: EMANUELE-PC
12:21:34.0979 4836 UserName: Emanuele
12:21:34.0979 4836 Windows directory: C:\Windows
12:21:34.0979 4836 System windows directory: C:\Windows
12:21:34.0979 4836 Running under WOW64
12:21:34.0980 4836 Processor architecture: Intel x64
12:21:34.0980 4836 Number of processors: 8
12:21:34.0980 4836 Page size: 0x1000
12:21:34.0980 4836 Boot type: Normal boot
12:21:34.0980 4836 ============================================================
12:21:36.0083 4836 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:21:36.0096 4836 ============================================================
12:21:36.0096 4836 \Device\Harddisk0\DR0:
12:21:36.0096 4836 MBR partitions:
12:21:36.0096 4836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F025E8, BlocksNum 0x32FCD
12:21:36.0123 4836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F355F4, BlocksNum 0x3844F64D
12:21:36.0123 4836 ============================================================
12:21:36.0134 4836 C: <-> \Device\Harddisk0\DR0\Partition1
12:21:36.0135 4836 ============================================================
12:21:36.0135 4836 Initialize success
12:21:36.0135 4836 ============================================================
12:21:58.0297 4900 ============================================================
12:21:58.0297 4900 Scan started
12:21:58.0297 4900 Mode: Manual; TDLFS;
12:21:58.0297 4900 ============================================================
12:22:01.0211 4900 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:22:01.0229 4900 1394ohci - ok
12:22:01.0365 4900 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:22:01.0370 4900 ACPI - ok
12:22:01.0412 4900 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:22:01.0418 4900 AcpiPmi - ok
12:22:01.0576 4900 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:22:01.0776 4900 adp94xx - ok
12:22:01.0932 4900 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:22:01.0963 4900 adpahci - ok
12:22:01.0994 4900 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:22:02.0010 4900 adpu320 - ok
12:22:02.0057 4900 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:22:02.0072 4900 AeLookupSvc - ok
12:22:02.0211 4900 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:22:02.0219 4900 AFD - ok
12:22:02.0274 4900 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:22:02.0283 4900 agp440 - ok
12:22:02.0340 4900 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:22:02.0350 4900 ALG - ok
12:22:02.0423 4900 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:22:02.0429 4900 aliide - ok
12:22:02.0487 4900 AMD External Events Utility (54716d9bb43733578a5647e9b121141f) C:\Windows\system32\atiesrxx.exe
12:22:02.0502 4900 AMD External Events Utility - ok
12:22:02.0568 4900 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:22:02.0575 4900 amdide - ok
12:22:02.0633 4900 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:22:02.0644 4900 AmdK8 - ok
12:22:03.0564 4900 amdkmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
12:22:03.0884 4900 amdkmdag - ok
12:22:04.0148 4900 amdkmdap (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys
12:22:04.0159 4900 amdkmdap - ok
12:22:04.0191 4900 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:22:04.0199 4900 AmdPPM - ok
12:22:04.0246 4900 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:22:04.0254 4900 amdsata - ok
12:22:04.0285 4900 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:22:04.0296 4900 amdsbs - ok
12:22:04.0351 4900 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:22:04.0356 4900 amdxata - ok
12:22:04.0617 4900 AntiVirSchedulerService (ffab08597accd27065f600d4ed747d83) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:22:04.0619 4900 AntiVirSchedulerService - ok
12:22:04.0677 4900 AntiVirService (a341d3b2442acbbcf9afbc801e2c8013) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:22:04.0679 4900 AntiVirService - ok
12:22:04.0743 4900 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:22:04.0759 4900 AppID - ok
12:22:04.0790 4900 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:22:04.0805 4900 AppIDSvc - ok
12:22:04.0883 4900 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:22:04.0883 4900 Appinfo - ok
12:22:05.0024 4900 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:22:05.0024 4900 Apple Mobile Device - ok
12:22:05.0086 4900 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:22:05.0086 4900 arc - ok
12:22:05.0117 4900 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:22:05.0133 4900 arcsas - ok
12:22:05.0304 4900 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:22:05.0310 4900 aspnet_state - ok
12:22:05.0350 4900 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:22:05.0354 4900 AsyncMac - ok
12:22:05.0415 4900 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:22:05.0421 4900 atapi - ok
12:22:06.0065 4900 atikmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
12:22:06.0100 4900 atikmdag - ok
12:22:06.0259 4900 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:22:06.0281 4900 AudioEndpointBuilder - ok
12:22:06.0281 4900 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:22:06.0297 4900 AudioSrv - ok
12:22:06.0359 4900 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
12:22:06.0375 4900 avgntflt - ok
12:22:06.0390 4900 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
12:22:06.0390 4900 avipbb - ok
12:22:06.0453 4900 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:22:06.0453 4900 avkmgr - ok
12:22:06.0515 4900 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:22:06.0531 4900 AxInstSV - ok
12:22:06.0593 4900 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:22:06.0624 4900 b06bdrv - ok
12:22:06.0671 4900 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:22:06.0687 4900 b57nd60a - ok
12:22:06.0854 4900 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:22:06.0878 4900 BCM43XX - ok
12:22:06.0974 4900 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:22:06.0985 4900 BDESVC - ok
12:22:07.0049 4900 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:22:07.0053 4900 Beep - ok
12:22:07.0162 4900 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:22:07.0184 4900 BFE - ok
12:22:07.0259 4900 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:22:07.0274 4900 BITS - ok
12:22:07.0332 4900 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:22:07.0340 4900 blbdrive - ok
12:22:07.0529 4900 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
12:22:07.0553 4900 Bonjour Service - ok
12:22:07.0633 4900 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:22:07.0642 4900 bowser - ok
12:22:07.0685 4900 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:22:07.0690 4900 BrFiltLo - ok
12:22:07.0741 4900 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:22:07.0745 4900 BrFiltUp - ok
12:22:07.0791 4900 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:22:07.0801 4900 BridgeMP - ok
12:22:07.0897 4900 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:22:07.0897 4900 Browser - ok
12:22:07.0975 4900 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:22:08.0006 4900 Brserid - ok
12:22:08.0022 4900 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:22:08.0037 4900 BrSerWdm - ok
12:22:08.0069 4900 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:22:08.0069 4900 BrUsbMdm - ok
12:22:08.0100 4900 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:22:08.0100 4900 BrUsbSer - ok
12:22:08.0147 4900 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:22:08.0147 4900 BthEnum - ok
12:22:08.0178 4900 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:22:08.0197 4900 BTHMODEM - ok
12:22:08.0243 4900 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:22:08.0243 4900 BthPan - ok
12:22:08.0318 4900 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
12:22:08.0333 4900 BTHPORT - ok
12:22:08.0374 4900 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:22:08.0379 4900 bthserv - ok
12:22:08.0414 4900 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
12:22:08.0419 4900 BTHUSB - ok
12:22:08.0458 4900 btusbflt (f18ff3ea66beebd21f641c58a7f26fcd) C:\Windows\system32\drivers\btusbflt.sys
12:22:08.0463 4900 btusbflt - ok
12:22:08.0539 4900 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys
12:22:08.0549 4900 BTWAMPFL - ok
12:22:08.0623 4900 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys
12:22:08.0629 4900 btwaudio - ok
12:22:08.0712 4900 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
12:22:08.0718 4900 btwavdt - ok
12:22:08.0847 4900 btwdins (1ad3a2baf31c4327dcbb2b0eca4a23bb) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:22:08.0856 4900 btwdins - ok
12:22:08.0883 4900 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:22:08.0888 4900 btwl2cap - ok
12:22:08.0925 4900 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
12:22:08.0929 4900 btwrchid - ok
12:22:09.0012 4900 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:22:09.0018 4900 cdfs - ok
12:22:09.0066 4900 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:22:09.0073 4900 cdrom - ok
12:22:09.0130 4900 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:22:09.0135 4900 CertPropSvc - ok
12:22:09.0180 4900 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:22:09.0189 4900 circlass - ok
12:22:09.0285 4900 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:22:09.0291 4900 CLFS - ok
12:22:09.0387 4900 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:22:09.0403 4900 clr_optimization_v2.0.50727_32 - ok
12:22:09.0497 4900 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:22:09.0497 4900 clr_optimization_v2.0.50727_64 - ok
12:22:09.0590 4900 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:22:09.0621 4900 clr_optimization_v4.0.30319_32 - ok
12:22:09.0777 4900 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:22:09.0809 4900 clr_optimization_v4.0.30319_64 - ok
12:22:09.0855 4900 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:22:09.0871 4900 CmBatt - ok
12:22:09.0918 4900 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:22:09.0918 4900 cmdide - ok
12:22:09.0981 4900 cmusbser (779f499d7791f65f6a5ba97c5d2627c8) C:\Windows\system32\DRIVERS\cmusbser.sys
12:22:09.0990 4900 cmusbser - ok
12:22:10.0073 4900 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:22:10.0094 4900 CNG - ok
12:22:10.0212 4900 Communication Modem Device Manager II (d5a33465209c6c07f4aec31611f1ae5a) C:\Windows\SysWOW64\RegService.exe
12:22:10.0221 4900 Communication Modem Device Manager II - ok
12:22:10.0270 4900 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:22:10.0277 4900 Compbatt - ok
12:22:10.0348 4900 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:22:10.0357 4900 CompositeBus - ok
12:22:10.0369 4900 COMSysApp - ok
12:22:10.0397 4900 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:22:10.0404 4900 crcdisk - ok
12:22:10.0472 4900 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:22:10.0486 4900 CryptSvc - ok
12:22:10.0625 4900 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:22:10.0636 4900 DcomLaunch - ok
12:22:10.0681 4900 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:22:10.0698 4900 defragsvc - ok
12:22:10.0744 4900 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:22:10.0755 4900 DfsC - ok
12:22:10.0825 4900 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:22:10.0842 4900 Dhcp - ok
12:22:10.0878 4900 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:22:10.0879 4900 discache - ok
12:22:10.0915 4900 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:22:10.0925 4900 Disk - ok
12:22:11.0066 4900 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
12:22:11.0081 4900 DKbFltr - ok
12:22:11.0175 4900 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:22:11.0206 4900 Dnscache - ok
12:22:11.0269 4900 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:22:11.0284 4900 dot3svc - ok
12:22:11.0362 4900 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:22:11.0378 4900 Dot4 - ok
12:22:11.0425 4900 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
12:22:11.0425 4900 Dot4Print - ok
12:22:11.0471 4900 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:22:11.0488 4900 dot4usb - ok
12:22:11.0542 4900 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:22:11.0545 4900 DPS - ok
12:22:11.0604 4900 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:22:11.0608 4900 drmkaud - ok
12:22:11.0750 4900 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:22:11.0772 4900 DXGKrnl - ok
12:22:11.0806 4900 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:22:11.0816 4900 EapHost - ok
12:22:12.0287 4900 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:22:12.0392 4900 ebdrv - ok
12:22:12.0588 4900 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:22:12.0588 4900 EFS - ok
12:22:12.0791 4900 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:22:12.0838 4900 ehRecvr - ok
12:22:12.0947 4900 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:22:12.0963 4900 ehSched - ok
12:22:13.0072 4900 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:22:13.0091 4900 elxstor - ok
12:22:13.0140 4900 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
12:22:13.0149 4900 enecir - ok
12:22:13.0161 4900 enecirhid (e17eb95358f396e27d573a1b20f891f8) C:\Windows\system32\DRIVERS\enecirhid.sys
12:22:13.0166 4900 enecirhid - ok
12:22:13.0177 4900 enecirhidma (8492d808c79bd6fe439f77be84956cdf) C:\Windows\system32\DRIVERS\enecirhidma.sys
12:22:13.0181 4900 enecirhidma - ok
12:22:13.0367 4900 ePowerSvc (feb08a605613dbac49a12f8711882201) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
12:22:13.0389 4900 ePowerSvc - ok
12:22:13.0444 4900 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:22:13.0462 4900 ErrDev - ok
12:22:13.0529 4900 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:22:13.0566 4900 EventSystem - ok
12:22:13.0607 4900 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:22:13.0620 4900 exfat - ok
12:22:13.0693 4900 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:22:13.0706 4900 fastfat - ok
12:22:13.0796 4900 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:22:13.0816 4900 Fax - ok
12:22:13.0845 4900 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:22:13.0872 4900 fdc - ok
12:22:13.0919 4900 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:22:13.0925 4900 fdPHost - ok
12:22:13.0937 4900 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:22:13.0945 4900 FDResPub - ok
12:22:13.0992 4900 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:22:14.0000 4900 FileInfo - ok
12:22:14.0016 4900 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:22:14.0022 4900 Filetrace - ok
12:22:14.0048 4900 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:22:14.0048 4900 flpydisk - ok
12:22:14.0126 4900 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:22:14.0142 4900 FltMgr - ok
12:22:14.0251 4900 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:22:14.0313 4900 FontCache - ok
12:22:14.0485 4900 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:22:14.0485 4900 FontCache3.0.0.0 - ok
12:22:14.0563 4900 FPSensor (305380d5d33bfdeaaf14d73e969239fc) C:\Windows\system32\Drivers\FPSensor.sys
12:22:14.0579 4900 FPSensor - ok
12:22:14.0629 4900 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:22:14.0638 4900 FsDepends - ok
12:22:14.0706 4900 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
12:22:14.0715 4900 fssfltr - ok
12:22:15.0084 4900 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:22:15.0147 4900 fsssvc - ok
12:22:15.0562 4900 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:22:15.0568 4900 Fs_Rec - ok
12:22:15.0664 4900 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:22:15.0664 4900 fvevol - ok
12:22:15.0711 4900 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:22:15.0727 4900 gagp30kx - ok
12:22:15.0774 4900 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:22:15.0789 4900 GEARAspiWDM - ok
12:22:15.0961 4900 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:22:15.0992 4900 gpsvc - ok
12:22:16.0132 4900 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
12:22:16.0191 4900 Greg_Service - ok
12:22:16.0313 4900 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:22:16.0315 4900 gupdate - ok
12:22:16.0332 4900 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:22:16.0333 4900 gupdatem - ok
12:22:16.0445 4900 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:22:16.0450 4900 hcw85cir - ok
12:22:16.0522 4900 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:22:16.0532 4900 HdAudAddService - ok
12:22:16.0596 4900 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:22:16.0597 4900 HDAudBus - ok
12:22:16.0636 4900 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:22:16.0640 4900 HECIx64 - ok
12:22:16.0668 4900 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:22:16.0671 4900 HidBatt - ok
12:22:16.0698 4900 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:22:16.0703 4900 HidBth - ok
12:22:16.0749 4900 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:22:16.0757 4900 HidIr - ok
12:22:16.0782 4900 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:22:16.0786 4900 hidserv - ok
12:22:16.0832 4900 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:22:16.0839 4900 HidUsb - ok
12:22:16.0909 4900 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:22:16.0919 4900 hkmsvc - ok
12:22:16.0967 4900 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:22:16.0986 4900 HomeGroupListener - ok
12:22:17.0041 4900 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:22:17.0056 4900 HomeGroupProvider - ok
12:22:17.0218 4900 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:22:17.0218 4900 hpqcxs08 - ok
12:22:17.0280 4900 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:22:17.0280 4900 hpqddsvc - ok
12:22:17.0343 4900 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:22:17.0358 4900 HpSAMD - ok
12:22:17.0483 4900 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:22:17.0499 4900 HPSLPSVC - ok
12:22:17.0608 4900 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:22:17.0608 4900 HTTP - ok
12:22:17.0655 4900 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:22:17.0655 4900 hwpolicy - ok
12:22:17.0728 4900 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:22:17.0740 4900 i8042prt - ok
12:22:17.0849 4900 IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:22:17.0867 4900 IAANTMON - ok
12:22:17.0897 4900 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
12:22:17.0900 4900 iaStor - ok
12:22:17.0975 4900 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:22:17.0991 4900 iaStorV - ok
12:22:18.0133 4900 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:22:18.0149 4900 IDriverT - ok
12:22:18.0266 4900 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:22:18.0306 4900 idsvc - ok
12:22:18.0490 4900 IGBASVC (607013af90e9107664f7204613db5631) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
12:22:18.0555 4900 IGBASVC - ok
12:22:18.0679 4900 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:22:18.0687 4900 iirsp - ok
12:22:18.0772 4900 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:22:18.0803 4900 IKEEXT - ok
12:22:18.0912 4900 inpoutx64 (9321a61a25c7961d9f36852ecaa86f55) C:\Windows\system32\Drivers\inpoutx64.sys
12:22:18.0912 4900 inpoutx64 - ok
12:22:19.0193 4900 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
12:22:19.0224 4900 IntcAzAudAddService - ok
12:22:19.0358 4900 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:22:19.0364 4900 intelide - ok
12:22:19.0406 4900 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:22:19.0408 4900 intelppm - ok
12:22:19.0450 4900 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:22:19.0461 4900 IPBusEnum - ok
12:22:19.0538 4900 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:22:19.0548 4900 IpFilterDriver - ok
12:22:19.0613 4900 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:22:19.0632 4900 iphlpsvc - ok
12:22:19.0679 4900 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:22:19.0690 4900 IPMIDRV - ok
12:22:19.0747 4900 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:22:19.0757 4900 IPNAT - ok
12:22:19.0896 4900 iPod Service (3d62fe4fefe9c67dafec52b534dfa1fb) C:\Program Files\iPod\bin\iPodService.exe
12:22:19.0929 4900 iPod Service - ok
12:22:19.0969 4900 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:22:19.0975 4900 IRENUM - ok
12:22:20.0027 4900 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:22:20.0035 4900 isapnp - ok
12:22:20.0068 4900 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:22:20.0085 4900 iScsiPrt - ok
12:22:20.0158 4900 JMCR (5bd76f820656aeaa2dce66eed8da84b9) C:\Windows\system32\DRIVERS\jmcr.sys
12:22:20.0168 4900 JMCR - ok
12:22:20.0212 4900 johci (e662cb468a1cff3a57e120a212fadd57) C:\Windows\system32\DRIVERS\johci.sys
12:22:20.0218 4900 johci - ok
12:22:20.0263 4900 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:22:20.0279 4900 k57nd60a - ok
12:22:20.0357 4900 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:22:20.0357 4900 kbdclass - ok
12:22:20.0419 4900 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:22:20.0435 4900 kbdhid - ok
12:22:20.0513 4900 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:22:20.0513 4900 KeyIso - ok
12:22:20.0731 4900 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:22:20.0747 4900 KSecDD - ok
12:22:20.0778 4900 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:22:20.0793 4900 KSecPkg - ok
12:22:20.0837 4900 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:22:20.0843 4900 ksthunk - ok
12:22:20.0905 4900 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:22:20.0926 4900 KtmRm - ok
12:22:21.0001 4900 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:22:21.0017 4900 LanmanServer - ok
12:22:21.0116 4900 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:22:21.0130 4900 LanmanWorkstation - ok
12:22:21.0199 4900 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:22:21.0207 4900 lltdio - ok
12:22:21.0264 4900 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:22:21.0279 4900 lltdsvc - ok
12:22:21.0297 4900 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:22:21.0306 4900 lmhosts - ok
12:22:21.0396 4900 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:22:21.0411 4900 LMS - ok
12:22:21.0460 4900 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:22:21.0470 4900 LSI_FC - ok
12:22:21.0508 4900 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:22:21.0518 4900 LSI_SAS - ok
12:22:21.0543 4900 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:22:21.0552 4900 LSI_SAS2 - ok
12:22:21.0603 4900 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:22:21.0614 4900 LSI_SCSI - ok
12:22:21.0674 4900 Ltn_stk7770P (ce8be368ac0f100a62b28c97fede7b25) C:\Windows\system32\DRIVERS\Ltn_stk7770P.sys
12:22:21.0698 4900 Ltn_stk7770P - ok
12:22:21.0735 4900 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:22:21.0746 4900 luafv - ok
12:22:21.0795 4900 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:22:21.0801 4900 Mcx2Svc - ok
12:22:21.0832 4900 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:22:21.0848 4900 megasas - ok
12:22:21.0895 4900 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:22:21.0910 4900 MegaSR - ok
12:22:21.0941 4900 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:22:21.0957 4900 MMCSS - ok
12:22:21.0988 4900 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:22:22.0004 4900 Modem - ok
12:22:22.0019 4900 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:22:22.0019 4900 monitor - ok
12:22:22.0082 4900 MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys
12:22:22.0097 4900 MotioninJoyXFilter - ok
12:22:22.0160 4900 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:22:22.0160 4900 mouclass - ok
12:22:22.0222 4900 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:22:22.0222 4900 mouhid - ok
12:22:22.0285 4900 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:22:22.0285 4900 mountmgr - ok
12:22:22.0331 4900 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:22:22.0347 4900 mpio - ok
12:22:22.0404 4900 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:22:22.0412 4900 mpsdrv - ok
12:22:22.0516 4900 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:22:22.0551 4900 MpsSvc - ok
12:22:22.0615 4900 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:22:22.0627 4900 MRxDAV - ok
12:22:22.0676 4900 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:22:22.0688 4900 mrxsmb - ok
12:22:22.0757 4900 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:22:22.0772 4900 mrxsmb10 - ok
12:22:22.0821 4900 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:22:22.0831 4900 mrxsmb20 - ok
12:22:22.0885 4900 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:22:22.0892 4900 msahci - ok
12:22:22.0947 4900 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:22:22.0959 4900 msdsm - ok
12:22:22.0990 4900 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:22:23.0006 4900 MSDTC - ok
12:22:23.0064 4900 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:22:23.0070 4900 Msfs - ok
12:22:23.0103 4900 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:22:23.0107 4900 mshidkmdf - ok
12:22:23.0164 4900 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:22:23.0170 4900 msisadrv - ok
12:22:23.0219 4900 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:22:23.0231 4900 MSiSCSI - ok
12:22:23.0237 4900 msiserver - ok
12:22:23.0284 4900 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:22:23.0288 4900 MSKSSRV - ok
12:22:23.0302 4900 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:22:23.0306 4900 MSPCLOCK - ok
12:22:23.0326 4900 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:22:23.0330 4900 MSPQM - ok
12:22:23.0386 4900 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:22:23.0401 4900 MsRPC - ok
12:22:23.0448 4900 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:22:23.0448 4900 mssmbios - ok
12:22:23.0495 4900 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:22:23.0495 4900 MSTEE - ok
12:22:23.0526 4900 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:22:23.0526 4900 MTConfig - ok
12:22:23.0557 4900 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:22:23.0557 4900 Mup - ok
12:22:23.0589 4900 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:22:23.0604 4900 mwlPSDFilter - ok
12:22:23.0620 4900 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:22:23.0620 4900 mwlPSDNServ - ok
12:22:23.0651 4900 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:22:23.0651 4900 mwlPSDVDisk - ok
12:22:23.0885 4900 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
12:22:23.0935 4900 MWLService - ok
12:22:24.0096 4900 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:22:24.0125 4900 napagent - ok
12:22:24.0182 4900 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:22:24.0198 4900 NativeWifiP - ok
12:22:24.0354 4900 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
12:22:24.0406 4900 NAUpdate - ok
12:22:24.0802 4900 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:22:24.0831 4900 NDIS - ok
12:22:24.0871 4900 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:22:24.0879 4900 NdisCap - ok
12:22:24.0902 4900 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:22:24.0907 4900 NdisTapi - ok
12:22:24.0939 4900 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:22:24.0955 4900 Ndisuio - ok
12:22:25.0002 4900 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:22:25.0033 4900 NdisWan - ok
12:22:25.0127 4900 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:22:25.0127 4900 NDProxy - ok
12:22:25.0220 4900 Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll
12:22:25.0236 4900 Net Driver HPZ12 - ok
12:22:25.0283 4900 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:22:25.0283 4900 NetBIOS - ok
12:22:25.0376 4900 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:22:25.0392 4900 NetBT - ok
12:22:25.0439 4900 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:22:25.0439 4900 Netlogon - ok
12:22:25.0508 4900 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:22:25.0515 4900 Netman - ok
12:22:25.0662 4900 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:22:25.0678 4900 NetMsmqActivator - ok
12:22:25.0691 4900 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:22:25.0693 4900 NetPipeActivator - ok
12:22:25.0747 4900 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:22:25.0770 4900 netprofm - ok
12:22:25.0776 4900 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:22:25.0778 4900 NetTcpActivator - ok
12:22:25.0784 4900 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:22:25.0786 4900 NetTcpPortSharing - ok
12:22:25.0859 4900 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:22:25.0867 4900 nfrd960 - ok
12:22:27.0090 4900 NIHardwareService (5e7a420dd03071f0555e6ff2e4932d6c) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
12:22:27.0269 4900 NIHardwareService - ok
12:22:27.0584 4900 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:22:27.0606 4900 NlaSvc - ok
12:22:27.0659 4900 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:22:27.0666 4900 Npfs - ok
12:22:27.0698 4900 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:22:27.0706 4900 nsi - ok
12:22:27.0776 4900 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:22:27.0777 4900 nsiproxy - ok
12:22:28.0125 4900 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:22:28.0218 4900 Ntfs - ok
12:22:28.0343 4900 NTI IScheduleSvc (f9b8245befa165e1311af101387bdf5d) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
12:22:28.0359 4900 NTI IScheduleSvc - ok
12:22:28.0437 4900 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
12:22:28.0452 4900 NTIBackupSvc - ok
12:22:28.0657 4900 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
12:22:28.0663 4900 NTIDrvr - ok
12:22:28.0715 4900 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
12:22:28.0767 4900 NTISchedulerSvc - ok
12:22:28.0826 4900 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:22:28.0830 4900 Null - ok
12:22:28.0887 4900 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:22:28.0898 4900 nvraid - ok
12:22:28.0947 4900 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:22:28.0959 4900 nvstor - ok
12:22:29.0018 4900 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:22:29.0030 4900 nv_agp - ok
12:22:29.0073 4900 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:22:29.0075 4900 ohci1394 - ok
12:22:29.0155 4900 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:22:29.0171 4900 ose - ok
12:22:30.0808 4900 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:22:30.0986 4900 osppsvc - ok
12:22:31.0341 4900 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:22:31.0357 4900 p2pimsvc - ok
12:22:31.0435 4900 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:22:31.0451 4900 p2psvc - ok
12:22:31.0591 4900 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:22:31.0607 4900 Parport - ok
12:22:31.0688 4900 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:22:31.0698 4900 partmgr - ok
12:22:31.0742 4900 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:22:31.0757 4900 PcaSvc - ok
12:22:31.0813 4900 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:22:31.0816 4900 pci - ok
12:22:31.0850 4900 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:22:31.0856 4900 pciide - ok
12:22:31.0899 4900 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:22:31.0914 4900 pcmcia - ok
12:22:31.0942 4900 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:22:31.0949 4900 pcw - ok
12:22:31.0992 4900 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:22:32.0013 4900 PEAUTH - ok
12:22:32.0098 4900 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:22:32.0107 4900 PerfHost - ok
12:22:32.0290 4900 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:22:32.0385 4900 pla - ok
12:22:32.0459 4900 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:22:32.0479 4900 PlugPlay - ok
12:22:32.0544 4900 Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll
12:22:32.0555 4900 Pml Driver HPZ12 - ok
12:22:32.0580 4900 PnkBstrA - ok
12:22:32.0612 4900 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:22:32.0622 4900 PNRPAutoReg - ok
12:22:32.0692 4900 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:22:32.0692 4900 PNRPsvc - ok
12:22:32.0770 4900 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:22:32.0801 4900 PolicyAgent - ok
12:22:32.0864 4900 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:22:32.0895 4900 Power - ok
12:22:33.0004 4900 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:22:33.0004 4900 PptpMiniport - ok
12:22:33.0082 4900 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:22:33.0082 4900 Processor - ok
12:22:33.0176 4900 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:22:33.0191 4900 ProfSvc - ok
12:22:33.0248 4900 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:22:33.0251 4900 ProtectedStorage - ok
12:22:33.0331 4900 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:22:33.0334 4900 Psched - ok
12:22:33.0505 4900 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:22:33.0662 4900 ql2300 - ok
12:22:33.0915 4900 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:22:33.0927 4900 ql40xx - ok
12:22:33.0971 4900 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:22:33.0989 4900 QWAVE - ok
12:22:34.0010 4900 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:22:34.0012 4900 QWAVEdrv - ok
12:22:34.0067 4900 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:22:34.0072 4900 RasAcd - ok
12:22:34.0116 4900 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:22:34.0125 4900 RasAgileVpn - ok
12:22:34.0173 4900 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:22:34.0185 4900 RasAuto - ok
12:22:34.0230 4900 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:22:34.0246 4900 Rasl2tp - ok
12:22:34.0308 4900 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:22:34.0324 4900 RasMan - ok
12:22:34.0355 4900 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:22:34.0355 4900 RasPppoe - ok
12:22:34.0402 4900 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:22:34.0402 4900 RasSstp - ok
12:22:34.0542 4900 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:22:34.0589 4900 rdbss - ok
12:22:34.0620 4900 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:22:34.0620 4900 rdpbus - ok
12:22:34.0651 4900 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:22:34.0651 4900 RDPCDD - ok
12:22:34.0683 4900 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:22:34.0683 4900 RDPENCDD - ok
12:22:34.0698 4900 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:22:34.0698 4900 RDPREFMP - ok
12:22:34.0745 4900 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:22:34.0761 4900 RDPWD - ok
12:22:34.0838 4900 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:22:34.0857 4900 rdyboost - ok
12:22:34.0904 4900 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:22:34.0915 4900 RemoteAccess - ok
12:22:34.0946 4900 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:22:34.0962 4900 RemoteRegistry - ok
12:22:35.0057 4900 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:22:35.0068 4900 RFCOMM - ok
12:22:35.0121 4900 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:22:35.0150 4900 RpcEptMapper - ok
12:22:35.0185 4900 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:22:35.0191 4900 RpcLocator - ok
12:22:35.0322 4900 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:22:35.0332 4900 RpcSs - ok
12:22:35.0398 4900 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:22:35.0407 4900 rspndr - ok
12:22:35.0530 4900 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
12:22:35.0559 4900 RS_Service - ok
12:22:35.0643 4900 RTHDMIAzAudService (c20f64fcd5e2b40310a1774495877acd) C:\Windows\system32\drivers\RtHDMIVX.sys
12:22:35.0656 4900 RTHDMIAzAudService - ok
12:22:35.0770 4900 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:22:35.0772 4900 SamSs - ok
12:22:35.0862 4900 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:22:35.0893 4900 sbp2port - ok
12:22:35.0940 4900 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:22:35.0955 4900 SCardSvr - ok
12:22:36.0049 4900 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
12:22:36.0065 4900 SCDEmu - ok
12:22:36.0111 4900 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:22:36.0111 4900 scfilter - ok
12:22:36.0221 4900 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:22:36.0267 4900 Schedule - ok
12:22:36.0314 4900 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:22:36.0314 4900 SCPolicySvc - ok
12:22:36.0385 4900 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:22:36.0404 4900 sdbus - ok
12:22:36.0464 4900 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:22:36.0482 4900 SDRSVC - ok
12:22:36.0521 4900 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:22:36.0526 4900 secdrv - ok
12:22:36.0567 4900 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:22:36.0577 4900 seclogon - ok
12:22:36.0623 4900 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:22:36.0635 4900 SENS - ok
12:22:36.0658 4900 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:22:36.0664 4900 SensrSvc - ok
12:22:36.0689 4900 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:22:36.0693 4900 Serenum - ok
12:22:36.0716 4900 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:22:36.0722 4900 Serial - ok
12:22:36.0793 4900 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:22:36.0830 4900 sermouse - ok
12:22:36.0886 4900 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:22:36.0895 4900 SessionEnv - ok
12:22:36.0945 4900 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:22:36.0950 4900 sffdisk - ok
12:22:36.0981 4900 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:22:36.0987 4900 sffp_mmc - ok
12:22:36.0999 4900 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:22:37.0005 4900 sffp_sd - ok
12:22:37.0070 4900 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:22:37.0075 4900 sfloppy - ok
12:22:37.0242 4900 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:22:37.0260 4900 ShellHWDetection - ok
12:22:37.0307 4900 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:22:37.0316 4900 SiSRaid2 - ok
12:22:37.0338 4900 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:22:37.0338 4900 SiSRaid4 - ok
12:22:37.0384 4900 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:22:37.0400 4900 Smb - ok
12:22:37.0447 4900 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:22:37.0462 4900 SNMPTRAP - ok
12:22:37.0478 4900 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:22:37.0478 4900 spldr - ok
12:22:37.0634 4900 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:22:37.0650 4900 Spooler - ok
12:22:37.0942 4900 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:22:38.0032 4900 sppsvc - ok
12:22:38.0175 4900 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:22:38.0187 4900 sppuinotify - ok
12:22:38.0420 4900 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
12:22:38.0472 4900 sptd - ok
12:22:38.0539 4900 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:22:38.0558 4900 srv - ok
12:22:38.0604 4900 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:22:38.0626 4900 srv2 - ok
12:22:38.0650 4900 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:22:38.0663 4900 srvnet - ok
12:22:38.0739 4900 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:22:38.0753 4900 SSDPSRV - ok
12:22:38.0772 4900 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:22:38.0784 4900 SstpSvc - ok
12:22:38.0845 4900 Steam Client Service - ok
12:22:38.0985 4900 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:22:38.0985 4900 stexstor - ok
12:22:39.0094 4900 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:22:39.0094 4900 StillCam - ok
12:22:39.0172 4900 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:22:39.0203 4900 stisvc - ok
12:22:39.0250 4900 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:22:39.0250 4900 swenum - ok
12:22:39.0454 4900 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:22:39.0472 4900 swprv - ok
12:22:39.0526 4900 SynTP (5aeec2bb8065b563adbc88ca22588953) C:\Windows\system32\DRIVERS\SynTP.sys
12:22:39.0539 4900 SynTP - ok
12:22:39.0740 4900 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:22:39.0794 4900 SysMain - ok
12:22:40.0008 4900 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:22:40.0016 4900 TabletInputService - ok
12:22:40.0039 4900 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:22:40.0049 4900 TapiSrv - ok
12:22:40.0089 4900 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:22:40.0101 4900 TBS - ok
12:22:40.0346 4900 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:22:40.0460 4900 Tcpip - ok
12:22:40.0772 4900 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:22:40.0804 4900 TCPIP6 - ok
12:22:41.0020 4900 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:22:41.0027 4900 tcpipreg - ok
12:22:41.0067 4900 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:22:41.0072 4900 TDPIPE - ok
12:22:41.0149 4900 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:22:41.0169 4900 TDTCP - ok
12:22:41.0245 4900 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:22:41.0255 4900 tdx - ok
12:22:41.0305 4900 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:22:41.0314 4900 TermDD - ok
12:22:41.0411 4900 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:22:41.0436 4900 TermService - ok
12:22:41.0466 4900 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:22:41.0477 4900 Themes - ok
12:22:41.0552 4900 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:22:41.0555 4900 THREADORDER - ok
12:22:41.0611 4900 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:22:41.0625 4900 TrkWks - ok
12:22:41.0748 4900 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:22:41.0751 4900 TrustedInstaller - ok
12:22:41.0823 4900 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:22:41.0824 4900 tssecsrv - ok
12:22:41.0898 4900 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:22:41.0908 4900 TsUsbFlt - ok
12:22:41.0998 4900 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:22:42.0000 4900 tunnel - ok
12:22:42.0048 4900 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
12:22:42.0064 4900 TurboB - ok
12:22:42.0158 4900 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
12:22:42.0158 4900 TurboBoost - ok
12:22:42.0189 4900 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:22:42.0204 4900 uagp35 - ok
12:22:42.0236 4900 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
12:22:42.0251 4900 UBHelper - ok
12:22:42.0360 4900 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:22:42.0376 4900 udfs - ok
12:22:42.0423 4900 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:22:42.0423 4900 UI0Detect - ok
12:22:42.0501 4900 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:22:42.0501 4900 uliagpkx - ok
12:22:42.0579 4900 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:22:42.0588 4900 umbus - ok
12:22:42.0628 4900 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:22:42.0634 4900 UmPass - ok
12:22:43.0008 4900 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:22:43.0072 4900 UNS - ok
12:22:43.0250 4900 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:22:43.0262 4900 Updater Service - ok
12:22:43.0483 4900 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:22:43.0522 4900 upnphost - ok
12:22:43.0618 4900 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
12:22:43.0649 4900 USBAAPL64 - ok
12:22:43.0789 4900 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:22:43.0789 4900 usbaudio - ok
12:22:43.0852 4900 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:22:43.0867 4900 usbccgp - ok
12:22:43.0930 4900 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:22:43.0945 4900 usbcir - ok
12:22:44.0054 4900 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:22:44.0054 4900 usbehci - ok
12:22:44.0086 4900 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:22:44.0117 4900 usbhub - ok
12:22:44.0163 4900 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:22:44.0169 4900 usbohci - ok
12:22:44.0229 4900 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:22:44.0236 4900 usbprint - ok
12:22:44.0296 4900 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:22:44.0304 4900 usbscan - ok
12:22:44.0362 4900 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:22:44.0373 4900 USBSTOR - ok
12:22:44.0422 4900 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:22:44.0430 4900 usbuhci - ok
12:22:44.0501 4900 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:22:44.0515 4900 usbvideo - ok
12:22:44.0596 4900 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
12:22:44.0602 4900 usb_rndisx - ok
12:22:44.0630 4900 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:22:44.0640 4900 UxSms - ok
12:22:44.0703 4900 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:22:44.0706 4900 VaultSvc - ok
12:22:44.0762 4900 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:22:44.0769 4900 vdrvroot - ok
12:22:44.0927 4900 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:22:44.0947 4900 vds - ok
12:22:44.0986 4900 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:22:44.0992 4900 vga - ok
12:22:45.0033 4900 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:22:45.0040 4900 VgaSave - ok
12:22:45.0093 4900 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:22:45.0109 4900 vhdmp - ok
12:22:45.0140 4900 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:22:45.0156 4900 viaide - ok
12:22:45.0202 4900 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:22:45.0218 4900 volmgr - ok
12:22:45.0312 4900 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:22:45.0312 4900 volmgrx - ok
12:22:45.0374 4900 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:22:45.0421 4900 volsnap - ok
12:22:45.0468 4900 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:22:45.0483 4900 vsmraid - ok
12:22:45.0703 4900 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:22:45.0736 4900 VSS - ok
12:22:45.0893 4900 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:22:45.0901 4900 vwifibus - ok
12:22:45.0921 4900 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:22:45.0936 4900 vwififlt - ok
12:22:45.0995 4900 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:22:45.0996 4900 vwifimp - ok
12:22:46.0070 4900 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:22:46.0113 4900 W32Time - ok
12:22:46.0131 4900 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:22:46.0137 4900 WacomPen - ok
12:22:46.0264 4900 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:22:46.0293 4900 WANARP - ok
12:22:46.0298 4900 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:22:46.0300 4900 Wanarpv6 - ok
12:22:46.0432 4900 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:22:46.0525 4900 WatAdminSvc - ok
12:22:46.0709 4900 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:22:46.0772 4900 wbengine - ok
12:22:46.0912 4900 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:22:46.0928 4900 WbioSrvc - ok
12:22:47.0052 4900 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:22:47.0084 4900 wcncsvc - ok
12:22:47.0115 4900 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:22:47.0130 4900 WcsPlugInService - ok
12:22:47.0193 4900 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:22:47.0216 4900 Wd - ok
12:22:47.0261 4900 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:22:47.0285 4900 Wdf01000 - ok
12:22:47.0305 4900 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:22:47.0318 4900 WdiServiceHost - ok
12:22:47.0323 4900 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:22:47.0328 4900 WdiSystemHost - ok
12:22:47.0396 4900 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:22:47.0436 4900 WebClient - ok
12:22:47.0526 4900 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:22:47.0541 4900 Wecsvc - ok
12:22:47.0551 4900 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:22:47.0556 4900 wercplsupport - ok
12:22:47.0589 4900 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:22:47.0594 4900 WerSvc - ok
12:22:47.0639 4900 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:22:47.0643 4900 WfpLwf - ok
12:22:47.0664 4900 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:22:47.0671 4900 WIMMount - ok
12:22:47.0729 4900 WinDefend - ok
12:22:47.0742 4900 WinHttpAutoProxySvc - ok
12:22:47.0817 4900 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:22:47.0881 4900 Winmgmt - ok
12:22:48.0051 4900 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:22:48.0096 4900 WinRM - ok
12:22:48.0247 4900 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:22:48.0310 4900 Wlansvc - ok
12:22:48.0435 4900 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:22:48.0450 4900 wlcrasvc - ok
12:22:48.0715 4900 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:22:48.0770 4900 wlidsvc - ok
12:22:49.0012 4900 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
12:22:49.0015 4900 WmBEnum - ok
12:22:49.0107 4900 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
12:22:49.0115 4900 WmFilter - ok
12:22:49.0178 4900 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
12:22:49.0186 4900 WmHidLo - ok
12:22:49.0214 4900 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:22:49.0215 4900 WmiAcpi - ok
12:22:49.0312 4900 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:22:49.0325 4900 wmiApSrv - ok
12:22:49.0446 4900 WMPNetworkSvc - ok
12:22:49.0527 4900 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
12:22:49.0533 4900 WmVirHid - ok
12:22:49.0609 4900 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
12:22:49.0617 4900 WmXlCore - ok
12:22:49.0666 4900 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:22:49.0674 4900 WPCSvc - ok
12:22:49.0770 4900 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:22:49.0801 4900 WPDBusEnum - ok
12:22:49.0973 4900 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:22:49.0973 4900 ws2ifsl - ok
12:22:50.0035 4900 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:22:50.0035 4900 wscsvc - ok
12:22:50.0097 4900 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:22:50.0097 4900 WSDPrintDevice - ok
12:22:50.0097 4900 WSearch - ok
12:22:50.0357 4900 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:22:50.0422 4900 wuauserv - ok
12:22:50.0570 4900 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:22:50.0580 4900 WudfPf - ok
12:22:50.0613 4900 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:22:50.0625 4900 WUDFRd - ok
12:22:50.0667 4900 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:22:50.0681 4900 wudfsvc - ok
12:22:50.0723 4900 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:22:50.0740 4900 WwanSvc - ok
12:22:50.0784 4900 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
12:22:50.0795 4900 xusb21 - ok
12:22:50.0854 4900 YMIDUSBW (2ee5376d5b38084a4eddc4220c763bf9) C:\Windows\system32\drivers\ymidusbx64.sys
12:22:50.0863 4900 YMIDUSBW - ok
12:22:50.0937 4900 ysusb64 (0dd0078b39825f224bb1634bfb944e66) C:\Windows\system32\drivers\ysusb64.sys
12:22:50.0944 4900 ysusb64 - ok
12:22:50.0990 4900 MBR (0x1B8) (9c51d3fd2697bd2ae931be1d6f1e6ffa) \Device\Harddisk0\DR0
12:22:51.0573 4900 \Device\Harddisk0\DR0 - ok
12:22:51.0604 4900 Boot (0x1200) (7f7bbdf0a8db2170f8b1231f9588222f) \Device\Harddisk0\DR0\Partition0
12:22:51.0604 4900 \Device\Harddisk0\DR0\Partition0 - ok
12:22:51.0604 4900 Boot (0x1200) (0c174a5d620a08a722d9b3cca25585f1) \Device\Harddisk0\DR0\Partition1
12:22:51.0620 4900 \Device\Harddisk0\DR0\Partition1 - ok
12:22:51.0620 4900 ============================================================
12:22:51.0620 4900 Scan finished
12:22:51.0620 4900 ============================================================
12:22:51.0635 2340 Detected object count: 0
12:22:51.0635 2340 Actual detected object count: 0
12:23:13.0418 2940 Deinitialize success

#7 fly-free

fly-free
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 31 May 2012 - 05:43 AM

Than I tried to run Combofix,
after I double click the icon on the desktop, comes out a window like it's exctacting some files, and than nothing.
I waited for 5 minutes, nothing.
It doesn't run. It gets blocked.
I disabled the antivir as specified.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:13 PM

Posted 31 May 2012 - 02:10 PM

Please reboot your computer and run it again,

if it still wont run in normal mode, try running it in safe mode.

If it still won't run in safe mode, reboot and give it another try.

If it's still a no go, delete the copy on your desktop and download a fresh copy, but rename it to svchost.exe before saving it, try running the renamed program, first in normal mode, then in safe mode if it wont run normally, give it lots and lots of time (more than you think it should take)

This new variant is stubborn, but ComboFix should run eventually (with persistence)


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 fly-free

fly-free
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 31 May 2012 - 05:10 PM

I tried to run Combofix in safe mode, also downloading a new copy renamed svchost.exe, but nothing happens.

I tried to run it also two or more times in a row and every time all the icons in the taskbar reset, and it seems like when windows is booting up.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:13 PM

Posted 31 May 2012 - 05:19 PM

ok, we'll try something else

please run the following:

Download the yorkyt.exe disinfection tool
  • Save the file to your Desktop
  • Double click the yorkyt.exe file
  • A reboot will be requested to install a driver
  • Another reboot will be requested to complete the disinfection
  • When the disinfection is completed, accept the message that will be displayed
Attach the Yorkyt.exe.log to your next message (it should be on your desktop)


NEXT


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 fly-free

fly-free
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 01 June 2012 - 07:43 AM

yorkyt log:


2012-06-01 13:42:55: ****************************************************
2012-06-01 13:42:55: Starting UP ... v 0.0.0.220
2012-06-01 13:42:55: ****************************************************
2012-06-01 13:42:55: Stop TPSRV returns: 2
2012-06-01 13:43:10: Listing processes...
2012-06-01 13:43:10: :[System Process]:0
2012-06-01 13:43:10: :System:4
2012-06-01 13:43:10: :smss.exe:444
2012-06-01 13:43:10: :csrss.exe:600
2012-06-01 13:43:10: :wininit.exe:668
2012-06-01 13:43:10: :csrss.exe:688
2012-06-01 13:43:10: :services.exe:732
2012-06-01 13:43:10: :lsass.exe:748
2012-06-01 13:43:10: :lsm.exe:756
2012-06-01 13:43:10: :winlogon.exe:796
2012-06-01 13:43:10: :svchost.exe:928
2012-06-01 13:43:11: :svchost.exe:1008
2012-06-01 13:43:11: :atiesrxx.exe:648
2012-06-01 13:43:11: :svchost.exe:724
2012-06-01 13:43:11: :svchost.exe:944
2012-06-01 13:43:11: :svchost.exe:1040
2012-06-01 13:43:11: :svchost.exe:1172
2012-06-01 13:43:11: :atieclxx.exe:1264
2012-06-01 13:43:11: :svchost.exe:1308
2012-06-01 13:43:11: :CompPtcVUI.exe:1444
2012-06-01 13:43:11: :wlanext.exe:1456
2012-06-01 13:43:11: :conhost.exe:1464
2012-06-01 13:43:11: :spoolsv.exe:1560
2012-06-01 13:43:11: :sched.exe:1612
2012-06-01 13:43:11: :svchost.exe:1676
2012-06-01 13:43:11: :taskhost.exe:1980
2012-06-01 13:43:11: :dwm.exe:1244
2012-06-01 13:43:11: :explorer.exe:2016
2012-06-01 13:43:11: :avguard.exe:2144
2012-06-01 13:43:11: :btwdins.exe:2180
2012-06-01 13:43:11: :RegService.exe:2232
2012-06-01 13:43:11: :ePowerSvc.exe:2296
2012-06-01 13:43:11: :GregHSRW.exe:2376
2012-06-01 13:43:11: :svchost.exe:2408
2012-06-01 13:43:11: :BASVC.exe:2444
2012-06-01 13:43:11: :LMS.exe:2480
2012-06-01 13:43:11: :svchost.exe:2544
2012-06-01 13:43:11: :NIHardwareService.exe:2568
2012-06-01 13:43:11: :svchost.exe:2624
2012-06-01 13:43:11: :PnkBstrA.exe:2644
2012-06-01 13:43:11: :svchost.exe:2672
2012-06-01 13:43:11: :svchost.exe:2704
2012-06-01 13:43:11: :svchost.exe:2724
2012-06-01 13:43:11: :WLIDSVC.EXE:2844
2012-06-01 13:43:11: :IAANTmon.exe:2884
2012-06-01 13:43:11: :WLIDSVCM.EXE:2984
2012-06-01 13:43:11: :avshadow.exe:1908
2012-06-01 13:43:11: :conhost.exe:2588
2012-06-01 13:43:11: :svchost.exe:1428
2012-06-01 13:43:11: :rundll32.exe:3392
2012-06-01 13:43:11: :IAAnotif.exe:3544
2012-06-01 13:43:11: :mwlDaemon.exe:3564
2012-06-01 13:43:11: :SynTPEnh.exe:3588
2012-06-01 13:43:11: :PLFSetI.exe:3596
2012-06-01 13:43:11: :SearchIndexer.exe:3684
2012-06-01 13:43:11: :RAVCpl64.exe:3736
2012-06-01 13:43:11: :LWEMon.exe:3756
2012-06-01 13:43:11: :AcerVCM.exe:3808
2012-06-01 13:43:11: :BTTray.exe:3856
2012-06-01 13:43:11: :hpqtra08.exe:3892
2012-06-01 13:43:11: :SynTPHelper.exe:3972
2012-06-01 13:43:11: :LManager.exe:4012
2012-06-01 13:43:11: :EgisUpdate.exe:3524
2012-06-01 13:43:11: :BackupManagerTray.exe:3940
2012-06-01 13:43:11: :EgisUpdate.exe:608
2012-06-01 13:43:11: :PdtWzd.exe:4116
2012-06-01 13:43:11: :avgnt.exe:4180
2012-06-01 13:43:11: :MOM.exe:4188
2012-06-01 13:43:11: :wmpnetwk.exe:4412
2012-06-01 13:43:11: :hpqste08.exe:3780
2012-06-01 13:43:11: :svchost.exe:3900
2012-06-01 13:43:11: :CCC.exe:4468
2012-06-01 13:43:11: :hpqbam08.exe:4600
2012-06-01 13:43:11: :WmiPrvSE.exe:4688
2012-06-01 13:43:11: :hpqgpc01.exe:4804
2012-06-01 13:43:11: :rundll32.exe:5016
2012-06-01 13:43:11: :ePowerTray.exe:4984
2012-06-01 13:43:11: :unsecapp.exe:4544
2012-06-01 13:43:11: :ePowerEvent.exe:4512
2012-06-01 13:43:11: :UNS.exe:3432
2012-06-01 13:43:11: :PING.EXE:3612
2012-06-01 13:43:11: :conhost.exe:4404
2012-06-01 13:43:11: :PING.EXE:4748
2012-06-01 13:43:11: :conhost.exe:3364
2012-06-01 13:43:11: :audiodg.exe:1004
2012-06-01 13:43:11: :SearchProtocolHost.exe:3924
2012-06-01 13:43:11: :SearchFilterHost.exe:3412
2012-06-01 13:43:11: :yorkyt.exe:4448
2012-06-01 13:43:11: :WmiPrvSE.exe:1500
2012-06-01 13:43:11:
2012-06-01 13:43:11: Setting restore point
2012-06-01 13:43:16: RUN mode
2012-06-01 13:43:16: Determining autonomous or dropped mode...
2012-06-01 13:43:16: Autonomus mode
2012-06-01 13:43:16: ---------------------------------------------------------------------
2012-06-01 13:43:16: Found Service: AeLookupSvc
2012-06-01 13:43:16: Real Path: C:\Windows\System32\aelupsvc.dll
2012-06-01 13:43:16: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-06-01 13:43:16: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-06-01 13:43:16: ServiceDLL: System32\aelupsvc.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: aelupsvc.dll
2012-06-01 13:43:16: Original File Name: aelupsvc.dll.mui
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:16: ---------------------------------------------------------------------
2012-06-01 13:43:16: Found Service: AppIDSvc
2012-06-01 13:43:16: Real Path: C:\Windows\System32\appidsvc.dll
2012-06-01 13:43:16: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-06-01 13:43:16: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-06-01 13:43:16: ServiceDLL: System32\appidsvc.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: appidsvc.dll
2012-06-01 13:43:16: Original File Name: appidsvc.dll.mui
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:16: ---------------------------------------------------------------------
2012-06-01 13:43:16: Found Service: Appinfo
2012-06-01 13:43:16: Real Path: C:\Windows\System32\appinfo.dll
2012-06-01 13:43:16: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-06-01 13:43:16: Description: @%systemroot%\system32\appinfo.dll,-101
2012-06-01 13:43:16: ServiceDLL: System32\appinfo.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: appinfo.dll
2012-06-01 13:43:16: Original File Name: appinfo.dll.mui
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:16: !!!!!!!
2012-06-01 13:43:16: Found Service: AppMgmt
2012-06-01 13:43:16: Real Path: C:\Windows\System32\appmgmts.dll
2012-06-01 13:43:16: Display Name:
2012-06-01 13:43:16: Description:
2012-06-01 13:43:16: ServiceDLL: System32\appmgmts.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: appmgmts.dll
2012-06-01 13:43:16: Original File Name:
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:16: !!!!!!!!!
2012-06-01 13:43:16: ---------------------------------------------------------------------
2012-06-01 13:43:16: Found Service: AudioEndpointBuilder
2012-06-01 13:43:16: Real Path: C:\Windows\System32\Audiosrv.dll
2012-06-01 13:43:16: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-06-01 13:43:16: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-06-01 13:43:16: ServiceDLL: System32\Audiosrv.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: Audiosrv.dll
2012-06-01 13:43:16: Original File Name: audiosrv.dll.mui
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:16: ---------------------------------------------------------------------
2012-06-01 13:43:16: Found Service: AudioSrv
2012-06-01 13:43:16: Real Path: C:\Windows\System32\Audiosrv.dll
2012-06-01 13:43:16: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-06-01 13:43:16: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-06-01 13:43:16: ServiceDLL: System32\Audiosrv.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: Audiosrv.dll
2012-06-01 13:43:16: Original File Name: audiosrv.dll.mui
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:16: ---------------------------------------------------------------------
2012-06-01 13:43:16: Found Service: AxInstSV
2012-06-01 13:43:16: Real Path: C:\Windows\System32\AxInstSV.dll
2012-06-01 13:43:16: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-06-01 13:43:16: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-06-01 13:43:16: ServiceDLL: System32\AxInstSV.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: AxInstSV.dll
2012-06-01 13:43:16: Original File Name: AxInstSv.dll.mui
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:16: ---------------------------------------------------------------------
2012-06-01 13:43:16: Found Service: BDESVC
2012-06-01 13:43:16: Real Path: C:\Windows\System32\bdesvc.dll
2012-06-01 13:43:16: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-06-01 13:43:16: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-06-01 13:43:16: ServiceDLL: System32\bdesvc.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: bdesvc.dll
2012-06-01 13:43:16: Original File Name: BDESVC.DLL.MUI
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:16: ---------------------------------------------------------------------
2012-06-01 13:43:16: Found Service: BFE
2012-06-01 13:43:16: Real Path: C:\Windows\System32\bfe.dll
2012-06-01 13:43:16: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-06-01 13:43:16: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-06-01 13:43:16: ServiceDLL: System32\bfe.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: bfe.dll
2012-06-01 13:43:16: Original File Name: BFE.DLL.MUI
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:16: ---------------------------------------------------------------------
2012-06-01 13:43:16: Found Service: BITS
2012-06-01 13:43:16: Real Path: C:\Windows\System32\qmgr.dll
2012-06-01 13:43:16: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-06-01 13:43:16: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-06-01 13:43:16: ServiceDLL: System32\qmgr.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: qmgr.dll
2012-06-01 13:43:16: Original File Name: qmgr.dll.mui
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:16: ---------------------------------------------------------------------
2012-06-01 13:43:16: Found Service: Browser
2012-06-01 13:43:16: Real Path: C:\Windows\System32\browser.dll
2012-06-01 13:43:16: Display Name: @%systemroot%\system32\browser.dll,-100
2012-06-01 13:43:16: Description: @%systemroot%\system32\browser.dll,-101
2012-06-01 13:43:16: ServiceDLL: System32\browser.dll
2012-06-01 13:43:16: File size: 0
2012-06-01 13:43:16: DLL File name: browser.dll
2012-06-01 13:43:16: Original File Name: browser.dll.mui
2012-06-01 13:43:16: Company:
2012-06-01 13:43:16: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: bthserv
2012-06-01 13:43:17: Real Path: C:\Windows\system32\bthserv.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-06-01 13:43:17: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-06-01 13:43:17: ServiceDLL: system32\bthserv.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: bthserv.dll
2012-06-01 13:43:17: Original File Name: BTHSERV.DLL.MUI
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: CertPropSvc
2012-06-01 13:43:17: Real Path: C:\Windows\System32\certprop.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-06-01 13:43:17: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-06-01 13:43:17: ServiceDLL: System32\certprop.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: certprop.dll
2012-06-01 13:43:17: Original File Name: certprop.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: CryptSvc
2012-06-01 13:43:17: Real Path: C:\Windows\system32\cryptsvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-06-01 13:43:17: ServiceDLL: system32\cryptsvc.dll
2012-06-01 13:43:17: File size: 136192
2012-06-01 13:43:17: DLL File name: cryptsvc.dll
2012-06-01 13:43:17: Original File Name: cryptsvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time: 20101120141824 20110318001011 20110318001011
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: DcomLaunch
2012-06-01 13:43:17: Real Path: C:\Windows\system32\rpcss.dll
2012-06-01 13:43:17: Display Name: @oleres.dll,-5012
2012-06-01 13:43:17: Description: @oleres.dll,-5013
2012-06-01 13:43:17: ServiceDLL: system32\rpcss.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: rpcss.dll
2012-06-01 13:43:17: Original File Name: rpcss.dll
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: defragsvc
2012-06-01 13:43:17: Real Path: C:\Windows\System32\defragsvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-06-01 13:43:17: ServiceDLL: System32\defragsvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: defragsvc.dll
2012-06-01 13:43:17: Original File Name: defragsvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: Dhcp
2012-06-01 13:43:17: Real Path: C:\Windows\system32\dhcpcore.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-06-01 13:43:17: ServiceDLL: system32\dhcpcore.dll
2012-06-01 13:43:17: File size: 254464
2012-06-01 13:43:17: DLL File name: dhcpcore.dll
2012-06-01 13:43:17: Original File Name: dhcpcore.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time: 20101120141830 20110318001015 20110318001015
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: Dnscache
2012-06-01 13:43:17: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-06-01 13:43:17: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-06-01 13:43:17: ServiceDLL: System32\dnsrslvr.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: dnsrslvr.dll
2012-06-01 13:43:17: Original File Name: dnsrslvr.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: dot3svc
2012-06-01 13:43:17: Real Path: C:\Windows\System32\dot3svc.dll
2012-06-01 13:43:17: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-06-01 13:43:17: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-06-01 13:43:17: ServiceDLL: System32\dot3svc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: dot3svc.dll
2012-06-01 13:43:17: Original File Name: dot3svc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: DPS
2012-06-01 13:43:17: Real Path: C:\Windows\system32\dps.dll
2012-06-01 13:43:17: Display Name: @%systemroot%\system32\dps.dll,-500
2012-06-01 13:43:17: Description: @%systemroot%\system32\dps.dll,-501
2012-06-01 13:43:17: ServiceDLL: system32\dps.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: dps.dll
2012-06-01 13:43:17: Original File Name: dps.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: EapHost
2012-06-01 13:43:17: Real Path: C:\Windows\System32\eapsvc.dll
2012-06-01 13:43:17: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-06-01 13:43:17: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-06-01 13:43:17: ServiceDLL: System32\eapsvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: eapsvc.dll
2012-06-01 13:43:17: Original File Name: eapsvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: EventSystem
2012-06-01 13:43:17: Real Path: C:\Windows\system32\es.dll
2012-06-01 13:43:17: Display Name: @comres.dll,-2450
2012-06-01 13:43:17: Description: @comres.dll,-2451
2012-06-01 13:43:17: ServiceDLL: system32\es.dll
2012-06-01 13:43:17: File size: 271360
2012-06-01 13:43:17: DLL File name: es.dll
2012-06-01 13:43:17: Original File Name: ES.DLL
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time: 20090714031519 20090714014438 20090714014438
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: fdPHost
2012-06-01 13:43:17: Real Path: C:\Windows\system32\fdPHost.dll
2012-06-01 13:43:17: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-06-01 13:43:17: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-06-01 13:43:17: ServiceDLL: system32\fdPHost.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: fdPHost.dll
2012-06-01 13:43:17: Original File Name: fdPHost.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: FDResPub
2012-06-01 13:43:17: Real Path: C:\Windows\system32\fdrespub.dll
2012-06-01 13:43:17: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-06-01 13:43:17: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-06-01 13:43:17: ServiceDLL: system32\fdrespub.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: fdrespub.dll
2012-06-01 13:43:17: Original File Name: FDResPub.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: !!!!!!!
2012-06-01 13:43:17: Found Service: FontCache
2012-06-01 13:43:17: Real Path: C:\Windows\system32\FntCache.dll
2012-06-01 13:43:17: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-06-01 13:43:17: Description: @%systemroot%\system32\FntCache.dll,-101
2012-06-01 13:43:17: ServiceDLL: system32\FntCache.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: FntCache.dll
2012-06-01 13:43:17: Original File Name: FontCacheService
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: !!!!!!!!!
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: gpsvc
2012-06-01 13:43:17: Real Path: C:\Windows\System32\gpsvc.dll
2012-06-01 13:43:17: Display Name: @gpapi.dll,-112
2012-06-01 13:43:17: Description: @gpapi.dll,-113
2012-06-01 13:43:17: ServiceDLL: System32\gpsvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: gpsvc.dll
2012-06-01 13:43:17: Original File Name: gpsvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: hidserv
2012-06-01 13:43:17: Real Path: C:\Windows\System32\hidserv.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-06-01 13:43:17: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-06-01 13:43:17: ServiceDLL: System32\hidserv.dll
2012-06-01 13:43:17: File size: 49152
2012-06-01 13:43:17: DLL File name: hidserv.dll
2012-06-01 13:43:17: Original File Name: HIDSERV.DLL.MUI
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time: 20090714031524 20090714015109 20090714015109
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: hkmsvc
2012-06-01 13:43:17: Real Path: C:\Windows\system32\kmsvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-06-01 13:43:17: ServiceDLL: system32\kmsvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: kmsvc.dll
2012-06-01 13:43:17: Original File Name: KmSvc.DLL.MUI
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: HomeGroupListener
2012-06-01 13:43:17: Real Path: C:\Windows\system32\ListSvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-06-01 13:43:17: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-06-01 13:43:17: ServiceDLL: system32\ListSvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: ListSvc.dll
2012-06-01 13:43:17: Original File Name: ListSvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: HomeGroupProvider
2012-06-01 13:43:17: Real Path: C:\Windows\system32\provsvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-06-01 13:43:17: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-06-01 13:43:17: ServiceDLL: system32\provsvc.dll
2012-06-01 13:43:17: File size: 165376
2012-06-01 13:43:17: DLL File name: provsvc.dll
2012-06-01 13:43:17: Original File Name: provsvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time: 20101120142057 20110318000932 20110318000932
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: IKEEXT
2012-06-01 13:43:17: Real Path: C:\Windows\System32\ikeext.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-06-01 13:43:17: ServiceDLL: System32\ikeext.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: ikeext.dll
2012-06-01 13:43:17: Original File Name: IKEEXT.DLL.MUI
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: IPBusEnum
2012-06-01 13:43:17: Real Path: C:\Windows\system32\ipbusenum.dll
2012-06-01 13:43:17: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-06-01 13:43:17: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-06-01 13:43:17: ServiceDLL: system32\ipbusenum.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: ipbusenum.dll
2012-06-01 13:43:17: Original File Name: IPBusEnum.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: iphlpsvc
2012-06-01 13:43:17: Real Path: C:\Windows\System32\iphlpsvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
2012-06-01 13:43:17: ServiceDLL: System32\iphlpsvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: iphlpsvc.dll
2012-06-01 13:43:17: Original File Name: iphlpsvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: KtmRm
2012-06-01 13:43:17: Real Path: C:\Windows\system32\msdtckrm.dll
2012-06-01 13:43:17: Display Name: @comres.dll,-2946
2012-06-01 13:43:17: Description: @comres.dll,-2947
2012-06-01 13:43:17: ServiceDLL: system32\msdtckrm.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: msdtckrm.dll
2012-06-01 13:43:17: Original File Name: MSDTCKRM.DLL
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: LanmanServer
2012-06-01 13:43:17: Real Path: C:\Windows\System32\srvsvc.dll
2012-06-01 13:43:17: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-06-01 13:43:17: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-06-01 13:43:17: ServiceDLL: System32\srvsvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: srvsvc.dll
2012-06-01 13:43:17: Original File Name: SRVSVC.DLL.MUI
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: LanmanWorkstation
2012-06-01 13:43:17: Real Path: C:\Windows\System32\wkssvc.dll
2012-06-01 13:43:17: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-06-01 13:43:17: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-06-01 13:43:17: ServiceDLL: System32\wkssvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: wkssvc.dll
2012-06-01 13:43:17: Original File Name: WKSSVC.DLL.MUI
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: lltdsvc
2012-06-01 13:43:17: Real Path: C:\Windows\System32\lltdsvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-06-01 13:43:17: ServiceDLL: System32\lltdsvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: lltdsvc.dll
2012-06-01 13:43:17: Original File Name: LLTDSVC.DLL
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: lmhosts
2012-06-01 13:43:17: Real Path: C:\Windows\System32\lmhsvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-06-01 13:43:17: ServiceDLL: System32\lmhsvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: lmhsvc.dll
2012-06-01 13:43:17: Original File Name: lmhsvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: Mcx2Svc
2012-06-01 13:43:17: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-06-01 13:43:17: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-06-01 13:43:17: ServiceDLL: system32\Mcx2Svc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: Mcx2Svc.dll
2012-06-01 13:43:17: Original File Name: Mcx2Svc.dll
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: MMCSS
2012-06-01 13:43:17: Real Path: C:\Windows\system32\mmcss.dll
2012-06-01 13:43:17: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-06-01 13:43:17: Description: @%systemroot%\system32\mmcss.dll,-101
2012-06-01 13:43:17: ServiceDLL: system32\mmcss.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: mmcss.dll
2012-06-01 13:43:17: Original File Name: mmcss.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: MpsSvc
2012-06-01 13:43:17: Real Path: C:\Windows\system32\mpssvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2012-06-01 13:43:17: ServiceDLL: system32\mpssvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: mpssvc.dll
2012-06-01 13:43:17: Original File Name: mpssvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: MSiSCSI
2012-06-01 13:43:17: Real Path: C:\Windows\system32\iscsiexe.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-06-01 13:43:17: ServiceDLL: system32\iscsiexe.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: iscsiexe.dll
2012-06-01 13:43:17: Original File Name: iscsiexe.exe.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: napagent
2012-06-01 13:43:17: Real Path: C:\Windows\system32\qagentRT.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-06-01 13:43:17: ServiceDLL: system32\qagentRT.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: qagentRT.dll
2012-06-01 13:43:17: Original File Name: QAgentRT.DLL.MUI
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: !!!!!!!
2012-06-01 13:43:17: Found Service: Net Driver HPZ12
2012-06-01 13:43:17: Real Path: C:\Windows\system32\HPZinw12.dll
2012-06-01 13:43:17: Display Name:
2012-06-01 13:43:17: Description:
2012-06-01 13:43:17: ServiceDLL: system32\HPZinw12.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: HPZinw12.dll
2012-06-01 13:43:17: Original File Name: Dot4Net.DLL
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: !!!!!!!!!
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: Netman
2012-06-01 13:43:17: Real Path: C:\Windows\System32\netman.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\netman.dll,-110
2012-06-01 13:43:17: ServiceDLL: System32\netman.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: netman.dll
2012-06-01 13:43:17: Original File Name: netman.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: netprofm
2012-06-01 13:43:17: Real Path: C:\Windows\System32\netprofm.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-06-01 13:43:17: ServiceDLL: System32\netprofm.dll
2012-06-01 13:43:17: File size: 360448
2012-06-01 13:43:17: DLL File name: netprofm.dll
2012-06-01 13:43:17: Original File Name: netprofm.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time: 20090714031603 20090714015658 20090714015658
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: NlaSvc
2012-06-01 13:43:17: Real Path: C:\Windows\System32\nlasvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-06-01 13:43:17: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-06-01 13:43:17: ServiceDLL: System32\nlasvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: nlasvc.dll
2012-06-01 13:43:17: Original File Name: nlasvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: nsi
2012-06-01 13:43:17: Real Path: C:\Windows\system32\nsisvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-06-01 13:43:17: ServiceDLL: system32\nsisvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: nsisvc.dll
2012-06-01 13:43:17: Original File Name: nsisvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: p2pimsvc
2012-06-01 13:43:17: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-06-01 13:43:17: ServiceDLL: system32\pnrpsvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: pnrpsvc.dll
2012-06-01 13:43:17: Original File Name: pnrpsvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: ---------------------------------------------------------------------
2012-06-01 13:43:17: Found Service: p2psvc
2012-06-01 13:43:17: Real Path: C:\Windows\system32\p2psvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-06-01 13:43:17: ServiceDLL: system32\p2psvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: p2psvc.dll
2012-06-01 13:43:17: Original File Name: p2psvc.dll.mui
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: !!!!!!!
2012-06-01 13:43:17: Found Service: PcaSvc
2012-06-01 13:43:17: Real Path: C:\Windows\System32\pcasvc.dll
2012-06-01 13:43:17: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-06-01 13:43:17: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-06-01 13:43:17: ServiceDLL: System32\pcasvc.dll
2012-06-01 13:43:17: File size: 0
2012-06-01 13:43:17: DLL File name: pcasvc.dll
2012-06-01 13:43:17: Original File Name:
2012-06-01 13:43:17: Company:
2012-06-01 13:43:17: Mod/Cre/Acc time:
2012-06-01 13:43:17: !!!!!!!!!
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: pla
2012-06-01 13:43:18: Real Path: C:\Windows\system32\pla.dll
2012-06-01 13:43:18: Display Name: @%systemroot%\system32\pla.dll,-500
2012-06-01 13:43:18: Description: @%systemroot%\system32\pla.dll,-501
2012-06-01 13:43:18: ServiceDLL: system32\pla.dll
2012-06-01 13:43:18: File size: 1508864
2012-06-01 13:43:18: DLL File name: pla.dll
2012-06-01 13:43:18: Original File Name: PLA.DLL.MUI
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time: 20101120142054 20110318001001 20110318001001
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: PlugPlay
2012-06-01 13:43:18: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-06-01 13:43:18: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-06-01 13:43:18: ServiceDLL: system32\umpnpmgr.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: umpnpmgr.dll
2012-06-01 13:43:18: Original File Name: Umpnpmgr.DLL.MUI
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: !!!!!!!
2012-06-01 13:43:18: Found Service: Pml Driver HPZ12
2012-06-01 13:43:18: Real Path: C:\Windows\system32\HPZipm12.dll
2012-06-01 13:43:18: Display Name:
2012-06-01 13:43:18: Description:
2012-06-01 13:43:18: ServiceDLL: system32\HPZipm12.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: HPZipm12.dll
2012-06-01 13:43:18: Original File Name: PmlDrv.DLL
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: !!!!!!!!!
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: PNRPAutoReg
2012-06-01 13:43:18: Real Path: C:\Windows\system32\pnrpauto.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-06-01 13:43:18: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-06-01 13:43:18: ServiceDLL: system32\pnrpauto.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: pnrpauto.dll
2012-06-01 13:43:18: Original File Name: pnrpauto.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: PNRPsvc
2012-06-01 13:43:18: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-06-01 13:43:18: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-06-01 13:43:18: ServiceDLL: system32\pnrpsvc.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: pnrpsvc.dll
2012-06-01 13:43:18: Original File Name: pnrpsvc.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: PolicyAgent
2012-06-01 13:43:18: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-06-01 13:43:18: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-06-01 13:43:18: ServiceDLL: System32\ipsecsvc.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: ipsecsvc.dll
2012-06-01 13:43:18: Original File Name: ipsecsvc.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: Power
2012-06-01 13:43:18: Real Path: C:\Windows\system32\umpo.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-06-01 13:43:18: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-06-01 13:43:18: ServiceDLL: system32\umpo.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: umpo.dll
2012-06-01 13:43:18: Original File Name: Umpo.DLL.MUI
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: ProfSvc
2012-06-01 13:43:18: Real Path: C:\Windows\system32\profsvc.dll
2012-06-01 13:43:18: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-06-01 13:43:18: Description: @%systemroot%\system32\profsvc.dll,-301
2012-06-01 13:43:18: ServiceDLL: system32\profsvc.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: profsvc.dll
2012-06-01 13:43:18: Original File Name: ProfSvc.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: QWAVE
2012-06-01 13:43:18: Real Path: C:\Windows\system32\qwave.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-06-01 13:43:18: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-06-01 13:43:18: ServiceDLL: system32\qwave.dll
2012-06-01 13:43:18: File size: 210944
2012-06-01 13:43:18: DLL File name: qwave.dll
2012-06-01 13:43:18: Original File Name: qwave.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time: 20090714031612 20090714015415 20090714015415
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: RasAuto
2012-06-01 13:43:18: Real Path: C:\Windows\System32\rasauto.dll
2012-06-01 13:43:18: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-06-01 13:43:18: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-06-01 13:43:18: ServiceDLL: System32\rasauto.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: rasauto.dll
2012-06-01 13:43:18: Original File Name: rasauto.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: RasMan
2012-06-01 13:43:18: Real Path: C:\Windows\System32\rasmans.dll
2012-06-01 13:43:18: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-06-01 13:43:18: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-06-01 13:43:18: ServiceDLL: System32\rasmans.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: rasmans.dll
2012-06-01 13:43:18: Original File Name: Rasmans.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: RemoteAccess
2012-06-01 13:43:18: Real Path: C:\Windows\System32\mprdim.dll
2012-06-01 13:43:18: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-06-01 13:43:18: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-06-01 13:43:18: ServiceDLL: System32\mprdim.dll
2012-06-01 13:43:18: File size: 75264
2012-06-01 13:43:18: DLL File name: mprdim.dll
2012-06-01 13:43:18: Original File Name: MPRDIM.DLL.MUI
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time: 20090714031541 20090714015426 20090714015426
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: RemoteRegistry
2012-06-01 13:43:18: Real Path: C:\Windows\system32\regsvc.dll
2012-06-01 13:43:18: Display Name: @regsvc.dll,-1
2012-06-01 13:43:18: Description: @regsvc.dll,-2
2012-06-01 13:43:18: ServiceDLL: system32\regsvc.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: regsvc.dll
2012-06-01 13:43:18: Original File Name: REGSVC.DLL.MUI
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: RpcEptMapper
2012-06-01 13:43:18: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-06-01 13:43:18: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-06-01 13:43:18: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-06-01 13:43:18: ServiceDLL: System32\RpcEpMap.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: RpcEpMap.dll
2012-06-01 13:43:18: Original File Name: RpcEpMap.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: RpcSs
2012-06-01 13:43:18: Real Path: C:\Windows\system32\rpcss.dll
2012-06-01 13:43:18: Display Name: @oleres.dll,-5010
2012-06-01 13:43:18: Description: @oleres.dll,-5011
2012-06-01 13:43:18: ServiceDLL: system32\rpcss.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: rpcss.dll
2012-06-01 13:43:18: Original File Name: rpcss.dll
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: SCardSvr
2012-06-01 13:43:18: Real Path: C:\Windows\System32\SCardSvr.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-06-01 13:43:18: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-06-01 13:43:18: ServiceDLL: System32\SCardSvr.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: SCardSvr.dll
2012-06-01 13:43:18: Original File Name: SCardSvr.exe.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: Schedule
2012-06-01 13:43:18: Real Path: C:\Windows\system32\schedsvc.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-06-01 13:43:18: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-06-01 13:43:18: ServiceDLL: system32\schedsvc.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: schedsvc.dll
2012-06-01 13:43:18: Original File Name: schedsvc.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: SCPolicySvc
2012-06-01 13:43:18: Real Path: C:\Windows\System32\certprop.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-06-01 13:43:18: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-06-01 13:43:18: ServiceDLL: System32\certprop.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: certprop.dll
2012-06-01 13:43:18: Original File Name: certprop.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: SDRSVC
2012-06-01 13:43:18: Real Path: C:\Windows\System32\SDRSVC.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-06-01 13:43:18: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-06-01 13:43:18: ServiceDLL: System32\SDRSVC.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: SDRSVC.dll
2012-06-01 13:43:18: Original File Name: SDRSVC.DLL.MUI
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: seclogon
2012-06-01 13:43:18: Real Path: C:\Windows\system32\seclogon.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-06-01 13:43:18: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-06-01 13:43:18: ServiceDLL: system32\seclogon.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: seclogon.dll
2012-06-01 13:43:18: Original File Name: SECLOGON.EXE.MUI
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: SENS
2012-06-01 13:43:18: Real Path: C:\Windows\System32\sens.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-06-01 13:43:18: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-06-01 13:43:18: ServiceDLL: System32\sens.dll
2012-06-01 13:43:18: File size: 49664
2012-06-01 13:43:18: DLL File name: sens.dll
2012-06-01 13:43:18: Original File Name: sens.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time: 20090714031613 20090714012158 20090714012158
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: SensrSvc
2012-06-01 13:43:18: Real Path: C:\Windows\system32\sensrsvc.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-06-01 13:43:18: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-06-01 13:43:18: ServiceDLL: system32\sensrsvc.dll
2012-06-01 13:43:18: File size: 0
2012-06-01 13:43:18: DLL File name: sensrsvc.dll
2012-06-01 13:43:18: Original File Name: sensrsvc.dll.mui
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time:
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: SessionEnv
2012-06-01 13:43:18: Real Path: C:\Windows\system32\sessenv.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-06-01 13:43:18: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-06-01 13:43:18: ServiceDLL: system32\sessenv.dll
2012-06-01 13:43:18: File size: 113664
2012-06-01 13:43:18: DLL File name: sessenv.dll
2012-06-01 13:43:18: Original File Name: SessEnv.DLL.MUI
2012-06-01 13:43:18: Company:
2012-06-01 13:43:18: Mod/Cre/Acc time: 20101120142108 20110318001023 20110318001023
2012-06-01 13:43:18: ---------------------------------------------------------------------
2012-06-01 13:43:18: Found Service: ShellHWDetection
2012-06-01 13:43:18: Real Path: C:\Windows\System32\shsvcs.dll
2012-06-01 13:43:18: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-06-01 13:43:19: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-06-01 13:43:19: ServiceDLL: System32\shsvcs.dll
2012-06-01 13:43:19: File size: 328192
2012-06-01 13:43:19: DLL File name: shsvcs.dll
2012-06-01 13:43:19: Original File Name: SHSVCS.DLL.MUI
2012-06-01 13:43:19: Company:
2012-06-01 13:43:19: Mod/Cre/Acc time: 20101120142119 20110318000957 20110318000957
2012-06-01 13:43:19: ---------------------------------------------------------------------
2012-06-01 13:43:19: Found Service: sppuinotify
2012-06-01 13:43:19: Real Path: C:\Windows\system32\sppuinotify.dll
2012-06-01 13:43:19: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-06-01 13:43:19: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-06-01 13:43:19: ServiceDLL: system32\sppuinotify.dll
2012-06-01 13:43:19: File size: 0
2012-06-01 13:43:19: DLL File name: sppuinotify.dll
2012-06-01 13:43:19: Original File Name: sppuinotify.dll.mui
2012-06-01 13:43:19: Company:
2012-06-01 13:43:19: Mod/Cre/Acc time:
2012-06-01 13:43:19: ---------------------------------------------------------------------
2012-06-01 13:43:19: Found Service: SSDPSRV
2012-06-01 13:43:19: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-06-01 13:43:19: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-06-01 13:43:19: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-06-01 13:43:19: ServiceDLL: System32\ssdpsrv.dll
2012-06-01 13:43:19: File size: 0
2012-06-01 13:43:19: DLL File name: ssdpsrv.dll
2012-06-01 13:43:19: Original File Name: ssdpsrv.dll.mui
2012-06-01 13:43:19: Company:
2012-06-01 13:43:19: Mod/Cre/Acc time:
2012-06-01 13:43:19: ---------------------------------------------------------------------
2012-06-01 13:43:19: Found Service: SstpSvc
2012-06-01 13:43:19: Real Path: C:\Windows\system32\sstpsvc.dll
2012-06-01 13:43:19: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-06-01 13:43:19: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-06-01 13:43:19: ServiceDLL: system32\sstpsvc.dll
2012-06-01 13:43:19: File size: 0
2012-06-01 13:43:19: DLL File name: sstpsvc.dll
2012-06-01 13:43:19: Original File Name: sstpsvc.dll.mui
2012-06-01 13:43:19: Company:
2012-06-01 13:43:19: Mod/Cre/Acc time:
2012-06-01 13:43:19: ---------------------------------------------------------------------
2012-06-01 13:43:19: Found Service: stisvc
2012-06-01 13:43:19: Real Path: C:\Windows\System32\wiaservc.dll
2012-06-01 13:43:19: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-06-01 13:43:19: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-06-01 13:43:19: ServiceDLL: System32\wiaservc.dll
2012-06-01 13:43:19: File size: 0
2012-06-01 13:43:19: DLL File name: wiaservc.dll
2012-06-01 13:43:19: Original File Name: WIASERVC.DLL.MUI
2012-06-01 13:43:19: Company:
2012-06-01 13:43:19: Mod/Cre/Acc time:
2012-06-01 13:43:19: ---------------------------------------------------------------------
2012-06-01 13:43:19: Found Service: swprv
2012-06-01 13:43:19: Real Path: C:\Windows\System32\swprv.dll
2012-06-01 13:43:19: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-06-01 13:43:19: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-06-01 13:43:19: ServiceDLL: System32\swprv.dll
2012-06-01 13:43:19: File size: 0
2012-06-01 13:43:19: DLL File name: swprv.dll
2012-06-01 13:43:19: Original File Name: SWPRV.DLL.MUI
2012-06-01 13:43:19: Company:
2012-06-01 13:43:19: Mod/Cre/Acc time:
2012-06-01 13:43:19: ---------------------------------------------------------------------
2012-06-01 13:43:19: Found Service: SysMain
2012-06-01 13:43:19: Real Path: C:\Windows\system32\sysmain.dll
2012-06-01 13:43:19: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-06-01 13:43:19: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-06-01 13:43:19: ServiceDLL: system32\sysmain.dll
2012-06-01 13:43:19: File size: 0
2012-06-01 13:43:19: DLL File name: sysmain.dll
2012-06-01 13:43:19: Original File Name: sysmain.dll.mui
2012-06-01 13:43:19: Company:
2012-06-01 13:43:19: Mod/Cre/Acc time:
2012-06-01 13:43:19: ---------------------------------------------------------------------
2012-06-01 13:43:19: Found Service: TabletInputService
2012-06-01 13:43:19: Real Path: C:\Windows\System32\TabSvc.dll
2012-06-01 13:43:19: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-06-01 13:43:19: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-06-01 13:43:19: ServiceDLL: System32\TabSvc.dll
2012-06-01 13:43:19: File size: 0
2012-06-01 13:43:19: DLL File name: TabSvc.dll
2012-06-01 13:43:19: Original File Name: TabSvc.dll.mui
2012-06-01 13:43:19: Company:
2012-06-01 13:43:19: Mod/Cre/Acc time:
2012-06-01 13:43:19: ---------------------------------------------------------------------
2012-06-01 13:43:19: Found Service: TapiSrv
2012-06-01 13:43:19: Real Path: C:\Windows\System32\tapisrv.dll
2012-06-01 13:43:19: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-06-01 13:43:19: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-06-01 13:43:19: ServiceDLL: System32\tapisrv.dll
2012-06-01 13:43:19: File size: 242176
2012-06-01 13:43:19: DLL File name: tapisrv.dll
2012-06-01 13:43:19: Original File Name: TAPISRV.EXE.MUI
2012-06-01 13:43:19: Company:
2012-06-01 13:43:19: Mod/Cre/Acc time: 20101120142128 20110318000945 20110318000945
2012-06-01 13:43:19: ---------------------------------------------------------------------
2012-06-01 13:43:19: Found Service: TBS
2012-06-01 13:43:19: Real Path: C:\Windows\System32\tbssvc.dll
2012-06-01 13:43:19: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-06-01 13:43:19: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-06-01 13:43:19: ServiceDLL: System32\tbssvc.dll
2012-06-01 13:43:19: File size: 0
2012-06-01 13:43:19: DLL File name: tbssvc.dll
2012-06-01 13:43:19: Original File Name: TBSSVC.DLL.MUI
2012-06-01 13:43:19: Company:
2012-06-01 13:43:19: Mod/Cre/Acc time:
2012-06-01 13:43:19: ---------------------------------------------------------------------
2012-06-01 13:43:19: Found Service: TermService
2012-06-01 13:43:20: Real Path: C:\Windows\System32\termsrv.dll
2012-06-01 13:43:20: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-06-01 13:43:20: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-06-01 13:43:20: ServiceDLL: System32\termsrv.dll
2012-06-01 13:43:20: File size: 0
2012-06-01 13:43:20: DLL File name: termsrv.dll
2012-06-01 13:43:20: Original File Name: termsrv.dll.mui
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time:
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: Themes
2012-06-01 13:43:20: Real Path: C:\Windows\system32\themeservice.dll
2012-06-01 13:43:20: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-06-01 13:43:20: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-06-01 13:43:20: ServiceDLL: system32\themeservice.dll
2012-06-01 13:43:20: File size: 0
2012-06-01 13:43:20: DLL File name: themeservice.dll
2012-06-01 13:43:20: Original File Name: THEMESERVICE.DLL.MUI
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time:
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: THREADORDER
2012-06-01 13:43:20: Real Path: C:\Windows\system32\mmcss.dll
2012-06-01 13:43:20: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-06-01 13:43:20: Description: @%systemroot%\system32\mmcss.dll,-103
2012-06-01 13:43:20: ServiceDLL: system32\mmcss.dll
2012-06-01 13:43:20: File size: 0
2012-06-01 13:43:20: DLL File name: mmcss.dll
2012-06-01 13:43:20: Original File Name: mmcss.dll.mui
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time:
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: TrkWks
2012-06-01 13:43:20: Real Path: C:\Windows\System32\trkwks.dll
2012-06-01 13:43:20: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-06-01 13:43:20: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-06-01 13:43:20: ServiceDLL: System32\trkwks.dll
2012-06-01 13:43:20: File size: 0
2012-06-01 13:43:20: DLL File name: trkwks.dll
2012-06-01 13:43:20: Original File Name: trkwks.dll.mui
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time:
2012-06-01 13:43:20: !!!!!!!
2012-06-01 13:43:20: Found Service: upnphost
2012-06-01 13:43:20: Real Path: C:\Windows\System32\upnphost.dll
2012-06-01 13:43:20: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-06-01 13:43:20: Description: @%systemroot%\system32\upnphost.dll,-214
2012-06-01 13:43:20: ServiceDLL: System32\upnphost.dll
2012-06-01 13:43:20: File size: 266752
2012-06-01 13:43:20: DLL File name: upnphost.dll
2012-06-01 13:43:20: Original File Name: unpnhost.dll.mui
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time: 20090714031617 20090714015541 20090714015541
2012-06-01 13:43:20: !!!!!!!!!
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: UxSms
2012-06-01 13:43:20: Real Path: C:\Windows\System32\uxsms.dll
2012-06-01 13:43:20: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-06-01 13:43:20: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-06-01 13:43:20: ServiceDLL: System32\uxsms.dll
2012-06-01 13:43:20: File size: 0
2012-06-01 13:43:20: DLL File name: uxsms.dll
2012-06-01 13:43:20: Original File Name: UxSms.dll
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time:
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: W32Time
2012-06-01 13:43:20: Real Path: C:\Windows\system32\w32time.dll
2012-06-01 13:43:20: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-06-01 13:43:20: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-06-01 13:43:20: ServiceDLL: system32\w32time.dll
2012-06-01 13:43:20: File size: 0
2012-06-01 13:43:20: DLL File name: w32time.dll
2012-06-01 13:43:20: Original File Name: w32time.dll.mui
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time:
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: WbioSrvc
2012-06-01 13:43:20: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-06-01 13:43:20: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-06-01 13:43:20: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-06-01 13:43:20: ServiceDLL: System32\wbiosrvc.dll
2012-06-01 13:43:20: File size: 0
2012-06-01 13:43:20: DLL File name: wbiosrvc.dll
2012-06-01 13:43:20: Original File Name: wbiosrvc.dll.mui
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time:
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: wcncsvc
2012-06-01 13:43:20: Real Path: C:\Windows\System32\wcncsvc.dll
2012-06-01 13:43:20: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-06-01 13:43:20: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-06-01 13:43:20: ServiceDLL: System32\wcncsvc.dll
2012-06-01 13:43:20: File size: 276992
2012-06-01 13:43:20: DLL File name: wcncsvc.dll
2012-06-01 13:43:20: Original File Name: WCNCSVC.DLL.MUI
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time: 20101120142135 20110318000955 20110318000955
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: WcsPlugInService
2012-06-01 13:43:20: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-06-01 13:43:20: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-06-01 13:43:20: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-06-01 13:43:20: ServiceDLL: System32\WcsPlugInService.dll
2012-06-01 13:43:20: File size: 32768
2012-06-01 13:43:20: DLL File name: WcsPlugInService.dll
2012-06-01 13:43:20: Original File Name: WcsPlugInService.DLL.MUI
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time: 20090714031618 20090714012513 20090714012513
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: WdiServiceHost
2012-06-01 13:43:20: Real Path: C:\Windows\system32\wdi.dll
2012-06-01 13:43:20: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-06-01 13:43:20: Description: @%systemroot%\system32\wdi.dll,-503
2012-06-01 13:43:20: ServiceDLL: system32\wdi.dll
2012-06-01 13:43:20: File size: 76288
2012-06-01 13:43:20: DLL File name: wdi.dll
2012-06-01 13:43:20: Original File Name: wdi.dll.mui
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time: 20090714031618 20090714011947 20090714011947
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: WdiSystemHost
2012-06-01 13:43:20: Real Path: C:\Windows\system32\wdi.dll
2012-06-01 13:43:20: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-06-01 13:43:20: Description: @%systemroot%\system32\wdi.dll,-501
2012-06-01 13:43:20: ServiceDLL: system32\wdi.dll
2012-06-01 13:43:20: File size: 76288
2012-06-01 13:43:20: DLL File name: wdi.dll
2012-06-01 13:43:20: Original File Name: wdi.dll.mui
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time: 20090714031618 20090714011947 20090714011947
2012-06-01 13:43:20: !!!!!!!
2012-06-01 13:43:20: Found Service: WebClient
2012-06-01 13:43:20: Real Path: C:\Windows\System32\webclnt.dll
2012-06-01 13:43:20: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-06-01 13:43:20: Description: @%systemroot%\system32\webclnt.dll,-101
2012-06-01 13:43:20: ServiceDLL: System32\webclnt.dll
2012-06-01 13:43:20: File size: 204800
2012-06-01 13:43:20: DLL File name: webclnt.dll
2012-06-01 13:43:20: Original File Name: davsvc.dll.mui
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time: 20101120142135 20110318001021 20110318001021
2012-06-01 13:43:20: !!!!!!!!!
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: Wecsvc
2012-06-01 13:43:20: Real Path: C:\Windows\system32\wecsvc.dll
2012-06-01 13:43:20: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-06-01 13:43:20: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-06-01 13:43:20: ServiceDLL: system32\wecsvc.dll
2012-06-01 13:43:20: File size: 0
2012-06-01 13:43:20: DLL File name: wecsvc.dll
2012-06-01 13:43:20: Original File Name: wecsvc.dll.mui
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time:
2012-06-01 13:43:20: !!!!!!!
2012-06-01 13:43:20: Found Service: wercplsupport
2012-06-01 13:43:20: Real Path: C:\Windows\System32\wercplsupport.dll
2012-06-01 13:43:20: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-06-01 13:43:20: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-06-01 13:43:20: ServiceDLL: System32\wercplsupport.dll
2012-06-01 13:43:20: File size: 0
2012-06-01 13:43:20: DLL File name: wercplsupport.dll
2012-06-01 13:43:20: Original File Name: ERC
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time:
2012-06-01 13:43:20: !!!!!!!!!
2012-06-01 13:43:20: !!!!!!!
2012-06-01 13:43:20: Found Service: WerSvc
2012-06-01 13:43:20: Real Path: C:\Windows\System32\WerSvc.dll
2012-06-01 13:43:20: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-06-01 13:43:20: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-06-01 13:43:20: ServiceDLL: System32\WerSvc.dll
2012-06-01 13:43:20: File size: 0
2012-06-01 13:43:20: DLL File name: WerSvc.dll
2012-06-01 13:43:20: Original File Name: wersvc
2012-06-01 13:43:20: Company:
2012-06-01 13:43:20: Mod/Cre/Acc time:
2012-06-01 13:43:20: !!!!!!!!!
2012-06-01 13:43:20: ---------------------------------------------------------------------
2012-06-01 13:43:20: Found Service: Winmgmt
2012-06-01 13:43:20: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-06-01 13:43:20: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-06-01 13:43:20: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-06-01 13:43:20: ServiceDLL: system32\wbem\WMIsvc.dll
2012-06-01 13:43:21: File size: 0
2012-06-01 13:43:21: DLL File name: WMIsvc.dll
2012-06-01 13:43:21: Original File Name: wmisvc.dll.mui
2012-06-01 13:43:21: Company:
2012-06-01 13:43:21: Mod/Cre/Acc time:
2012-06-01 13:43:21: ---------------------------------------------------------------------
2012-06-01 13:43:21: Found Service: WinRM
2012-06-01 13:43:21: Real Path: C:\Windows\system32\WsmSvc.dll
2012-06-01 13:43:21: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-06-01 13:43:21: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-06-01 13:43:21: ServiceDLL: system32\WsmSvc.dll
2012-06-01 13:43:21: File size: 1175040
2012-06-01 13:43:21: DLL File name: WsmSvc.dll
2012-06-01 13:43:21: Original File Name: WsmSvc.dll.mui
2012-06-01 13:43:21: Company:
2012-06-01 13:43:21: Mod/Cre/Acc time: 20101120142139 20110318001025 20110318001025
2012-06-01 13:43:21: ---------------------------------------------------------------------
2012-06-01 13:43:21: Found Service: Wlansvc
2012-06-01 13:43:21: Real Path: C:\Windows\System32\wlansvc.dll
2012-06-01 13:43:21: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-06-01 13:43:21: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-06-01 13:43:21: ServiceDLL: System32\wlansvc.dll
2012-06-01 13:43:21: File size: 0
2012-06-01 13:43:21: DLL File name: wlansvc.dll
2012-06-01 13:43:21: Original File Name: wlansvc.dll.mui
2012-06-01 13:43:21: Company:
2012-06-01 13:43:21: Mod/Cre/Acc time:
2012-06-01 13:43:21: ---------------------------------------------------------------------
2012-06-01 13:43:21: Found Service: WPCSvc
2012-06-01 13:43:21: Real Path: C:\Windows\System32\wpcsvc.dll
2012-06-01 13:43:21: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-06-01 13:43:21: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-06-01 13:43:21: ServiceDLL: System32\wpcsvc.dll
2012-06-01 13:43:21: File size: 10752
2012-06-01 13:43:21: DLL File name: wpcsvc.dll
2012-06-01 13:43:21: Original File Name: wpcsvc.exe.mui
2012-06-01 13:43:21: Company:
2012-06-01 13:43:21: Mod/Cre/Acc time: 20090714031620 20090714014010 20090714014010
2012-06-01 13:43:21: ---------------------------------------------------------------------
2012-06-01 13:43:21: Found Service: WPDBusEnum
2012-06-01 13:43:21: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-06-01 13:43:21: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-06-01 13:43:21: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-06-01 13:43:21: ServiceDLL: system32\wpdbusenum.dll
2012-06-01 13:43:21: File size: 0
2012-06-01 13:43:21: DLL File name: wpdbusenum.dll
2012-06-01 13:43:21: Original File Name: WpdBusEnum.DLL.MUI
2012-06-01 13:43:21: Company:
2012-06-01 13:43:21: Mod/Cre/Acc time:
2012-06-01 13:43:21: ---------------------------------------------------------------------
2012-06-01 13:43:21: Found Service: wscsvc
2012-06-01 13:43:21: Real Path: C:\Windows\system32\wscsvc.dll
2012-06-01 13:43:21: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2012-06-01 13:43:21: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2012-06-01 13:43:21: ServiceDLL: system32\wscsvc.dll
2012-06-01 13:43:21: File size: 0
2012-06-01 13:43:21: DLL File name: wscsvc.dll
2012-06-01 13:43:21: Original File Name: wscsvc.dll.mui
2012-06-01 13:43:21: Company:
2012-06-01 13:43:21: Mod/Cre/Acc time:
2012-06-01 13:43:21: ---------------------------------------------------------------------
2012-06-01 13:43:21: Found Service: wuauserv
2012-06-01 13:43:21: Real Path: C:\Windows\system32\wuaueng.dll
2012-06-01 13:43:21: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-06-01 13:43:21: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-06-01 13:43:21: ServiceDLL: system32\wuaueng.dll
2012-06-01 13:43:21: File size: 0
2012-06-01 13:43:21: DLL File name: wuaueng.dll
2012-06-01 13:43:21: Original File Name: wuaueng.dll.mui
2012-06-01 13:43:21: Company:
2012-06-01 13:43:21: Mod/Cre/Acc time:
2012-06-01 13:43:21: ---------------------------------------------------------------------
2012-06-01 13:43:21: Found Service: wudfsvc
2012-06-01 13:43:21: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-06-01 13:43:21: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-06-01 13:43:21: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-06-01 13:43:21: ServiceDLL: System32\WUDFSvc.dll
2012-06-01 13:43:21: File size: 0
2012-06-01 13:43:21: DLL File name: WUDFSvc.dll
2012-06-01 13:43:21: Original File Name: WUDFSvc.dll.mui
2012-06-01 13:43:21: Company:
2012-06-01 13:43:21: Mod/Cre/Acc time:
2012-06-01 13:43:21: ---------------------------------------------------------------------
2012-06-01 13:43:21: Found Service: WwanSvc
2012-06-01 13:43:21: Real Path: C:\Windows\System32\wwansvc.dll
2012-06-01 13:43:21: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-06-01 13:43:21: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-06-01 13:43:21: ServiceDLL: System32\wwansvc.dll
2012-06-01 13:43:21: File size: 0
2012-06-01 13:43:21: DLL File name: wwansvc.dll
2012-06-01 13:43:21: Original File Name: WwanSvc.dll.mui
2012-06-01 13:43:21: Company:
2012-06-01 13:43:21: Mod/Cre/Acc time:
2012-06-01 13:43:21:
2012-06-01 13:43:21: Looking for SHELL key
2012-06-01 13:43:21: Now looking for bad DLL files in system32
2012-06-01 13:44:01: Folder: GAC
2012-06-01 13:44:01: Folder: GAC_32
2012-06-01 13:44:01: ... Fixing permissions on C:\Windows\assembly\GAC_32\desktop.ini
2012-06-01 13:44:01: Folder: GAC_64
2012-06-01 13:44:01: ... Fixing permissions on C:\Windows\assembly\GAC_64\desktop.ini
2012-06-01 13:44:01: Folder: GAC_MSIL
2012-06-01 13:44:01: Folder: NativeImages_v2.0.50727_32
2012-06-01 13:44:01: Folder: NativeImages_v2.0.50727_64
2012-06-01 13:44:01: Folder: NativeImages_v4.0.30319_32
2012-06-01 13:44:01: Folder: NativeImages_v4.0.30319_64
2012-06-01 13:44:01: Folder: temp
2012-06-01 13:44:01: Folder: tmp
2012-06-01 13:44:01: Checking for bad folder
2012-06-01 13:44:01: Found 1 folders.
2012-06-01 13:44:01: Checking C:\Windows\assembly\tmp
2012-06-01 13:44:01: ... Folder test returns: 1
2012-06-01 13:44:01: Done with folder list in C:\Windows\assembly\ tmp
2012-06-01 13:44:01: Requesting bad file: C:\Windows\assembly\GAC_32\desktop.ini
2012-06-01 13:44:01: Requesting bad file: C:\Windows\assembly\GAC_64\desktop.ini
2012-06-01 13:44:02: Running Extractor
2012-06-01 13:44:02: Uploading file
2012-06-01 13:44:03: Locking file: C:\Windows\assembly\GAC_32\desktop.ini
2012-06-01 13:44:03: Locking file: C:\Windows\assembly\GAC_64\desktop.ini
2012-06-01 13:44:03: Autonomous mode, clearing out yt folder
2012-06-01 13:44:03: cmd.exe /c start "C:\Users\Emanuele\Desktop\yorkyt.exe"
2012-06-01 13:44:07: Restarting...
2012-06-01 13:45:34: ****************************************************
2012-06-01 13:45:34: Starting UP ... v 0.0.0.220
2012-06-01 13:45:34: ****************************************************
2012-06-01 13:45:41: Stop TPSRV returns: 2
2012-06-01 13:45:57: Listing processes...
2012-06-01 13:45:57: :[System Process]:0
2012-06-01 13:45:57: :System:4
2012-06-01 13:45:57: :smss.exe:444
2012-06-01 13:45:57: :csrss.exe:604
2012-06-01 13:45:57: :wininit.exe:672
2012-06-01 13:45:57: :csrss.exe:696
2012-06-01 13:45:57: :services.exe:736
2012-06-01 13:45:57: :lsass.exe:756
2012-06-01 13:45:57: :lsm.exe:764
2012-06-01 13:45:57: :winlogon.exe:876
2012-06-01 13:45:57: :svchost.exe:908
2012-06-01 13:45:57: :svchost.exe:996
2012-06-01 13:45:57: :atiesrxx.exe:468
2012-06-01 13:45:57: :svchost.exe:728
2012-06-01 13:45:57: :svchost.exe:700
2012-06-01 13:45:57: :svchost.exe:1032
2012-06-01 13:45:57: :audiodg.exe:1108
2012-06-01 13:45:57: :svchost.exe:1152
2012-06-01 13:45:57: :atieclxx.exe:1260
2012-06-01 13:45:57: :svchost.exe:1352
2012-06-01 13:45:57: :wlanext.exe:1440
2012-06-01 13:45:57: :CompPtcVUI.exe:1452
2012-06-01 13:45:57: :conhost.exe:1460
2012-06-01 13:45:57: :spoolsv.exe:1556
2012-06-01 13:45:57: :sched.exe:1612
2012-06-01 13:45:57: :svchost.exe:1652
2012-06-01 13:45:57: :taskhost.exe:1936
2012-06-01 13:45:57: :taskeng.exe:1984
2012-06-01 13:45:57: :dwm.exe:1692
2012-06-01 13:45:57: :explorer.exe:1772
2012-06-01 13:45:57: :avguard.exe:2140
2012-06-01 13:45:57: :btwdins.exe:2160
2012-06-01 13:45:57: :RegService.exe:2232
2012-06-01 13:45:57: :ePowerSvc.exe:2296
2012-06-01 13:45:57: :GregHSRW.exe:2348
2012-06-01 13:45:57: :svchost.exe:2396
2012-06-01 13:45:57: :BASVC.exe:2432
2012-06-01 13:45:57: :LMS.exe:2500
2012-06-01 13:45:57: :svchost.exe:2528
2012-06-01 13:45:57: :NIHardwareService.exe:2548
2012-06-01 13:45:57: :svchost.exe:2636
2012-06-01 13:45:57: :PnkBstrA.exe:2660
2012-06-01 13:45:57: :svchost.exe:2684
2012-06-01 13:45:57: :svchost.exe:2716
2012-06-01 13:45:57: :svchost.exe:2736
2012-06-01 13:45:57: :WLIDSVC.EXE:2860
2012-06-01 13:45:57: :IAANTmon.exe:2916
2012-06-01 13:45:57: :WLIDSVCM.EXE:2936
2012-06-01 13:45:57: :avshadow.exe:1856
2012-06-01 13:45:57: :conhost.exe:1860
2012-06-01 13:45:57: :svchost.exe:2188
2012-06-01 13:45:57: :rundll32.exe:3216
2012-06-01 13:45:57: :yorkyt.exe:3340
2012-06-01 13:45:57: :IAAnotif.exe:3460
2012-06-01 13:45:57: :mwlDaemon.exe:3472
2012-06-01 13:45:57: :ePowerTrayLauncher.exe:3480
2012-06-01 13:45:57: :WmiPrvSE.exe:3500
2012-06-01 13:45:57: :SynTPEnh.exe:3508
2012-06-01 13:45:57: :PLFSetI.exe:3528
2012-06-01 13:45:57: :SearchIndexer.exe:3660
2012-06-01 13:45:57: :RAVCpl64.exe:3732
2012-06-01 13:45:57: :svchost.exe:3740
2012-06-01 13:45:57: :LWEMon.exe:3776
2012-06-01 13:45:57: :AcerVCM.exe:3860
2012-06-01 13:45:57: :BTTray.exe:3900
2012-06-01 13:45:57: :hpqtra08.exe:3964
2012-06-01 13:45:57: :wmpnscfg.exe:1192
2012-06-01 13:45:57: :wmpnscfg.exe:3588
2012-06-01 13:45:57: :SynTPHelper.exe:3840
2012-06-01 13:45:57: :LManager.exe:3984
2012-06-01 13:45:57: :EgisUpdate.exe:4064
2012-06-01 13:45:57: :BackupManagerTray.exe:3428
2012-06-01 13:45:57: :EgisUpdate.exe:3844
2012-06-01 13:45:57: :PdtWzd.exe:4052
2012-06-01 13:45:57: :CLIStart.exe:2796
2012-06-01 13:45:57: :avgnt.exe:3296
2012-06-01 13:45:57: :MOM.exe:3260
2012-06-01 13:45:57: :wmpnetwk.exe:4144
2012-06-01 13:45:57: :SearchProtocolHost.exe:4216
2012-06-01 13:45:57: :hpqste08.exe:4264
2012-06-01 13:45:57: :SearchFilterHost.exe:4288
2012-06-01 13:45:57: :svchost.exe:4832
2012-06-01 13:45:57:
2012-06-01 13:45:57: Starting cleanup mode...
2012-06-01 13:47:39: ... Done with files, now folders
2012-06-01 13:58:24: All DONE

#12 fly-free

fly-free
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 01 June 2012 - 07:58 AM

OTL gave me only one log. The extra didn't show up.
I tried twice.

I noticed that when I ran it some check mark where added automatically, like in the LOP and PURITY check boxes.
And that the EXTRA REGISTRY option was set to NONE.

log:


OTL logfile created on: 01/06/2012 14:00:28 - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Emanuele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,94 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,91% Memory free
7,87 Gb Paging File | 5,96 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 116,47 Gb Free Space | 25,87% Space Free | Partition Type: NTFS

Computer Name: EMANUELE-PC | User Name: Emanuele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/01 13:13:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Emanuele\Desktop\OTL.exe
PRC - [2012/02/03 15:26:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/02/03 15:26:25 | 000,492,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2012/02/03 15:26:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/02/03 15:26:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/11 00:04:22 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/22 20:34:56 | 000,200,488 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/10/07 09:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 04:37:44 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/09/10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/09/05 10:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
PRC - [2009/09/05 10:17:52 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
PRC - [2009/09/05 10:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/08/28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/07 15:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 15:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/07/11 01:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2008/10/10 16:36:36 | 000,135,168 | ---- | M] () -- C:\Windows\SysWOW64\RegService.exe
PRC - [2008/07/29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/23 03:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
MOD - [2012/05/23 03:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/23 03:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/23 03:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/23 03:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/23 03:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/23 03:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012/05/23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Emanuele\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/02/03 03:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/10/27 04:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV - [2012/02/03 15:26:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/02/03 15:26:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/03/25 18:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/01/27 14:28:38 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/05 12:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/11 00:04:22 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/07 13:23:00 | 000,345,376 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/25 19:21:22 | 005,018,624 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programmi\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Programmi\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009/10/30 02:54:02 | 000,788,000 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programmi\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/24 04:37:56 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/09/05 10:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/08/28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/07 15:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/10 12:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Stopped] -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/18 03:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2009/06/18 03:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/10/10 16:36:36 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\RegService.exe -- (Communication Modem Device Manager II)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/03 15:26:50 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/02/03 15:26:50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/02/03 15:26:49 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/01/13 18:45:12 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012/01/13 18:45:12 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/01/13 18:45:12 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/01/13 18:45:12 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012/01/13 18:45:12 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/01/13 18:31:16 | 000,050,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2012/01/13 15:52:11 | 000,015,008 | ---- | M] (Highresolution Enterprises [www.highrez.co.uk]) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\inpoutx64.sys -- (inpoutx64)
DRV:64bit: - [2011/12/02 19:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011/11/15 17:57:26 | 000,103,752 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ysusb64.sys -- (ysusb64)
DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/06/15 10:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/31 15:04:44 | 000,049,256 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/21 15:38:47 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/10/27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/27 04:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/12/28 11:41:07 | 000,036,400 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/23 04:25:22 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/09/21 04:20:48 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/03 12:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/21 11:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/07 15:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/05 14:15:00 | 000,694,272 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ltn_stk7770P.sys -- (Ltn_stk7770P)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/29 04:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/07 10:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/19 15:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/09/01 18:40:22 | 000,118,144 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmusbser.sys -- (cmusbser)
DRV:64bit: - [2008/04/24 12:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/26 05:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5942&r=27361110t805l0364z135t4942d353
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5942&r=27361110t805l0364z135t4942d353
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5942&r=27361110t805l0364z135t4942d353
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5942&r=27361110t805l0364z135t4942d353
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5942&r=27361110t805l0364z135t4942d353
IE - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\..\SearchScopes\{40310B7E-824C-4E94-A146-E41BCBA2ED9C}: "URL" = http://it.wikipedia.org/w/index.php?title=Speciale:Ricerca&search={searchTerms}
IE - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itIT405
IE - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\..\SearchScopes\{78A38DBF-6E33-4AEB-8956-1462B252D933}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Emanuele\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Emanuele\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Emanuele\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Emanuele\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/10 19:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/13 12:11:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/13 21:27:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/10 19:26:46 | 000,000,000 | ---D | M]

[2011/09/16 13:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emanuele\AppData\Roaming\mozilla\Extensions
[2011/09/16 13:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emanuele\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Emanuele\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Emanuele\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Emanuele\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Emanuele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Emanuele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Emanuele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Users\Emanuele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programmi\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Invia a periferica &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6069D03B-B280-4EA7-9F51-523C68079A24}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BFA0F52-63BB-410B-859F-B7E8C0C5FE6D}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\starter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/01 13:13:25 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Emanuele\Desktop\OTL.exe
[2012/05/31 23:27:07 | 004,533,668 | R--- | C] (Swearware) -- C:\Users\Emanuele\Desktop\svchost.exe
[2012/05/30 22:29:27 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/29 20:56:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Emanuele\Desktop\dds.scr
[2012/05/29 20:54:12 | 000,000,000 | ---D | C] -- C:\Users\Emanuele\AppData\Roaming\Avira
[2012/05/29 19:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/05/29 19:59:01 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/05/29 19:59:01 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/05/29 19:59:01 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/05/29 19:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/05/29 19:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/05/29 19:33:12 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/29 14:56:20 | 000,000,000 | ---D | C] -- C:\Users\Emanuele\AppData\Roaming\Malwarebytes
[2012/05/29 14:56:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/29 14:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/29 14:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/29 14:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/29 00:08:21 | 000,000,000 | ---D | C] -- C:\Users\Emanuele\Documents\Toontrack
[2012/05/29 00:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Toontrack
[2012/05/28 23:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toontrack
[2012/05/22 00:02:04 | 000,000,000 | ---D | C] -- C:\Users\Emanuele\Desktop\Nuova cartella
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Emanuele\Desktop\TDSSKiller.exe
[2012/05/20 15:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/20 15:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solar System 3D Screensaver
[2012/05/20 14:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenSaverGift
[2012/05/20 14:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DesktopAnimated
[2012/05/20 14:21:42 | 000,000,000 | ---D | C] -- C:\Users\Emanuele\AppData\Roaming\TERMINAL Studio
[2012/05/20 14:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free 3D Earth Screensaver
[2012/05/20 14:09:18 | 000,000,000 | ---D | C] -- C:\Users\Emanuele\AppData\Roaming\2Flyer
[2012/05/20 13:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Laconic Software
[2012/05/17 15:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/05/17 15:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/05/16 14:19:21 | 000,000,000 | ---D | C] -- C:\Users\Emanuele\Documents\SimBin
[2012/05/16 13:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimBin
[2012/05/15 17:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimBin
[2012/05/15 17:55:12 | 000,000,000 | ---D | C] -- C:\GTR2
[2012/05/13 16:21:33 | 000,000,000 | ---D | C] -- C:\Users\Emanuele\AppData\Local\Asa_Applications
[2012/05/13 16:21:31 | 000,000,000 | ---D | C] -- C:\Users\Emanuele\AppData\Local\XmlEditor
[2012/05/11 17:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/11 17:37:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/11 17:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/01 13:53:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/01 13:53:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/01 13:52:05 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4124771047-1836047825-3481439714-1001UA.job
[2012/06/01 13:49:23 | 001,633,176 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/01 13:49:23 | 000,731,298 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/06/01 13:49:23 | 000,644,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/01 13:49:23 | 000,143,430 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/06/01 13:49:23 | 000,118,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/01 13:45:05 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/01 13:44:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/01 13:44:50 | 3169,927,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 13:30:05 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/01 13:13:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Emanuele\Desktop\OTL.exe
[2012/06/01 13:13:05 | 001,415,784 | ---- | M] () -- C:\Users\Emanuele\Desktop\yorkyt.exe
[2012/05/31 23:27:44 | 004,533,668 | R--- | M] (Swearware) -- C:\Users\Emanuele\Desktop\svchost.exe
[2012/05/31 12:19:39 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Emanuele\Desktop\TDSSKiller.exe
[2012/05/29 21:30:05 | 000,000,188 | ---- | M] () -- C:\Users\Emanuele\defogger_reenable
[2012/05/29 20:56:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Emanuele\Desktop\dds.scr
[2012/05/29 19:59:08 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/29 19:36:47 | 000,000,270 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/05/29 14:56:17 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/29 13:52:44 | 000,000,441 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/05/28 11:28:54 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4124771047-1836047825-3481439714-1001Core.job
[2012/05/27 22:27:28 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Race Injection.lnk
[2012/05/26 19:15:44 | 000,001,400 | ---- | M] () -- C:\Users\Emanuele\Desktop\GTR 2.lnk
[2012/05/21 22:42:04 | 515,298,802 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/20 20:54:22 | 000,323,662 | ---- | M] () -- C:\Users\Emanuele\Documents\cc_20120520_205359.reg
[2012/05/10 19:20:22 | 000,434,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/01 13:13:01 | 001,415,784 | ---- | C] () -- C:\Users\Emanuele\Desktop\yorkyt.exe
[2012/05/29 21:30:04 | 000,000,188 | ---- | C] () -- C:\Users\Emanuele\defogger_reenable
[2012/05/29 19:59:08 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/29 14:56:17 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 22:42:04 | 515,298,802 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/20 20:54:09 | 000,323,662 | ---- | C] () -- C:\Users\Emanuele\Documents\cc_20120520_205359.reg
[2012/05/20 15:16:15 | 004,305,769 | ---- | C] () -- C:\Windows\SysWow64\Free Solar System Screensaver.scr
[2012/05/16 22:43:55 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Race Injection.lnk
[2012/05/15 17:59:58 | 000,001,400 | ---- | C] () -- C:\Users\Emanuele\Desktop\GTR 2.lnk
[2012/01/06 12:50:41 | 000,684,313 | ---- | C] () -- C:\Windows\unins000.exe
[2012/01/06 12:50:41 | 000,012,293 | ---- | C] () -- C:\Windows\unins000.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/21 16:15:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/08/15 15:40:20 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2011/07/25 14:03:59 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2011/07/14 23:01:44 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/07/08 11:00:18 | 000,081,920 | ---- | C] () -- C:\Windows\asr3232.dll
[2011/07/08 11:00:14 | 000,000,070 | ---- | C] () -- C:\Windows\deamm.ini
[2011/07/08 11:00:08 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\asr3232.dll
[2011/06/29 23:38:35 | 000,000,050 | ---- | C] () -- C:\Windows\Softwing.ini
[2011/06/29 23:38:35 | 000,000,050 | ---- | C] () -- C:\Windows\NextRG.ini
[2011/06/26 12:51:46 | 000,000,061 | ---- | C] () -- C:\Windows\FINSON.INI
[2011/06/13 21:08:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/06/01 12:48:44 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2011/03/10 19:15:12 | 000,214,053 | ---- | C] () -- C:\Windows\hpoins47.dat
[2010/12/31 20:45:49 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/12/31 20:45:49 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/12/11 12:04:24 | 000,000,096 | ---- | C] () -- C:\Users\Emanuele\AppData\Local\fusioncache.dat
[2010/12/11 00:07:05 | 001,661,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/11 00:04:22 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/12/11 00:04:22 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/11 00:04:22 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/04 21:49:33 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/03 18:18:41 | 000,007,605 | ---- | C] () -- C:\Users\Emanuele\AppData\Local\Resmon.ResmonCfg
[2010/11/15 23:28:29 | 000,008,192 | ---- | C] () -- C:\Users\Emanuele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/14 15:01:01 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/11/10 13:13:23 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\RegService.exe
[2010/09/17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2010/11/08 21:57:28 | 000,000,000 | -HSD | M] -- C:\Users\Emanuele\AppData\Roaming\.#
[2012/05/20 14:11:32 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\2Flyer
[2012/01/18 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\2K Sports
[2012/01/11 22:54:27 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\4Front
[2012/01/06 14:26:18 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Atari
[2010/11/21 16:31:08 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\BlackBean
[2011/08/10 12:15:01 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Cakewalk
[2012/05/28 23:46:41 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\DAEMON Tools Lite
[2010/11/08 22:46:02 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\eSobi
[2011/08/19 17:29:09 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Free Audio Editor
[2010/11/08 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\GameConsole
[2011/07/14 23:01:47 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\GamesCafe
[2010/12/16 18:50:33 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\iFree
[2010/12/27 11:14:12 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Juce VST Host
[2011/08/07 14:32:53 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Leadertech
[2012/04/28 14:20:05 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Milestone
[2011/10/02 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\MotioninJoy
[2011/08/19 17:57:22 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Mp3 Audio Editor
[2012/03/12 21:53:16 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Mp3tag
[2011/03/23 15:52:19 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\PMS
[2010/11/08 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\PowerCinema
[2010/11/08 21:17:58 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\SoftDMA
[2010/12/07 15:30:34 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\SoundSpectrum
[2012/01/16 14:33:41 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Steinberg
[2011/03/28 21:30:13 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\StreamTorrent
[2012/05/20 14:21:42 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\TERMINAL Studio
[2011/09/16 13:03:36 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\TomTom
[2012/02/05 18:11:57 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\ultrastardx
[2012/05/29 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\uTorrent
[2011/07/16 16:10:26 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\ViquaSoft
[2011/12/09 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Visan
[2012/01/13 00:12:33 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\VST3 Presets
[2010/11/10 09:52:03 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\WINDEasyConnect
[2010/11/14 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Windows Live Writer
[2012/01/20 14:18:36 | 000,000,000 | ---D | M] -- C:\Users\Emanuele\AppData\Roaming\Yamaha
[2012/05/31 12:57:06 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/05/31 23:27:44 | 004,533,668 | R--- | M] (Swearware) MD5=BDD77CDF23498D491449A26A852D716B -- C:\Users\Emanuele\Desktop\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK5055GSX
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4,00GB
Starting Offset: 12889013760
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0,00GB
Starting Offset: 16647966720
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 450,00GB
Starting Offset: 16754895360
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Cronologia] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Dati applicazioni] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Dati applicazioni] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documenti] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Immagini] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Musica] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Video] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Impostazioni locali] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\Menu Avvio] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Modelli] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\System32\config\systemprofile\Recenti] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\Risorse di rete] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Risorse di stampa] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Cronologia] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Dati applicazioni] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Dati applicazioni] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documenti] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\Immagini] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\Musica] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\Video] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Impostazioni locali] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Menu Avvio] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Modelli] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recenti] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Risorse di rete] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Risorse di stampa] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA

< End of report >

#13 fly-free

fly-free
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 01 June 2012 - 08:16 AM

I remembered I ran OTL on my own the day I discovered the infection.

It made the extras log.

here it is:


OTL Extras logfile created on: 29/05/2012 14:51:27 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Emanuele\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,94 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 58,43% Memory free
7,87 Gb Paging File | 6,00 Gb Available in Paging File | 76,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 105,96 Gb Free Space | 23,54% Space Free | Partition Type: NTFS
Drive F: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: EMANUELE-PC | User Name: Emanuele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0109EC80-3243-3486-7966-38825D88DAEE}" = WMV9/VC-1 Video Playback
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A116A8-E559-488C-879C-B212F3EA963A}" = Far Cry (Patch 1.32 AMD64)
"{03634335-A984-FABC-EFDA-1A9663DB39CF}" = ATI Catalyst Install Manager
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Monitoraggio della tecnologia Intel® Turbo Boost
"{3D9BF6C6-5516-4407-BE71-A58A5E487682}" = Yamaha Steinberg USB Driver
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4E52A956-50D7-E70F-8E42-D828B7ED10B9}" = ccc-utility64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
"{8947C7C8-9D0D-DEE2-731D-89BA0A644A47}" = ATI AVIVO64 Codecs
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C9A5048A-26A6-440B-A059-9DF9956C4D44}" = Yamaha USB-MIDI Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042" = ENE CIR Receiver Driver
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026BAC3A-EE38-F6D5-17E4-A853C21A0433}" = Catalyst Control Center Graphics Previews Vista
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17C28D62-7955-4D8D-922B-7EA16FA9B7C5}" = Fingerprint Solution
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}" = EZXPercussion
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46CFD29F-0716-4B1E-B428-D974AFA76154}_is1" = XG-Wizard 2.01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-6B0A-4BB0-809F-AE1000038101}" = Microsoft Flight
"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Parser MSXML 4.0 SP2 e SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86E281A2-789D-E9CD-2876-EEE146AC5E08}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2007
"{90120000-0017-0410-0000-0000000FF1CE}_OMUI.it-it_{7B241DBB-A985-46B4-866B-DD59E0284032}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.it-it_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.it-it_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.it-it_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.it-it_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilitŕ per Office System 2007
"{90120000-002A-0410-1000-0000000FF1CE}_OMUI.it-it_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_OMUI.it-it_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2007
"{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2007
"{90120000-0101-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010
"{90140000-0015-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010
"{90140000-0016-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010
"{90140000-0018-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010
"{90140000-0019-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010
"{90140000-001A-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010
"{90140000-001B-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0410-1000-0000000FF1CE}_Office14.SingleImage_{6664EABC-4985-4C45-925C-6E23AB142266}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010
"{90140000-002C-0410-0000-0000000FF1CE}_Office14.SingleImage_{711BC808-AC64-48E2-82B2-6B53BB802142}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010
"{90140000-006E-0410-0000-0000000FF1CE}_Office14.SingleImage_{C9172EE7-BDCA-4E57-9217-4C589947298B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010
"{90140000-00A1-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Italian)
"{95140000-007A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A511F4E3-F03C-42FC-9F78-392E21FCBE0B}" = Acer Arcade Instant On
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{ADB51AB1-8838-1A26-3950-8F054143FBBE}" = Catalyst Control Center InstallProxy
"{B064BF5C-EBCC-449E-97F8-9E58310B8A96}" = Steinberg CI2 Extension 64bit
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5A56170-0EEC-A6A2-7E06-14CEE439279A}" = ccc-core-static
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1626BCB-9C3B-0E8F-853F-573180C42607}" = CCC Help English
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1" = GTR 2 1.0.0.0
"{D5D9291A-686F-43C3-ACAD-7B0252CF7786}_is1" = Cluedo Classic 1.0
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E0F07676-2C60-4465-A727-20DE3BFCABAC}" = Tony Hawks Pro Skater 4
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED387D9B-9B10-D971-6A8B-74F8094D4EA2}" = Catalyst Control Center Localization All
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE4086E1-FA7F-4A7A-8FC5-061337B5787E}" = PS3.ProxyServer
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Addictive Drums" = Addictive Drums
"Addictive Drums ADpak Retro_is1" = Addictive Drums ADpak Retro
"Addictive Drums Inno Setup_is1" = Addictive Drums 1.5.2
"Adobe AIR" = Adobe AIR
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"ASIO4ALL" = ASIO4ALL
"CDisplay_is1" = CDisplay 1.8
"Collab" = Collab
"DivX Setup.divx.com" = DivX Setup
"FL Studio 8" = FL Studio 8
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"FramefileWizard" = FramefileWizard
"G-Force" = G-Force
"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"GridVista" = Acer GridVista
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HSDPA USB Modem ALCATEL_is1" = HSDPA USB Modem version 4.167
"Identity Card" = Identity Card
"iFree Skype Recorder" = iFree Skype Recorder 4.0.9
"IL Download Manager" = IL Download Manager
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17C28D62-7955-4D8D-922B-7EA16FA9B7C5}" = Fingerprint Solution
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{3D9BF6C6-5516-4407-BE71-A58A5E487682}" = Yamaha Steinberg USB Driver
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"Interactive English" = Interactive English (Inserire il CD)
"LManager" = Launch Manager
"lmms" = LMMS 0.4.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.61.0.1400
"MathmosScreensaver" = MathmosScreensaver
"Mp3tag" = Mp3tag v2.49
"MyTomTom" = MyTomTom 3.1.0.530
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Service Center" = Native Instruments Service Center
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OMUI.it-it" = Microsoft Office Language Pack 2007 - Italian/Italiano
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"PS3 Media Server" = PS3 Media Server
"PSRUTI" = PSRUTI (remove only)
"PunkBusterSvc" = PunkBuster Services
"Pure Pinball Reloaded" = Pure Pinball Reloaded
"Race Injection_is1" = Race Injection
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"SONARX1Producer_x64_is1" = SONAR X1 Producer x64
"SopCast" = SopCast 3.2.9
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"StreamTorrent 1.0" = StreamTorrent 1.0
"Toxic Biohazard" = Toxic Biohazard
"UltraStar Deluxe" = UltraStar Deluxe
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 2.0.1
"WhiteCap" = WhiteCap
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/05/2011 04:55:30 | Computer Name = Emanuele-PC | Source = RasClient | ID = 20227
Description =

Error - 07/05/2011 12:53:31 | Computer Name = Emanuele-PC | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: svchost.exe_gpsvc,
versione: 6.1.7600.16385, timestamp: 0x4a5bc3c1 Nome del modulo che ha generato
l'errore: gpsvc.dll, versione: 6.1.7601.17514, timestamp: 0x4ce7c66a Codice eccezione:
0xc0000005 Offset errore 0x000000000005bfff ID processo che ha generato l'errore:
0x190 Ora di avvio dell'applicazione che ha generato l'errore: 0x01cc0ccbaa38e8c5
Percorso
dell'applicazione che ha generato l'errore: C:\Windows\system32\svchost.exe Percorso
del modulo che ha generato l'errore: c:\windows\system32\gpsvc.dll ID segnalazione:
8935034e-78ca-11e0-86f1-705ab60c6d90

Error - 11/05/2011 08:11:51 | Computer Name = Emanuele-PC | Source = RasClient | ID = 20227
Description =

Error - 11/05/2011 23:08:32 | Computer Name = Emanuele-PC | Source = RasClient | ID = 20227
Description =

Error - 11/05/2011 23:08:41 | Computer Name = Emanuele-PC | Source = RasClient | ID = 20227
Description =

Error - 11/05/2011 23:08:44 | Computer Name = Emanuele-PC | Source = RasClient | ID = 20227
Description =

Error - 11/05/2011 23:08:52 | Computer Name = Emanuele-PC | Source = RasClient | ID = 20227
Description =

Error - 19/05/2011 04:39:10 | Computer Name = Emanuele-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19/05/2011 04:39:10 | Computer Name = Emanuele-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 215469

Error - 19/05/2011 04:39:10 | Computer Name = Emanuele-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 215469

[ Media Center Events ]
Error - 07/05/2011 18:32:03 | Computer Name = Emanuele-PC | Source = MCUpdate | ID = 0
Description = 00:31:58 - Errore di connessione a Internet. 00:31:58 - Impossibile
contattare il server..

Error - 10/05/2011 14:15:39 | Computer Name = Emanuele-PC | Source = MCUpdate | ID = 0
Description = 20:15:34 - Errore di connessione a Internet. 20:15:34 - Impossibile
contattare il server..

Error - 11/01/2012 06:11:51 | Computer Name = Emanuele-PC | Source = MCUpdate | ID = 0
Description = 11:11:51 - Errore di connessione a Internet. 11:11:51 - Impossibile
contattare il server..

Error - 11/01/2012 15:07:33 | Computer Name = Emanuele-PC | Source = MCUpdate | ID = 0
Description = 20:07:32 - Errore di connessione a Internet. 20:07:32 - Impossibile
contattare il server..

Error - 21/01/2012 05:02:13 | Computer Name = Emanuele-PC | Source = MCUpdate | ID = 0
Description = 10:02:13 - Errore di connessione a Internet. 10:02:13 - Impossibile
contattare il server..

Error - 21/01/2012 08:55:34 | Computer Name = Emanuele-PC | Source = MCUpdate | ID = 0
Description = 13:55:34 - Errore di connessione a Internet. 13:55:34 - Impossibile
contattare il server..

Error - 26/01/2012 07:29:50 | Computer Name = Emanuele-PC | Source = MCUpdate | ID = 0
Description = 12:29:50 - Errore di connessione a Internet. 12:29:50 - Impossibile
contattare il server..

Error - 26/01/2012 08:30:01 | Computer Name = Emanuele-PC | Source = MCUpdate | ID = 0
Description = 13:30:01 - Errore di connessione a Internet. 13:30:01 - Impossibile
contattare il server..

Error - 31/01/2012 09:06:09 | Computer Name = Emanuele-PC | Source = MCUpdate | ID = 0
Description = 14:06:09 - Errore di connessione a Internet. 14:06:09 - Impossibile
contattare il server..

Error - 20/02/2012 06:34:29 | Computer Name = Emanuele-PC | Source = MCUpdate | ID = 0
Description = 11:34:29 - Errore di connessione a Internet. 11:34:29 - Impossibile
contattare il server..

[ System Events ]
Error - 29/05/2012 07:52:44 | Computer Name = Emanuele-PC | Source = ipnathlp | ID = 34001
Description =

Error - 29/05/2012 07:52:44 | Computer Name = Emanuele-PC | Source = ipnathlp | ID = 34001
Description =

Error - 29/05/2012 08:27:25 | Computer Name = Emanuele-PC | Source = Service Control Manager | ID = 7023
Description = Servizio Pubblicazione risorse per individuazione terminato con l'errore:
%%-2147024891

Error - 29/05/2012 08:27:26 | Computer Name = Emanuele-PC | Source = Service Control Manager | ID = 7003
Description = Il servizio Moduli di impostazione chiavi IPSec IKE e Auth-IP dipende
dal servizio BFE, che potrebbe non essere installato.

Error - 29/05/2012 08:27:26 | Computer Name = Emanuele-PC | Source = Service Control Manager | ID = 7003
Description = Il servizio Agente criteri IPsec dipende dal servizio BFE, che potrebbe
non essere installato.

Error - 29/05/2012 08:27:26 | Computer Name = Emanuele-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Raw Socket Service.

Error - 29/05/2012 08:27:26 | Computer Name = Emanuele-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio Raw Socket Service non č stato avviato per il seguente
errore: %%1053

Error - 29/05/2012 08:27:28 | Computer Name = Emanuele-PC | Source = Service Control Manager | ID = 7023
Description = Servizio Browser di computer terminato con l'errore: %%1060

Error - 29/05/2012 08:27:57 | Computer Name = Emanuele-PC | Source = Service Control Manager | ID = 7023
Description = Servizio Pubblicazione risorse per individuazione terminato con l'errore:
%%-2147024891

Error - 29/05/2012 08:27:57 | Computer Name = Emanuele-PC | Source = Service Control Manager | ID = 7001
Description = Il servizio Provider Gruppo Home dipende dal servizio Pubblicazione
risorse per individuazione che non č stato avviato per il seguente errore: %%-2147024891


< End of report >

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:13 PM

Posted 01 June 2012 - 02:56 PM

Please run the following:

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Windows\System32\consrv.dll

end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-4124771047-1836047825-3481439714-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    [2010/11/08 21:57:28 | 000,000,000 | -HSD | M] -- C:\Users\Emanuele\AppData\Roaming\.#
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log



NEXT

Please give ComboFix another try > give it lots of time to complete > make sure your security programs are disabled so they don't interfere

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 fly-free

fly-free
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 01 June 2012 - 05:44 PM

I ran frst64 with the fix.
Reboot ok.
log:

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 29-05-2012 02
Ran by SYSTEM at 2012-06-01 22:22:07 Run:2
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\consrv.dll not found.

==== End of Fixlog ====




than OTL with the fix.
All ran ok but there was no log.


Than I tried to run Combofix again both normal and in safe mode, but nothing. It doesn't run as before.

I'm starting to think if it's better to format the drive and reinstall all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users