1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In a laptop recently infected by ransomware, all boots into safe modes end in BSOD 7B

Discussion in 'Virus & Other Malware Removal' started by Tecnico Italiano, Jan 24, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Tecnico Italiano

    Tecnico Italiano Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    34
    In a laptop recently infected by ransomware, XP boots normally but with RUNDLL error messages, but all boots into safe modes end in BSOD 7B

    Computer: Acer TravelMate 4070
    System name: ACER-CD38DA1573
    BIOS: §Acer 3°18, 21 Feb. 2006
    SMBIOS version: 2.31
    OS: Windows XP Home Edition, Vesion 5.1 (Build 2600.xpsp_sp3_gdr.120821-1629 : Service Pack 3) (Italian language version)
    Antivirus: originally NOD32 (Italian), now AVG 2013 Free (Italian)

    I am trying to fix the Acer laptop of a friend here in Italy. Giuseppe is a bookkeeper and does not visit the usual infected sites, but recently he booted up his computer and found it locked with a spash screen declaring, “Il vostro computer è stato bloccato.” This is an Italian ransomware that surfaced in December 2012 and presently is hitting computers that visit contaminated websites in Italy. Because it is extremely convincing it has apparently encouraged a lot of copycat imitations, since there appear to be several variants now in circulation. And because it is brand new, extremely devious, and mostly limited to Italian computers, the major antivirus firms do not seem to have produced specific removal tools for it yet. The only help I have found online for how to remove it are some sets of instructions here and there, some of them including a custom removal tool to download.

    Giuseppe told me that he recently saw the ransomware splash screen on startup, but when he rebooted it the screen did not appear again. For protection he was using Windows Firewall and NOD32 Antivirus (Italian version), but no scan of the computer had been performed since September.

    The computer starts up correctly in normal mode, but after the XP desktop appears, and just before the NOD32 logo appears in the middle of the screen, one hears an error tone and the following two popup windows appear (but in Italian):

    RUNDLL
    There was a problem starting C:\DOCUME~1\Giuseppe\IMPOST~1\Temp\deo0_sar.exe
    The specified module could not be found.

    RUNDLL
    There was a problem starting C:\DOCUME~1\Giuseppe\wgsdgsdgsdgsd.exe
    The specified module could not be found.

    The first thing I did was create a restore point, and then a backup of the registry. Then I looked up online the two files mentioned above, and found that, as expected, they are two variants of the “Il vostro computer è stato bloccato” ransomware virus. I searched the registry for any sign of them: there was no sign of the first one, but the second one was found in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, so I deleted it as per the instructions that one can find online for removing this virus.

    I rebooted into XP normally, and got the same two RUNDLL popups. I then tried rebooting into safe mode, but for all three of the safe modes I ended up with a blue screen of death (STOP 0x0000007B), and after half a second the computer began booting up again into XP normally.

    The instructions available online for removing the “Il vostro computer...” virus say that some variants block attempts to boot into safe mode, so I rebooted into normal mode, went online to update the antivirus software already installed (NOD32, Italian version), and performed a full scan. The scan found 47 items, including 8 or 9 Trojans, and I had NOD eliminate all of them. But after rebooting the laptop the situation was the same: booting into XP normally produces two RUNDLL popups, while booting into any of the safe modes produces BSOD 7B for half a second and then an automatic reboot.

    I saw this virus two weeks ago on another computer, and usually it does not let the user do anything at all in normal mode. On this Acer, aside from the two RUNDLL popups everything else worked fine in normal mode, so I thought that maybe NOD32 had previously deleted the main parts of the virus(es) but left behind some processes that invoked those main parts. In particular, the answers at answers.microsoft.com indicate that a BSOD 7B when booting into safe mode is typically caused by a virus, and Microsoft suggests downloading and installing any commercial antivirus software.

    So I removed NOD32 (free, Italian version) and installed AVG 2013 Free (Italian version), and downloaded all of the updates for that. I ran a very complete scan (twice) of the entire computer using AVG, but found nothing but two tracking cookies. And even after the scan the situation is the same: two RUNDLL popups when booting into XP normally, BSOD 7B when booting into any of the safe modes.

    Looking around online I saw someone claiming that BSOD 7B can be caused by a corrupted boot sector, so I opened a DOS prompt in Windows (cmd.exe) and ran “chkdsk C: /r”, but no errors were found. In any case, since the computer boots just fine into ordinary XP, I suspect that the inability to boot into the safe modes is not the result of a corrupted boot sector.

    I have tried everything, and I am convinced that there are still some high-level pieces of this ransomware (perhaps two variants, one blocking the other) that NOD32 and AVG have not been able to find (or even see), but I have run out of ideas for how to track them down. Although the computer now functions just fine as it is, I am afraid that if Giuseppe bumps into this “Il vostro computer...” virus again then he will lose XP’s normal mode, so that with all of the safe modes already blocked he will have no way to remove the virus. So I would be very grateful for any suggestions.

    Thanks! :)

    ==============================
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23.54.07, on 24/01/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\Programmi\AVG\AVG2013\AVGRSX.EXE
    C:\Programmi\AVG\AVG2013\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\AVG\AVG2013\avgidsagent.exe
    C:\Programmi\AVG\AVG2013\avgwdsvc.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\RegService.exe
    C:\Programmi\AVG\AVG2013\avgnsx.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\AVG\AVG2013\avgemcx.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\admtray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
    C:\Programmi\Ask.com\Updater\Updater.exe
    C:\Programmi\File comuni\Java\Java Update\jusched.exe
    C:\Programmi\AVG\AVG2013\avgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Giuseppe\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=320d180e00000000000000166f269174&tlver=1.4.19.19&ss=1&affID=17982
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
    R3 - URLSearchHook: ST-IT2 Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\prxtbSof0.dll
    R3 - URLSearchHook: pc gear it Toolbar - {fde1c224-0b9c-46b2-8fca-8945bcf8d4cb} - C:\Programmi\pc_gear_it\prxtbpc_0.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: ST-IT2 - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\prxtbSof0.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: pc gear it - {fde1c224-0b9c-46b2-8fca-8945bcf8d4cb} - C:\Programmi\pc_gear_it\prxtbpc_0.dll
    O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
    O3 - Toolbar: ST-IT2 Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Programmi\Softonic-IT\prxtbSof0.dll
    O3 - Toolbar: pc gear it Toolbar - {fde1c224-0b9c-46b2-8fca-8945bcf8d4cb} - C:\Programmi\pc_gear_it\prxtbpc_0.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [Italiano clic] C:\PROGRA~1\Garzanti Linguistica\Italiano Clic\vb\ItaTray.exe /w
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Programmi\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: ctfmon.lnk = C:\WINDOWS\system32\rundll32.exe
    O4 - Startup: runctf.lnk = C:\WINDOWS\system32\rundll32.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Communication Modem Device Manager II - Unknown owner - C:\WINDOWS\system32\RegService.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Plug and Play Manager (PlugPlayCM) - Unknown owner - C:\WINDOWS\system32\serivces.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 11353 bytes

    ==============================
    DDS (Ver_2012-11-20.01) - FAT32_x86
    Internet Explorer: 8.0.6001.18702
    Run by Giuseppe at 23:55:50 on 2013-01-24
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.447 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\RegService.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\admtray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
    C:\Programmi\Ask.com\Updater\Updater.exe
    C:\Programmi\File comuni\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.it/
    uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
    mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=320d180e00000000000000166f269174&tlver=1.4.19.19&ss=1&affID=17982
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\programmi\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: ST-IT2 Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - c:\programmi\softonic-it\prxtbSof0.dll
    uURLSearchHooks: pc gear it Toolbar: {fde1c224-0b9c-46b2-8fca-8945bcf8d4cb} - c:\programmi\pc_gear_it\prxtbpc_0.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\programmi\file comuni\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programmi\java\jre6\bin\ssv.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programmi\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programmi\java\jre6\bin\jp2ssv.dll
    BHO: ST-IT2 Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - c:\programmi\softonic-it\prxtbSof0.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: pc gear it Toolbar: {fde1c224-0b9c-46b2-8fca-8945bcf8d4cb} - c:\programmi\pc_gear_it\prxtbpc_0.dll
    TB: ST-IT2 Toolbar: {E3393495-8103-46A0-8181-270273EDDD60} - c:\programmi\softonic-it\prxtbSof0.dll
    TB: pc gear it Toolbar: {FDE1C224-0B9C-46B2-8FCA-8945BCF8D4CB} - c:\programmi\pc_gear_it\prxtbpc_0.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programmi\ask.com\GenericAskToolbar.dll
    TB: Acer eDataSecurity Management: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - c:\windows\system32\ToolBand.dll
    TB: ST-IT2 Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - c:\programmi\softonic-it\prxtbSof0.dll
    TB: pc gear it Toolbar: {fde1c224-0b9c-46b2-8fca-8945bcf8d4cb} - c:\programmi\pc_gear_it\prxtbpc_0.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\programmi\ask.com\GenericAskToolbar.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programmi\file comuni\ahead\lib\NMBgMonitor.exe"
    uRun: [MSMSGS] "c:\programmi\messenger\msmsgs.exe" /background
    mRun: [LaunchApp] Alaunch
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [RemoteControl] c:\programmi\cyberlink\powerdvd\PDVDServ.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [EPM-DM] c:\acer\empowering technology\epower\epm-dm.exe
    mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
    mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
    mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
    mRun: [Italiano clic] c:\progra~1\garzanti linguistica\italiano clic\vb\ItaTray.exe /w
    mRun: [GrooveMonitor] "c:\programmi\microsoft office\office12\GrooveMonitor.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [NBKeyScan] "c:\programmi\nero\nero 7\nero backitup\NBKeyScan.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\programmi\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\programmi\file comuni\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ApnUpdater] "c:\programmi\ask.com\updater\Updater.exe"
    mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"
    mRun: [AVG_UI] "c:\programmi\avg\avg2013\avgui.exe" /TRAYONLY
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\giuseppe\menuav~1\progra~1\esecuz~1\adobeg~1.lnk - c:\programmi\file comuni\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\giuseppe\menuav~1\progra~1\esecuz~1\ctfmon.lnk - c:\windows\system32\rundll32.exe
    StartupFolder: c:\docume~1\giuseppe\menuav~1\progra~1\esecuz~1\runctf.lnk - c:\windows\system32\rundll32.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
    IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\programmi\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 193.70.152.15 212.52.97.15 192.168.1.1
    TCP: Interfaces\{FD52F3A1-89EA-4B18-9A3D-B0D5D70D6116} : DHCPNameServer = 193.70.152.15 212.52.97.15 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programmi\microsoft office\office12\GrooveSystemServices.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\programmi\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R2 AVGIDSAgent;AVGIDSAgent;c:\programmi\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;c:\programmi\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
    R2 Communication Modem Device Manager II;Communication Modem Device Manager II;c:\windows\system32\RegService.exe [2010-7-28 135168]
    R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 80000]
    S2 PlugPlayCM;Plug and Play Manager;"c:\windows\system32\serivces.exe" --> c:\windows\system32\serivces.exe [?]
    S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\drivers\cmusbser.sys [2010-7-28 103552]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-27 32512]
    S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [2010-9-1 85888]
    S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [2010-9-1 50304]
    S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [2010-9-1 9728]
    .
    =============== Created Last 30 ================
    .
    2013-01-24 12:29:19 -------- d-----w- c:\programmi\file comuni\Wise Installation Wizard
    2013-01-24 03:50:34 -------- d-----w- c:\documents and settings\all users\dati applicazioni\AVG January 2013 Campaign
    2013-01-23 16:38:29 -------- d-----w- c:\documents and settings\giuseppe\dati applicazioni\AVG2013
    2013-01-23 16:37:39 -------- d-----w- c:\documents and settings\giuseppe\dati applicazioni\TuneUp Software
    2013-01-23 16:37:05 -------- d--h--w- C:\$AVG
    2013-01-23 16:37:05 -------- d-----w- c:\documents and settings\all users\dati applicazioni\AVG2013
    2013-01-23 16:36:23 -------- d-----w- c:\programmi\AVG
    2013-01-23 16:11:21 -------- d--h--w- c:\documents and settings\all users\dati applicazioni\Common Files
    2013-01-23 16:11:21 -------- d-----w- c:\documents and settings\giuseppe\impostazioni locali\dati applicazioni\MFAData
    2013-01-23 16:11:21 -------- d-----w- c:\documents and settings\giuseppe\impostazioni locali\dati applicazioni\Avg2013
    2013-01-23 16:11:21 -------- d-----w- c:\documents and settings\all users\dati applicazioni\MFAData
    2013-01-23 12:16:54 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2013-01-23 10:49:22 -------- d-sh--w- C:\FOUND.001
    .
    ==================== Find3M ====================
    .
    2013-01-23 12:17:26 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-23 12:17:26 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-16 12:24:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 11:55:46 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:36 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:32 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:56 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 23.56.44,10 ===============

    ==============================
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 27/07/2010 18.20.42
    System Uptime: 24/01/2013 23.35.13 (0 hours ago)
    .
    Motherboard: Acer, Inc. | | Lugano3
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | U1 | 1733/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (FAT32) - 34 GiB total, 5,857 GiB free.
    D: is FIXED (NTFS) - 40 GiB total, 40,172 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP359: 27/10/2012 1.53.35 - Punto di arresto del sistema
    RP360: 29/10/2012 1.59.26 - Punto di arresto del sistema
    RP361: 31/10/2012 13.29.55 - Punto di arresto del sistema
    RP362: 04/11/2012 4.08.04 - Punto di arresto del sistema
    RP363: 05/11/2012 13.29.34 - Punto di arresto del sistema
    RP364: 07/11/2012 1.18.04 - Punto di arresto del sistema
    RP365: 09/11/2012 4.25.46 - Punto di arresto del sistema
    RP366: 12/11/2012 12.58.46 - Punto di arresto del sistema
    RP367: 14/11/2012 0.27.18 - Punto di arresto del sistema
    RP368: 15/11/2012 23.44.37 - Punto di arresto del sistema
    RP369: 16/11/2012 22.45.29 - Software Distribution Service 3.0
    RP370: 18/11/2012 2.25.46 - Punto di arresto del sistema
    RP371: 22/11/2012 13.05.15 - Punto di arresto del sistema
    RP372: 23/11/2012 16.59.55 - Punto di arresto del sistema
    RP373: 24/11/2012 18.22.54 - Punto di arresto del sistema
    RP374: 27/11/2012 13.21.03 - Punto di arresto del sistema
    RP375: 28/11/2012 17.43.38 - Punto di arresto del sistema
    RP376: 01/12/2012 0.15.03 - Punto di arresto del sistema
    RP377: 03/12/2012 0.43.43 - Punto di arresto del sistema
    RP378: 06/12/2012 13.15.04 - Punto di arresto del sistema
    RP379: 08/12/2012 19.50.42 - Punto di arresto del sistema
    RP380: 10/12/2012 3.12.05 - Punto di arresto del sistema
    RP381: 13/12/2012 0.29.26 - Software Distribution Service 3.0
    RP382: 14/12/2012 11.42.51 - Punto di arresto del sistema
    RP383: 15/12/2012 19.31.45 - Punto di arresto del sistema
    RP384: 21/12/2012 14.23.59 - Software Distribution Service 3.0
    RP385: 01/01/2013 17.52.11 - Punto di arresto del sistema
    RP386: 03/01/2013 12.46.18 - Punto di arresto del sistema
    RP387: 05/01/2013 16.46.13 - Software Distribution Service 3.0
    RP388: 23/01/2013 10.41.19 - Ripristino fatto da Mark prima di rimozione virus "Il vostro computer è stato bloccato"
    RP389: 23/01/2013 16.44.00 - Software Distribution Service 3.0
    RP390: 23/01/2013 17.36.19 - AVG 2013 installato
    RP391: 23/01/2013 17.36.47 - AVG 2013 installato
    RP392: 24/01/2013 22.49.55 - Punto di arresto del sistema
    RP393: 24/01/2013 23.14.38 - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Acer eDataSecurity Management
    Acer eDataSecurity Management 1.00.23
    Acer eLock Management
    Acer Empowering Technology framework
    Acer eNet Management
    Acer ePerformance Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Acer Screensaver
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9.4.7 - Italiano
    Adobe Reader 9.5.2 - Italiano
    Adobe Stock Photos 1.0
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2416400)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2482017)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2497640)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2510531)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2530548)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2544521)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2559049)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2586448)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2647516)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2675157)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2699988)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2722913)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2744842)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2761465)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB2799329)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB981332)
    Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381)
    Aggiornamento della protezione per Windows Media Player (KB2378111)
    Aggiornamento della protezione per Windows Media Player (KB952069)
    Aggiornamento della protezione per Windows Media Player (KB954155)
    Aggiornamento della protezione per Windows Media Player (KB973540)
    Aggiornamento della protezione per Windows Media Player (KB975558)
    Aggiornamento della protezione per Windows Media Player (KB978695)
    Aggiornamento della protezione per Windows Media Player 11 (KB954154)
    Aggiornamento della protezione per Windows XP (KB2079403)
    Aggiornamento della protezione per Windows XP (KB2115168)
    Aggiornamento della protezione per Windows XP (KB2121546)
    Aggiornamento della protezione per Windows XP (KB2229593)
    Aggiornamento della protezione per Windows XP (KB2259922)
    Aggiornamento della protezione per Windows XP (KB2286198)
    Aggiornamento della protezione per Windows XP (KB2296011)
    Aggiornamento della protezione per Windows XP (KB2296199)
    Aggiornamento della protezione per Windows XP (KB2347290)
    Aggiornamento della protezione per Windows XP (KB2360937)
    Aggiornamento della protezione per Windows XP (KB2387149)
    Aggiornamento della protezione per Windows XP (KB2393802)
    Aggiornamento della protezione per Windows XP (KB2412687)
    Aggiornamento della protezione per Windows XP (KB2419632)
    Aggiornamento della protezione per Windows XP (KB2423089)
    Aggiornamento della protezione per Windows XP (KB2436673)
    Aggiornamento della protezione per Windows XP (KB2440591)
    Aggiornamento della protezione per Windows XP (KB2443105)
    Aggiornamento della protezione per Windows XP (KB2476490)
    Aggiornamento della protezione per Windows XP (KB2476687)
    Aggiornamento della protezione per Windows XP (KB2478960)
    Aggiornamento della protezione per Windows XP (KB2478971)
    Aggiornamento della protezione per Windows XP (KB2479628)
    Aggiornamento della protezione per Windows XP (KB2479943)
    Aggiornamento della protezione per Windows XP (KB2481109)
    Aggiornamento della protezione per Windows XP (KB2483185)
    Aggiornamento della protezione per Windows XP (KB2485376)
    Aggiornamento della protezione per Windows XP (KB2485663)
    Aggiornamento della protezione per Windows XP (KB2491683)
    Aggiornamento della protezione per Windows XP (KB2503658)
    Aggiornamento della protezione per Windows XP (KB2503665)
    Aggiornamento della protezione per Windows XP (KB2506212)
    Aggiornamento della protezione per Windows XP (KB2506223)
    Aggiornamento della protezione per Windows XP (KB2507618)
    Aggiornamento della protezione per Windows XP (KB2507938)
    Aggiornamento della protezione per Windows XP (KB2508272)
    Aggiornamento della protezione per Windows XP (KB2508429)
    Aggiornamento della protezione per Windows XP (KB2509553)
    Aggiornamento della protezione per Windows XP (KB2511455)
    Aggiornamento della protezione per Windows XP (KB2524375)
    Aggiornamento della protezione per Windows XP (KB2535512)
    Aggiornamento della protezione per Windows XP (KB2536276-v2)
    Aggiornamento della protezione per Windows XP (KB2536276)
    Aggiornamento della protezione per Windows XP (KB2544893-v2)
    Aggiornamento della protezione per Windows XP (KB2544893)
    Aggiornamento della protezione per Windows XP (KB2555917)
    Aggiornamento della protezione per Windows XP (KB2562937)
    Aggiornamento della protezione per Windows XP (KB2566454)
    Aggiornamento della protezione per Windows XP (KB2567053)
    Aggiornamento della protezione per Windows XP (KB2567680)
    Aggiornamento della protezione per Windows XP (KB2570222)
    Aggiornamento della protezione per Windows XP (KB2570947)
    Aggiornamento della protezione per Windows XP (KB2584146)
    Aggiornamento della protezione per Windows XP (KB2585542)
    Aggiornamento della protezione per Windows XP (KB2592799)
    Aggiornamento della protezione per Windows XP (KB2598479)
    Aggiornamento della protezione per Windows XP (KB2603381)
    Aggiornamento della protezione per Windows XP (KB2618451)
    Aggiornamento della protezione per Windows XP (KB2619339)
    Aggiornamento della protezione per Windows XP (KB2620712)
    Aggiornamento della protezione per Windows XP (KB2621440)
    Aggiornamento della protezione per Windows XP (KB2624667)
    Aggiornamento della protezione per Windows XP (KB2631813)
    Aggiornamento della protezione per Windows XP (KB2633171)
    Aggiornamento della protezione per Windows XP (KB2639417)
    Aggiornamento della protezione per Windows XP (KB2641653)
    Aggiornamento della protezione per Windows XP (KB2646524)
    Aggiornamento della protezione per Windows XP (KB2647518)
    Aggiornamento della protezione per Windows XP (KB2653956)
    Aggiornamento della protezione per Windows XP (KB2655992)
    Aggiornamento della protezione per Windows XP (KB2659262)
    Aggiornamento della protezione per Windows XP (KB2660465)
    Aggiornamento della protezione per Windows XP (KB2661637)
    Aggiornamento della protezione per Windows XP (KB2676562)
    Aggiornamento della protezione per Windows XP (KB2685939)
    Aggiornamento della protezione per Windows XP (KB2686509)
    Aggiornamento della protezione per Windows XP (KB2691442)
    Aggiornamento della protezione per Windows XP (KB2695962)
    Aggiornamento della protezione per Windows XP (KB2698365)
    Aggiornamento della protezione per Windows XP (KB2705219)
    Aggiornamento della protezione per Windows XP (KB2707511)
    Aggiornamento della protezione per Windows XP (KB2712808)
    Aggiornamento della protezione per Windows XP (KB2718523)
    Aggiornamento della protezione per Windows XP (KB2719985)
    Aggiornamento della protezione per Windows XP (KB2723135)
    Aggiornamento della protezione per Windows XP (KB2724197)
    Aggiornamento della protezione per Windows XP (KB2727528)
    Aggiornamento della protezione per Windows XP (KB2731847)
    Aggiornamento della protezione per Windows XP (KB2753842-v2)
    Aggiornamento della protezione per Windows XP (KB2753842)
    Aggiornamento della protezione per Windows XP (KB2757638)
    Aggiornamento della protezione per Windows XP (KB2758857)
    Aggiornamento della protezione per Windows XP (KB2761226)
    Aggiornamento della protezione per Windows XP (KB2770660)
    Aggiornamento della protezione per Windows XP (KB2779030)
    Aggiornamento della protezione per Windows XP (KB923561)
    Aggiornamento della protezione per Windows XP (KB941569)
    Aggiornamento della protezione per Windows XP (KB946648)
    Aggiornamento della protezione per Windows XP (KB950762)
    Aggiornamento della protezione per Windows XP (KB950974)
    Aggiornamento della protezione per Windows XP (KB951376-v2)
    Aggiornamento della protezione per Windows XP (KB951748)
    Aggiornamento della protezione per Windows XP (KB952004)
    Aggiornamento della protezione per Windows XP (KB952954)
    Aggiornamento della protezione per Windows XP (KB955069)
    Aggiornamento della protezione per Windows XP (KB956572)
    Aggiornamento della protezione per Windows XP (KB956744)
    Aggiornamento della protezione per Windows XP (KB956802)
    Aggiornamento della protezione per Windows XP (KB956803)
    Aggiornamento della protezione per Windows XP (KB956844)
    Aggiornamento della protezione per Windows XP (KB958644)
    Aggiornamento della protezione per Windows XP (KB958869)
    Aggiornamento della protezione per Windows XP (KB959426)
    Aggiornamento della protezione per Windows XP (KB960225)
    Aggiornamento della protezione per Windows XP (KB960803)
    Aggiornamento della protezione per Windows XP (KB960859)
    Aggiornamento della protezione per Windows XP (KB961501)
    Aggiornamento della protezione per Windows XP (KB969059)
    Aggiornamento della protezione per Windows XP (KB970238)
    Aggiornamento della protezione per Windows XP (KB970430)
    Aggiornamento della protezione per Windows XP (KB971468)
    Aggiornamento della protezione per Windows XP (KB971657)
    Aggiornamento della protezione per Windows XP (KB972270)
    Aggiornamento della protezione per Windows XP (KB973507)
    Aggiornamento della protezione per Windows XP (KB973869)
    Aggiornamento della protezione per Windows XP (KB973904)
    Aggiornamento della protezione per Windows XP (KB974112)
    Aggiornamento della protezione per Windows XP (KB974318)
    Aggiornamento della protezione per Windows XP (KB974392)
    Aggiornamento della protezione per Windows XP (KB974571)
    Aggiornamento della protezione per Windows XP (KB975025)
    Aggiornamento della protezione per Windows XP (KB975467)
    Aggiornamento della protezione per Windows XP (KB975560)
    Aggiornamento della protezione per Windows XP (KB975561)
    Aggiornamento della protezione per Windows XP (KB975562)
    Aggiornamento della protezione per Windows XP (KB975713)
    Aggiornamento della protezione per Windows XP (KB977816)
    Aggiornamento della protezione per Windows XP (KB977914)
    Aggiornamento della protezione per Windows XP (KB978037)
    Aggiornamento della protezione per Windows XP (KB978338)
    Aggiornamento della protezione per Windows XP (KB978542)
    Aggiornamento della protezione per Windows XP (KB978601)
    Aggiornamento della protezione per Windows XP (KB978706)
    Aggiornamento della protezione per Windows XP (KB979309)
    Aggiornamento della protezione per Windows XP (KB979482)
    Aggiornamento della protezione per Windows XP (KB979559)
    Aggiornamento della protezione per Windows XP (KB979683)
    Aggiornamento della protezione per Windows XP (KB979687)
    Aggiornamento della protezione per Windows XP (KB980195)
    Aggiornamento della protezione per Windows XP (KB980218)
    Aggiornamento della protezione per Windows XP (KB980232)
    Aggiornamento della protezione per Windows XP (KB980436)
    Aggiornamento della protezione per Windows XP (KB981322)
    Aggiornamento della protezione per Windows XP (KB981852)
    Aggiornamento della protezione per Windows XP (KB981997)
    Aggiornamento della protezione per Windows XP (KB982132)
    Aggiornamento della protezione per Windows XP (KB982214)
    Aggiornamento della protezione per Windows XP (KB982381)
    Aggiornamento della protezione per Windows XP (KB982665)
    Aggiornamento della sicurezza per Microsoft Windows (KB2564958)
    Aggiornamento per Windows Internet Explorer 8 (KB2598845)
    Aggiornamento per Windows Internet Explorer 8 (KB976662)
    Aggiornamento per Windows XP (KB2141007)
    Aggiornamento per Windows XP (KB2345886)
    Aggiornamento per Windows XP (KB2467659)
    Aggiornamento per Windows XP (KB2541763)
    Aggiornamento per Windows XP (KB2607712)
    Aggiornamento per Windows XP (KB2616676)
    Aggiornamento per Windows XP (KB2641690)
    Aggiornamento per Windows XP (KB2661254-v2)
    Aggiornamento per Windows XP (KB2718704)
    Aggiornamento per Windows XP (KB2736233)
    Aggiornamento per Windows XP (KB2749655)
    Aggiornamento per Windows XP (KB951978)
    Aggiornamento per Windows XP (KB955759)
    Aggiornamento per Windows XP (KB967715)
    Aggiornamento per Windows XP (KB968389)
    Aggiornamento per Windows XP (KB971029)
    Aggiornamento per Windows XP (KB971737)
    Aggiornamento per Windows XP (KB973687)
    Aggiornamento per Windows XP (KB973815)
    Aggiornamento rapido per Windows Media Player 11 (KB939683)
    Aggiornamento rapido per Windows XP (KB2443685)
    Aggiornamento rapido per Windows XP (KB2570791)
    Aggiornamento rapido per Windows XP (KB2633952)
    Aggiornamento rapido per Windows XP (KB2756822)
    Aggiornamento rapido per Windows XP (KB2779562)
    Aggiornamento rapido per Windows XP (KB942288-v3)
    Aggiornamento rapido per Windows XP (KB952287)
    Aggiornamento rapido per Windows XP (KB961118)
    Aggiornamento rapido per Windows XP (KB981793)
    ArcGIS Explorer
    AVG 2013
    Chicken Invaders 3
    Defraggler
    Google Earth Plug-in
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Italiano <clic>
    Java Auto Updater
    Java(TM) 6 Update 31
    K-Lite Mega Codec Pack 4.1.7
    Launch Manager
    mCore
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 - Language Pack (italiano)
    Microsoft .NET Framework 2.0 Language Pack - ITA
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (Italian) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Italian) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (Italian) 2007
    Microsoft Office InfoPath MUI (Italian) 2007
    Microsoft Office OneNote MUI (Italian) 2007
    Microsoft Office Outlook MUI (Italian) 2007
    Microsoft Office PowerPoint MUI (Italian) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Italian) 2007
    Microsoft Office Proofing (Italian) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (Italian) 2007
    Microsoft Office Shared MUI (Italian) 2007
    Microsoft Office Word MUI (Italian) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (Italian) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    mMHouse
    mPfMgr
    mProSafe
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    mWlsSafe
    mXML
    Nero Suite
    Nota
    PC Connectivity Solution
    pc gear it Toolbar
    PDF-Viewer
    Pdf995
    PDFCreator
    PowerDVD
    programma di aggiornamento Tracker Toolbar Updater
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Windows Search 4 - KB963093
    Softonic-IT Toolbar
    Software Intel(R) PROSet/Wireless
    Tetti e coperture
    Tracker Toolbar
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    VBA (2627.01)
    VBA (2627.3)
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Detect
    ZipGenius 6 (6.3.1.2640)
    .
    ==== End Of File ===========================

    ==============================
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-25 00:05:06
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS421280H9AT00 rev.HA3OA70S 74,53GB
    Running: GMER - c32wy21v.exe; Driver: C:\DOCUME~1\Giuseppe\IMPOST~1\Temp\awldrfoc.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xF6BF714A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xF6BF721A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF6BF6D7C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0xF6BF6F6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0xF6BF7000]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF6BF6E32]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF6BF6ECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF6BF709C]

    ---- Kernel code sections - GMER 2.0 ----

    ? C:\DOCUME~1\Giuseppe\IMPOST~1\Temp\mbr.sys Impossibile trovare il file specificato. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Programmi\Internet Explorer\iexplore.exe[636] ADVAPI32.dll!RegSetValueExW 77F4D767 7 Bytes JMP 03A81CC0 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] ADVAPI32.dll!RegSetValueExA 77F4EAE7 7 Bytes JMP 03A81C00 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] ADVAPI32.dll!RegSetValueA 77F6C79E 5 Bytes JMP 03A81A80 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] ADVAPI32.dll!RegSetValueW 77FA6116 5 Bytes JMP 03A81B40 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 058C1E90 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\Softonic-IT\tbSof2.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 058C21F0 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\Softonic-IT\tbSof2.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40389AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4037D12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4038DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 402F466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4048725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40487191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 058C2100 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\Softonic-IT\tbSof2.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!CreateDialogParamA 7E3BC7DB 5 Bytes JMP 058C2010 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\Softonic-IT\tbSof2.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!MessageBoxA 7E3D07EA 5 Bytes JMP 058C2370 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\Softonic-IT\tbSof2.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40487062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 404870C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 404872C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 03A81170 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40487126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!MessageBoxW 7E3E6534 5 Bytes JMP 058C2450 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\Softonic-IT\tbSof2.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 03A812D0 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] ole32.dll!CoCreateInstance 774CF1BC 5 Bytes JMP 4038DB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[636] ole32.dll!OleLoadFromStream 774F983B 5 Bytes JMP 404875C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] ADVAPI32.dll!RegSetValueExW 77F4D767 7 Bytes JMP 04051CC0 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] ADVAPI32.dll!RegSetValueExA 77F4EAE7 7 Bytes JMP 04051C00 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] ADVAPI32.dll!RegSetValueA 77F6C79E 5 Bytes JMP 04051A80 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] ADVAPI32.dll!RegSetValueW 77FA6116 5 Bytes JMP 04051B40 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 04051E90 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 040521F0 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4038DB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4048725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40487191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 04052100 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!CreateDialogParamA 7E3BC7DB 5 Bytes JMP 04052010 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!MessageBoxA 7E3D07EA 5 Bytes JMP 04052370 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40487062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 404870C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 404872C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 04051170 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40487126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!MessageBoxW 7E3E6534 5 Bytes JMP 04052450 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Programmi\Internet Explorer\iexplore.exe[2320] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 040512D0 C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\pc_gear_it\tbpc_0.dll (Conduit Toolbar/Conduit Ltd.)

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Programmi\Internet Explorer\iexplore.exe[636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programmi\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- EOF - GMER 2.0 ----
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Do the following:

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Download OTL from any of the following links and save to your desktop.

    http://itxassociates.com/OT-Tools/OTL.com
    http://oldtimer.geekstogo.com/OTL.exe
    http://www.itxassociates.com/OT-Tools/OTL.scr

    Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Kevin...
     
  3. Tecnico Italiano

    Tecnico Italiano Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    34
    Hi Kevin. Thank you very much for your reply and for your help. I have followed your instructions, and below are the 3 files. Some of the results are written in Italian, but I imagine that you will know what they are referring to. Thanks a lot!

    ==============================
    # AdwCleaner v2.108 - Logfile creato il 25/01/2013 alle 15:13:03
    # Aggiornamento 24/01/2013 by Xplode
    # Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
    # Utente : Giuseppe - ACER-CD38DA1573
    # Modalità Avvio : Modalità Normale
    # Eseguito da : C:\Documents and Settings\Giuseppe\Desktop\adwcleaner.exe
    # Opzioni [Elimina]


    ***** [Servizi] *****


    ***** [File / Cartelle] *****

    Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
    Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\Trymedia
    Cartella Eliminato : C:\Documents and Settings\Giuseppe\Dati applicazioni\BabylonToolbar
    Cartella Eliminato : C:\Documents and Settings\Giuseppe\Dati applicazioni\facemoods.com
    Cartella Eliminato : C:\Documents and Settings\Giuseppe\Dati applicazioni\FreeCompressor
    Cartella Eliminato : C:\Documents and Settings\Giuseppe\Dati applicazioni\OfferBox
    Cartella Eliminato : C:\Documents and Settings\Giuseppe\Dati applicazioni\PriceGong
    Cartella Eliminato : C:\Documents and Settings\Giuseppe\Dati applicazioni\widestream
    Cartella Eliminato : C:\Programmi\Ask.com
    Cartella Eliminato : C:\Programmi\File comuni\spigot
    Cartella Eliminato : C:\Programmi\FreeCompressor
    Cartella Eliminato : C:\Programmi\pc_gear_it
    Cartella Eliminato : C:\Programmi\Softonic-IT
    Cartella Eliminato : C:\Programmi\Widestream6
    Cartella Eliminato : C:\WINDOWS\Installer\{835525BE-63BD-4EC4-9425-00CEAD4849C2}
    Cartella Eliminato : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Cartella Eliminato : D:\Documents and Settings\Giuseppe\Documenti\widestream
    File Eliminato : C:\Programmi\Mozilla Firefox\searchplugins\babylon.xml
    File Eliminato : C:\WINDOWS\system32\conduitEngine.tmp
    File Eliminato : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ***** [Registro] *****

    Chiave Eliminata : HKCU\Software\APN
    Chiave Eliminata : HKCU\Software\AppDataLow\AskToolbarInfo
    Chiave Eliminata : HKCU\Software\Ask.com
    Chiave Eliminata : HKCU\Software\AskToolbar
    Chiave Eliminata : HKCU\Software\Conduit
    Chiave Eliminata : HKCU\Software\FissaSearch
    Chiave Eliminata : HKCU\Software\FreeCompressor
    Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
    Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
    Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Widestream6
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A6DC111-B030-4C3E-BE65-299284128B91}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5F529D18-13CD-4A5B-AB8E-29087C639BD3}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{703740C1-0F1A-4CEC-A4DF-D78DB0158477}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B994A3AA-D601-4373-965C-2FEED9D35FC8}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E0E60410-4000-46FA-944B-DBCA9027E3FE}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E3393495-8103-46A0-8181-270273EDDD60}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDE1C224-0B9C-46B2-8FCA-8945BCF8D4CB}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A6DC111-B030-4C3E-BE65-299284128B91}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F529D18-13CD-4A5B-AB8E-29087C639BD3}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{703740C1-0F1A-4CEC-A4DF-D78DB0158477}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B994A3AA-D601-4373-965C-2FEED9D35FC8}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0E60410-4000-46FA-944B-DBCA9027E3FE}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3393495-8103-46A0-8181-270273EDDD60}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDE1C224-0B9C-46B2-8FCA-8945BCF8D4CB}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Chiave Eliminata : HKCU\Software\Offerbox
    Chiave Eliminata : HKCU\Software\pc_gear_it
    Chiave Eliminata : HKCU\Software\PriceGong
    Chiave Eliminata : HKCU\Software\SmartBar
    Chiave Eliminata : HKCU\Software\Softonic
    Chiave Eliminata : HKCU\Software\Softonic-IT
    Chiave Eliminata : HKCU\Software\WideStream
    Chiave Eliminata : HKCU\Toolbar
    Chiave Eliminata : HKLM\Software\APN
    Chiave Eliminata : HKLM\Software\AskToolbar
    Chiave Eliminata : HKLM\Software\AVG Secure Search
    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{5F529D18-13CD-4A5B-AB8E-29087C639BD3}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{B994A3AA-D601-4373-965C-2FEED9D35FC8}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E0E60410-4000-46FA-944B-DBCA9027E3FE}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E3393495-8103-46A0-8181-270273EDDD60}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{FDE1C224-0B9C-46B2-8FCA-8945BCF8D4CB}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Conduit.Engine
    Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Chiave Eliminata : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
    Chiave Eliminata : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
    Chiave Eliminata : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Chiave Eliminata : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Chiave Eliminata : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Chiave Eliminata : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2304564
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2530241
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2582604
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2849853
    Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Chiave Eliminata : HKLM\Software\Conduit
    Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
    Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07EEFA72-263B-4E52-95E3-DACD32D00817}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503738D7-B672-4065-9178-DB9351DADC25}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CE9D31E-3C8A-4CD9-8C5A-250BC74631FA}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFB4F403-1BA3-44F0-AD99-9F52825C3A58}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pc_gear_it Toolbar
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic-IT Toolbar
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3393495-8103-46A0-8181-270273EDDD60}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDE1C224-0B9C-46B2-8FCA-8945BCF8D4CB}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5F529D18-13CD-4A5B-AB8E-29087C639BD3}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B994A3AA-D601-4373-965C-2FEED9D35FC8}
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_gear_it Toolbar
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-IT Toolbar
    Chiave Eliminata : HKLM\Software\Offerbox
    Chiave Eliminata : HKLM\Software\pc_gear_it
    Chiave Eliminata : HKLM\Software\Softonic-IT
    Chiave Eliminata : HKLM\SOFTWARE\Software
    Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E3393495-8103-46A0-8181-270273EDDD60}]
    Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FDE1C224-0B9C-46B2-8FCA-8945BCF8D4CB}]
    Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
    Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E3393495-8103-46A0-8181-270273EDDD60}]
    Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FDE1C224-0B9C-46B2-8FCA-8945BCF8D4CB}]
    Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]
    Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E3393495-8103-46A0-8181-270273EDDD60}]
    Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FDE1C224-0B9C-46B2-8FCA-8945BCF8D4CB}]
    Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

    ***** [Browser Internet] *****

    -\\ Internet Explorer v8.0.6001.18702

    Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=320d180e00000000000000166f269174&tlver=1.4.19.19&ss=1&affID=17982 --> hxxp://www.google.com

    *************************

    AdwCleaner[S1].txt - [19352 octets] - [25/01/2013 15:13:03]

    ########## EOF - C:\AdwCleaner[S1].txt - [19413 octets] ##########
    ==============================
    OTL logfile created on: 25/01/2013 15.20.13 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Giuseppe\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

    1014,05 Mb Total Physical Memory | 565,31 Mb Available Physical Memory | 55,75% Memory free
    1,63 Gb Paging File | 1,23 Gb Available in Paging File | 75,31% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
    Drive C: | 34,17 Gb Total Space | 5,83 Gb Free Space | 17,06% Space Free | Partition Type: FAT32
    Drive D: | 40,34 Gb Total Space | 40,17 Gb Free Space | 99,58% Space Free | Partition Type: NTFS

    Computer Name: ACER-CD38DA1573 | User Name: Giuseppe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/25 15.09.28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giuseppe\Desktop\OTL.exe
    PRC - [2012/12/11 03.52.44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgui.exe
    PRC - [2012/12/03 08.35.30 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
    PRC - [2012/11/15 23.34.30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/30 04.59.56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgrsx.exe
    PRC - [2012/10/22 13.05.08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 13.04.32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgnsx.exe
    PRC - [2012/10/22 13.03.52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgemcx.exe
    PRC - [2012/10/22 13.03.46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2013\avgcsrvx.exe
    PRC - [2012/01/18 14.02.04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
    PRC - [2008/10/10 15.36.36 | 000,135,168 | ---- | M] () -- C:\WINDOWS\system32\RegService.exe
    PRC - [2008/04/14 03.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/10/26 13.40.34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
    PRC - [2005/12/01 17.38.38 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Programmi\Launch Manager\QtZgAcer.EXE
    PRC - [2005/11/25 15.59.44 | 000,212,992 | ---- | M] (Acer Inc) -- C:\Acer\Empowering Technology\ePower\epm-dm.exe
    PRC - [2005/10/24 16.45.32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
    PRC - [2005/10/24 16.40.52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
    PRC - [2005/10/19 09.30.16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/02 17.05.34 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
    MOD - [2008/10/10 15.36.36 | 000,135,168 | ---- | M] () -- C:\WINDOWS\system32\RegService.exe
    MOD - [2005/11/09 22.22.14 | 000,876,544 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\Libeay32.dll
    MOD - [2005/11/09 22.22.14 | 000,208,965 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\iWMSProv.dll
    MOD - [2005/11/09 22.22.14 | 000,053,322 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\IntStngs.dll
    MOD - [2005/09/05 16.31.56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
    MOD - [2005/08/24 01.24.00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
    MOD - [2005/07/06 13.50.14 | 000,057,344 | ---- | M] () -- C:\Programmi\Launch Manager\HokHIDKC.dll
    MOD - [2003/12/29 20.45.08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
    MOD - [2001/10/28 17.42.30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\serivces.exe -- (PlugPlayCM)
    SRV - File not found [On_Demand | Stopped] -- C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/01/23 13.17.26 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/15 23.34.30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 13.05.08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2011/11/27 11.52.10 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
    SRV - [2011/07/20 05.18.24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2011/06/08 13.02.00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/10/10 15.36.36 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\RegService.exe -- (Communication Modem Device Manager II)
    SRV - [2006/10/26 13.40.34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
    SRV - [2006/10/26 13.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
    SRV - [2005/10/24 16.40.52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
    SRV - [2005/08/03 05.18.50 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Unknown] -- C:\Programmi\WinPCap\rpcapd.exe -- (rpcapd)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/11/15 23.33.26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2012/10/22 13.02.46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2012/10/15 03.48.52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/10/02 03.30.38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/09/21 03.46.06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/09/21 03.46.00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2012/09/21 03.45.54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2012/09/14 03.05.20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/09/01 14.33.12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
    DRV - [2010/09/01 14.33.12 | 000,050,304 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_cdc_ecm.sys -- (vodafone_K3805-z_cdc_ecm)
    DRV - [2010/09/01 14.33.12 | 000,009,728 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_cpo.sys -- (vodafone_K3805-z_cpo)
    DRV - [2010/09/01 14.33.10 | 000,085,888 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_cdc_acm.sys -- (vodafone_K3805-z_cdc_acm)
    DRV - [2010/02/11 13.02.16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2008/09/01 17.40.22 | 000,103,552 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)
    DRV - [2008/04/13 19.56.06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/04/13 19.53.10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2005/12/11 07.40.44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/11/17 00.45.40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
    DRV - [2005/11/09 14.45.56 | 000,013,440 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005/10/23 19.20.52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/10/18 01.53.24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/10/18 01.52.30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/10/15 18.20.44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
    DRV - [2005/09/29 20.11.42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2005/09/13 15.34.40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
    DRV - [2005/09/11 19.49.44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
    DRV - [2005/08/03 05.10.14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2005/06/30 16.58.24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
    DRV - [2005/05/02 12.13.42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
    DRV - [2005/04/07 18.08.46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
    DRV - [2005/01/14 15.57.16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
    DRV - [2004/08/19 05.00.00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/19 05.00.00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2004/07/19 13.10.00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    IE - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_IT Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {e3393495-8103-46a0-8181-270273eddd60}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
    FF - prefs.js..extensions.enabledItems: [email protected]:3.8.0.12304
    FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=TKR&o=15589&locale=en_US&apn_uid=F226CC6D-97D6-4541-AE29-76E8BFEB4590&apn_ptnrs=IY&apn_sauid=0D1D5A62-4A15-4D2F-B729-4524945A86C6&apn_dtid=YYYYYYYYIT&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmi\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Programmi\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2010/12/11 09.41.06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Extensions
    [2011/09/23 14.39.58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Extensions\[email protected]
    [2010/12/11 09.41.06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions
    [2011/05/16 17.02.06 | 000,000,000 | ---D | M] (Fissa) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\@FissaPlugin
    [2012/01/11 18.44.30 | 000,000,000 | ---D | M] (BittorrentBar_IT Community Toolbar) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}
    [2011/03/31 20.27.16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/05/04 18.12.40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
    [2012/01/09 19.02.18 | 000,000,000 | ---D | M] (Softonic-IT Community Toolbar) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2)
    [2011/03/31 20.27.14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]
    [2012/06/03 13.21.38 | 000,000,000 | ---D | M] (Tracker Toolbar) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]
    [2011/02/19 16.30.54 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\searchplugins\fissa.xml
    [2011/03/21 18.58.24 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\searchplugins\conduit.xml
    [2011/11/16 17.22.08 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\searchplugins\askcom.xml
    [2011/04/27 16.16.58 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
    [2011/10/03 05.06.04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
    [1999/12/31 16.00.00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programmi\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
    [2011/03/01 22.23.12 | 000,002,051 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\fcmdSrchstonicit.xml

    O1 HOSTS File: ([2004/08/19 05.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006\..\Toolbar\ShellBrowser: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
    O3 - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
    O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AVG_UI] C:\Programmi\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [Italiano clic] C:\Programmi\Garzanti Linguistica\Italiano Clic\vb\ItaTray.exe (Teknoprogetti S.r.l.)
    O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
    O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" File not found
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" File not found
    O4 - Startup: C:\Documents and Settings\Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Sample Toolband Serach - C:\WINDOWS\System32\ToolBand.dll (HiTRUST)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/01/03 18.43.30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
    O33 - MountPoints2\{46b125c6-ae28-11df-8e35-a2365dcd63e9}\Shell - "" = AutoRun
    O33 - MountPoints2\{46b125c6-ae28-11df-8e35-a2365dcd63e9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{ae990d7e-9a51-11df-8e26-00166f269174}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
    O33 - MountPoints2\{bda83adc-f716-11e0-8fbd-00166f269174}\Shell - "" = AutoRun
    O33 - MountPoints2\{bda83adc-f716-11e0-8fbd-00166f269174}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
    O33 - MountPoints2\{d30230de-e5df-11e0-8f9b-00166f269174}\Shell - "" = AutoRun
    O33 - MountPoints2\{d30230de-e5df-11e0-8f9b-00166f269174}\Shell\AutoRun\command - "" = G:\Setup.exe
    O33 - MountPoints2\{e49351c8-ec09-11df-8e4e-00166f269174}\Shell - "" = AutoRun
    O33 - MountPoints2\{e49351c8-ec09-11df-8e4e-00166f269174}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{ffc64b8e-6ad2-11e1-906d-00166f269174}\Shell - "" = AutoRun
    O33 - MountPoints2\{ffc64b8e-6ad2-11e1-906d-00166f269174}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/25 15.09.28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Giuseppe\Desktop\OTL.exe
    [2013/01/24 23.55.21 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Giuseppe\Desktop\dds.scr
    [2013/01/24 23.53.02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Giuseppe\Desktop\HijackThis.exe
    [2013/01/24 13.29.19 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
    [2013/01/24 04.50.34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG January 2013 Campaign
    [2013/01/23 17.38.29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\AVG2013
    [2013/01/23 17.38.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Avg2013
    [2013/01/23 17.37.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\TuneUp Software
    [2013/01/23 17.37.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\AVG
    [2013/01/23 17.37.05 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/01/23 17.37.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2013
    [2013/01/23 17.36.23 | 000,000,000 | ---D | C] -- C:\Programmi\AVG
    [2013/01/23 17.11.21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
    [2013/01/23 17.11.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\MFAData
    [2013/01/23 17.11.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
    [2013/01/23 17.11.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\Avg2013
    [2013/01/23 13.16.54 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/01/23 11.49.22 | 000,000,000 | -HSD | C] -- C:\FOUND.001
    [2012/10/12 00.20.35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Dati applicazioni\lsass.exe
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/25 15.16.16 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/25 15.16.08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/25 15.16.06 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/25 15.12.04 | 000,001,134 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/25 15.09.28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giuseppe\Desktop\OTL.exe
    [2013/01/25 15.07.44 | 000,578,255 | ---- | M] () -- C:\Documents and Settings\Giuseppe\Desktop\adwcleaner.exe
    [2013/01/25 00.15.02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/24 23.59.16 | 000,365,568 | ---- | M] () -- C:\Documents and Settings\Giuseppe\Desktop\GMER - c32wy21v.exe
    [2013/01/24 23.55.30 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Giuseppe\Desktop\dds.scr
    [2013/01/24 23.53.08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Giuseppe\Desktop\HijackThis.exe
    [2013/01/24 22.32.18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/01/24 22.16.10 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA64AAE3-1F1A-4E46-BC4C-E59FB6704CBF}.job
    [2013/01/24 04.50.38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN_DELETE.job
    [2013/01/23 17.37.40 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
    [2013/01/23 16.55.10 | 000,528,596 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
    [2013/01/23 16.55.10 | 000,476,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/01/23 16.55.10 | 000,102,578 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
    [2013/01/23 16.55.10 | 000,085,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/01/23 16.48.06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/01/23 13.17.26 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/01/23 13.17.26 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/01/23 13.17.02 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/01/06 06.34.08 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2012/12/26 20.52.34 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Dati applicazioni\dsgsdgdsgdsgw.pad
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/25 15.07.44 | 000,578,255 | ---- | C] () -- C:\Documents and Settings\Giuseppe\Desktop\adwcleaner.exe
    [2013/01/24 23.59.15 | 000,365,568 | ---- | C] () -- C:\Documents and Settings\Giuseppe\Desktop\GMER - c32wy21v.exe
    [2013/01/24 04.50.36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\ROC_REG_JAN_DELETE.job
    [2013/01/23 17.37.39 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
    [2012/12/22 12.56.56 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\dsgsdgdsgdsgw.pad
    [2012/10/15 22.23.14 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\Giuseppe\Dati applicazioni\msconfig.ini
    [2012/08/01 19.55.18 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ras_0oed.pad
    [2012/02/15 14.21.48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/12/19 16.49.42 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
    [2011/12/19 16.49.42 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
    [2011/09/23 14.35.34 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
    [2011/06/12 18.13.42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/27 16.15.42 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2011/03/01 22.25.37 | 000,006,280 | ---- | C] () -- C:\Documents and Settings\Giuseppe\Dati applicazioni\mainhst.zgh
    [2010/08/22 22.09.51 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/01 13.26.36 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Giuseppe\default.pls
    [2010/07/27 18.21.39 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Giuseppe\Impostazioni locali\Dati applicazioni\fusioncache.dat

    ========== ZeroAccess Check ==========

    [2006/01/03 18.26.44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 03.13.50 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11.51.44 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03.13.56 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/07/27 18.27.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Acer
    [2010/10/14 21.17.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ESET
    [2010/12/11 07.53.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
    [2010/12/13 16.52.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
    [2010/12/13 16.52.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\InterAction studios
    [2011/01/16 22.08.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\WinZip
    [2011/06/24 21.37.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MSScanAppDataDir
    [2011/06/24 21.38.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SSScanAppDataDir
    [2011/09/23 14.35.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{F0489EF2-D393-4114-85BA-A94D71D89543}
    [2011/10/15 12.30.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\NokiaInstallerCache
    [2011/10/15 12.37.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
    [2012/01/11 18.29.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\pdf995
    [2012/03/10 18.04.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Vodafone
    [2013/01/23 17.11.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
    [2013/01/23 17.11.22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Common Files
    [2013/01/23 17.37.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2013
    [2013/01/24 04.50.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG January 2013 Campaign
    [2010/07/27 18.27.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Acer
    [2010/11/03 18.53.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Opera
    [2010/12/11 07.53.26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Autodesk
    [2010/12/11 08.48.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\CoSoSys
    [2011/03/01 22.24.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\ZipGenius
    [2011/03/21 18.57.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\BitTorrent
    [2011/05/10 21.06.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Tracker Software
    [2011/08/26 15.02.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Dropbox
    [2011/09/23 14.39.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Philips-Songbird
    [2011/10/15 12.37.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\PC Suite
    [2011/10/25 18.59.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Windows Search
    [2011/10/31 16.11.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\esri
    [2012/03/10 18.05.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Vodafone
    [2012/03/10 19.24.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\org.mart3.VodafoneStation
    [2013/01/23 17.37.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\TuneUp Software
    [2013/01/23 17.38.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Giuseppe\Dati applicazioni\AVG2013

    ========== Purity Check ==========



    < End of report >
    ==============================
    OTL Extras logfile created on: 25/01/2013 15.20.13 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Giuseppe\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

    1014,05 Mb Total Physical Memory | 565,31 Mb Available Physical Memory | 55,75% Memory free
    1,63 Gb Paging File | 1,23 Gb Available in Paging File | 75,31% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
    Drive C: | 34,17 Gb Total Space | 5,83 Gb Free Space | 17,06% Space Free | Partition Type: FAT32
    Drive D: | 40,34 Gb Total Space | 40,17 Gb Free Space | 99,58% Space Free | Partition Type: NTFS

    Computer Name: ACER-CD38DA1573 | User Name: Giuseppe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-2868762793-4281576462-2095217771-1006\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Programmi\Microsoft Office\Office12\groove.exe" = C:\Programmi\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule
    "C:\Programmi\Skype\Plugin Manager\skypePM.exe" = C:\Programmi\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Programmi\Google\Google Earth\plugin\geplugin.exe" = C:\Programmi\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Programmi\MyTorrentClient\Halite.exe" = C:\Programmi\MyTorrentClient\Halite.exe:*:Enabled:Halite BitTorrent Client
    "C:\WINDOWS\System32\FXSCLNT.exe" = C:\WINDOWS\System32\FXSCLNT.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
    "C:\Documents and Settings\Giuseppe\Dati applicazioni\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Giuseppe\Dati applicazioni\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
    "C:\Programmi\Vodafone\VodafoneStation2\python\win\VFsocket.exe" = C:\Programmi\Vodafone\VodafoneStation2\python\win\VFsocket.exe:*:Enabled:VFsocket
    "C:\Programmi\Vodafone\VodafoneStation2\VodafoneStation2.exe" = C:\Programmi\Vodafone\VodafoneStation2\VodafoneStation2.exe:*:Enabled:VodafoneStation2
    "C:\Programmi\AVG\AVG2013\avgnsx.exe" = C:\Programmi\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Programmi\AVG\AVG2013\avgdiagex.exe" = C:\Programmi\AVG\AVG2013\avgdiagex.exe:*:Enabled:Diagnostica AVG 2013 -- (AVG Technologies CZ, s.r.o.)
    "C:\Programmi\AVG\AVG2013\avgmfapx.exe" = C:\Programmi\AVG\AVG2013\avgmfapx.exe:*:Enabled:Installazione di AVG -- (AVG Technologies CZ, s.r.o.)
    "C:\Programmi\AVG\AVG2013\avgemcx.exe" = C:\Programmi\AVG\AVG2013\avgemcx.exe:*:Enabled:Scansione e-mail personale -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
    "{228CF0D2-8DF4-4B26-B349-8CF13408F885}" = Tetti e coperture
    "{236BB7C4-4419-42FD-0410-1E257A25E34D}" = Adobe Photoshop CS2
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013
    "{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{373CDA0D-A5B1-4BCB-8E74-C6337DC4A259}" = Microsoft .NET Framework 2.0 Language Pack - ITA
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{5545EEE8-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.3)
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
    "{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
    "{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
    "{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
    "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
    "{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
    "{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
    "{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
    "{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
    "{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
    "{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
    "{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
    "{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
    "{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
    "{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9979863D-E821-447C-AD64-DF82AC8CBDE6}" = Nota
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1040-7B44-A94000000001}" = Adobe Reader 9.4.7 - Italiano
    "{AC76BA86-7AD7-1040-7B44-A95000000001}" = Adobe Reader 9.5.2 - Italiano
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
    "{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
    "{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
    "{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
    "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.3.1.2640)
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0410-1E257A25E34D}" = Adobe Photoshop CS2
    "ArcGIS Explorer" = ArcGIS Explorer
    "AVG" = AVG 2013
    "Chicken Invaders 3_is1" = Chicken Invaders 3
    "CNXT_MODEM_HDAUDIO_AcrS009E" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Defraggler" = Defraggler
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ePresentation" = Acer ePresentation Management
    "GridVista" = Acer GridVista
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
    "InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
    "InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
    "InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
    "Italiano <clic>" = Italiano <clic>
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.7
    "LManager" = Launch Manager
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0 Language Pack - ITA" = Microsoft .NET Framework 2.0 - Language Pack (italiano)
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "Pdf995" = Pdf995
    "ProInst" = Software Intel(R) PROSet/Wireless
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "YTdetect" = Yahoo! Detect

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 23/11/2012 15.31.13 | Computer Name = ACER-CD38DA1573 | Source = EventSystem | ID = 4614
    Description = Il sistema di gestione degli eventi COM+ ha rilevato un'incoerenza
    a livello di stato interno. L'asserzione "GetLastError() == 122L" ha avuto esito
    negativo alla riga 162 di d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
    Comunicare il problema al Servizio Supporto Tecnico Clienti Microsof

    [ System Events ]
    Error - 24/01/2013 17.14.58 | Computer Name = ACER-CD38DA1573 | Source = Service Control Manager | ID = 7006
    Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
    l'errore %%5.

    Error - 24/01/2013 17.14.58 | Computer Name = ACER-CD38DA1573 | Source = Service Control Manager | ID = 7006
    Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
    l'errore %%5.

    Error - 24/01/2013 18.35.59 | Computer Name = ACER-CD38DA1573 | Source = Dhcp | ID = 1002
    Description = Il lease 192.168.1.101 dell'indirizzo IP della scheda di rete con
    indirizzo 00166F269174 è stato negato dal server DHCP 192.168.33.1. Il server DHCP
    ha inviato un messaggio DHCPNACK.

    Error - 24/01/2013 18.36.40 | Computer Name = ACER-CD38DA1573 | Source = Service Control Manager | ID = 7006
    Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
    l'errore %%5.

    Error - 24/01/2013 18.36.40 | Computer Name = ACER-CD38DA1573 | Source = Service Control Manager | ID = 7006
    Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
    l'errore %%5.

    Error - 25/01/2013 9.58.33 | Computer Name = ACER-CD38DA1573 | Source = Dhcp | ID = 1002
    Description = Il lease 192.168.1.101 dell'indirizzo IP della scheda di rete con
    indirizzo 00166F269174 è stato negato dal server DHCP 192.168.33.1. Il server DHCP
    ha inviato un messaggio DHCPNACK.

    Error - 25/01/2013 9.59.16 | Computer Name = ACER-CD38DA1573 | Source = Service Control Manager | ID = 7006
    Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
    l'errore %%5.

    Error - 25/01/2013 9.59.16 | Computer Name = ACER-CD38DA1573 | Source = Service Control Manager | ID = 7006
    Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
    l'errore %%5.

    Error - 25/01/2013 10.16.36 | Computer Name = ACER-CD38DA1573 | Source = Service Control Manager | ID = 7006
    Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
    l'errore %%5.

    Error - 25/01/2013 10.16.36 | Computer Name = ACER-CD38DA1573 | Source = Service Control Manager | ID = 7006
    Description = La chiamata ScRegSetValueExW per FailureActions non è riuscita con
    l'errore %%5.


    < End of report >
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Continue as follows:

    Re-Run [​IMG] by double left click, Vista and Widows 7 users accept UAC alert.

    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      FF - prefs.js..browser.search.defaultengine: "Ask.com"	
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"	
      FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_IT Customized Web Search"	
      FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&SearchSource=3&q={searchTerms}"	
      FF - prefs.js..browser.search.order.1: "Ask.com"	
      FF - prefs.js..browser.search.selectedEngine: "Ask.com"
      FF - prefs.js..extensions.enabledItems: {e3393495-8103-46a0-8181-270273eddd60}:3.3.3.2
      FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
      FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=TKR&o=15589&locale=en_US&apn_uid=F226CC6D-97D6-4541-AE29-76E8BFEB4590&apn_ptnrs=IY&apn_sauid=0D1D5A62-4A15-4D2F-B729-4524945A86C6&apn_dtid=YYYYYYYYIT&q="
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      [2012/01/09 19.02.18 | 000,000,000 | ---D | M] (Softonic-IT Community Toolbar) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2)
      [2012/01/11 18.44.30 | 000,000,000 | ---D | M] (BittorrentBar_IT Community Toolbar) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}
      [2011/05/04 18.12.40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
      [2012/01/09 19.02.18 | 000,000,000 | ---D | M] (Softonic-IT Community Toolbar) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2)
      [2011/03/31 20.27.14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]
      [2012/06/03 13.21.38 | 000,000,000 | ---D | M] (Tracker Toolbar) -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]
      [2011/02/19 16.30.54 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\searchplugins\fissa. xml
      [2011/03/21 18.58.24 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\searchplugins\condui t.xml
      [2011/11/16 17.22.08 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\searchplugins\askcom .xml
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll File not found
      O3 - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006\..\Toolbar\ShellBrowser: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
      O3 - HKU\S-1-5-21-2868762793-4281576462-2095217771-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O33 - MountPoints2\{46b125c6-ae28-11df-8e35-a2365dcd63e9}\Shell - "" = AutoRun
      O33 - MountPoints2\{46b125c6-ae28-11df-8e35-a2365dcd63e9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
      O33 - MountPoints2\{ae990d7e-9a51-11df-8e26-00166f269174}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
      O33 - MountPoints2\{bda83adc-f716-11e0-8fbd-00166f269174}\Shell - "" = AutoRun
      O33 - MountPoints2\{bda83adc-f716-11e0-8fbd-00166f269174}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
      O33 - MountPoints2\{d30230de-e5df-11e0-8f9b-00166f269174}\Shell - "" = AutoRun
      O33 - MountPoints2\{d30230de-e5df-11e0-8f9b-00166f269174}\Shell\AutoRun\command - "" = G:\Setup.exe
      O33 - MountPoints2\{e49351c8-ec09-11df-8e4e-00166f269174}\Shell - "" = AutoRun
      O33 - MountPoints2\{e49351c8-ec09-11df-8e4e-00166f269174}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
      O33 - MountPoints2\{ffc64b8e-6ad2-11e1-906d-00166f269174}\Shell - "" = AutoRun
      O33 - MountPoints2\{ffc64b8e-6ad2-11e1-906d-00166f269174}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
      [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      :Files
      ipconfig /flushdns /c
      c:\docume~1\giuseppe\menuav~1\progra~1\esecuz~1\ctfmon.lnk
      c:\docume~1\giuseppe\menuav~1\progra~1\esecuz~1\runctf.lnk	
      :Commands
      [emptytemp]
      
      [CREATERESTOREPOINT]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
    • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post those two logs, give update on curren issues/concerns...

    Kevin
     
  5. Tecnico Italiano

    Tecnico Italiano Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    34
    Thank you very much, Kevin. After running OTL with those custom scans/files, when OTL was rebooting the computer I noticed that the two RUNDLL popups didn’t appear. Even after additional reboots they still have not reappeared. So at least that symptom has been resolved. But I have just tried booting in the safe modes, and I still receive blue screen 7B for all three of them, even though booting XP normally results in no problem. So maybe it is no longer a malware problem. In any case, below are the two log files. Thanks!

    =======================================
    All processes killed
    ========== OTL ==========
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "BittorrentBar_IT Customized Web Search" removed from browser.search.defaultthis.engineName
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: "Ask.com" removed from browser.search.selectedEngine
    Prefs.js: {e3393495-8103-46a0-8181-270273eddd60}:3.3.3.2 removed from extensions.enabledItems
    Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
    Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=TKR&o=15589&locale=en_US&apn_uid=F226CC6D-97D6-4541-AE29-76E8BFEB4590&apn_ptnrs=IY&apn_sauid=0D1D5A62-4A15-4D2F-B729-4524945A86C6&apn_dtid=YYYYYYYYIT=" removed from keyword.URL
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2)\META-INF(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2)\chrome(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2)\modules(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2)\defaults(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2)\searchplugin(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2)\components(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}\searchplugin folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}\defaults folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}\modules folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}\chrome folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}\components folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}\META-INF folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)\chrome(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)\defaults(2)\preferences(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)\defaults(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)\META-INF(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)\components(2) folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) folder moved successfully.
    Folder C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\{e3393495-8103-46a0-8181-270273eddd60}(2)\ not found.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\searchplugin folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\defaults folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\DualPackage folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\lib folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\components folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\META-INF folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected] folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\datastore folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\logs folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\searchplugins folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome\skin folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome\content folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome\temp\ff-config.Mon-07-Nov-2011-16-55-59-GMT folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome\temp\ff-config.Fri-07-Oct-2011-09-01-30-GMT folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome\temp\ff-config.Mon-01-Aug-2011-13-20-00-GMT folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome\temp\ff-config.Sat-18-Jun-2011-15-58-07-GMT folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome\temp\ff-config.Sun-29-May-2011-09-38-00-GMT folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome\temp\ff-config.Fri-27-May-2011-19-00-41-GMT folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome\temp folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\chrome folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\defaults\preferences folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected]\defaults folder moved successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\extensions\[email protected] folder moved successfully.
    File C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\searchplugins\fissa. xml not found.
    File C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\searchplugins\condui t.xml not found.
    File C:\Documents and Settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\0p5aygal.default\searchplugins\askcom .xml not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2868762793-4281576462-2095217771-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2868762793-4281576462-2095217771-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46b125c6-ae28-11df-8e35-a2365dcd63e9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46b125c6-ae28-11df-8e35-a2365dcd63e9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46b125c6-ae28-11df-8e35-a2365dcd63e9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46b125c6-ae28-11df-8e35-a2365dcd63e9}\ not found.
    File F:\LaunchU3.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae990d7e-9a51-11df-8e26-00166f269174}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae990d7e-9a51-11df-8e26-00166f269174}\ not found.
    File F:\.\ShowModem.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bda83adc-f716-11e0-8fbd-00166f269174}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bda83adc-f716-11e0-8fbd-00166f269174}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bda83adc-f716-11e0-8fbd-00166f269174}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bda83adc-f716-11e0-8fbd-00166f269174}\ not found.
    File F:\NokiaPCIA_Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d30230de-e5df-11e0-8f9b-00166f269174}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d30230de-e5df-11e0-8f9b-00166f269174}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d30230de-e5df-11e0-8f9b-00166f269174}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d30230de-e5df-11e0-8f9b-00166f269174}\ not found.
    File G:\Setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e49351c8-ec09-11df-8e4e-00166f269174}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e49351c8-ec09-11df-8e4e-00166f269174}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e49351c8-ec09-11df-8e4e-00166f269174}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e49351c8-ec09-11df-8e4e-00166f269174}\ not found.
    File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffc64b8e-6ad2-11e1-906d-00166f269174}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffc64b8e-6ad2-11e1-906d-00166f269174}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffc64b8e-6ad2-11e1-906d-00166f269174}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffc64b8e-6ad2-11e1-906d-00166f269174}\ not found.
    File F:\setup_vmb_lite.exe /checkApplicationPresence not found.
    C:\WINDOWS\System32\SET23D4.tmp deleted successfully.
    C:\WINDOWS\System32\SET23D9.tmp deleted successfully.
    C:\WINDOWS\System32\SET23E0.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\002778_.tmp deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Configurazione IP di Windows
    Svuotata la cache del resolver DNS.
    C:\Documents and Settings\Giuseppe\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Giuseppe\Desktop\cmd.txt deleted successfully.
    c:\docume~1\giuseppe\menuav~1\progra~1\esecuz~1\ctfmon.lnk moved successfully.
    c:\docume~1\giuseppe\menuav~1\progra~1\esecuz~1\runctf.lnk moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 56466 bytes

    User: All Users

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Giuseppe
    ->Temp folder emptied: 633178730 bytes
    ->Temporary Internet Files folder emptied: 16337332 bytes
    ->Java cache emptied: 274425 bytes
    ->FireFox cache emptied: 310846887 bytes
    ->Flash cache emptied: 57014 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4346935135 bytes
    RecycleBin emptied: 113154498 bytes

    Total Files Cleaned = 5.170,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 01252013_181401

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Giuseppe\Impostazioni locali\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Documents and Settings\Giuseppe\Impostazioni locali\Temporary Internet Files\Content.IE5\UD5BG90M\ddc[1].htm moved successfully.
    C:\Documents and Settings\Giuseppe\Impostazioni locali\Temporary Internet Files\Content.IE5\4OUYL3T0\1086713-laptop-recently-infected-ransomware-all[1].html moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    =======================================
    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.25.07

    Windows XP Service Pack 3 x86 FAT32
    Internet Explorer 8.0.6001.18702
    Giuseppe :: ACER-CD38DA1573 [administrator]

    Protection: Enabled

    25/01/2013 19.04.33
    mbam-log-2013-01-25 (19-04-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212345
    Time elapsed: 11 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Documents and Settings\All Users\Dati applicazioni\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Dati applicazioni\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Giuseppe\Dati applicazioni\msconfig.ini (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Thanks for the update and logs, looking at the log from MB and the syptoms still happening we need to run another tool...

    The rundll issues were corrected with the removal of the following by OTL:

    c:\docume~1\giuseppe\menuav~1\progra~1\esecuz~1\ctfmon.lnk moved successfully.
    c:\docume~1\giuseppe\menuav~1\progra~1\esecuz~1\runctf.lnk moved successfully.

    OK, we continue...

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  7. Tecnico Italiano

    Tecnico Italiano Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    34
    Hi, Kevin. Thank you very much for your help. I have done everything as indicated in your instructions and the ComboFix instructions, but after ComboFix finished with its 50 stages then it showed the following inside its blue box:

    Eliminazione Cartelle: [i.e., deleting of folders]
    C:\Documents and Settings\All Users\Dati applicazioni\TEMP
    _

    The cursor stays under this first folder name, blinking, for a _very_ long time. After one hour I assumed it had locked up, so I rebooted the computer. I started up ComboFix again, but after 5-10 minutes of passing through its 50 stages it reached the same point, and stopped there with the cursor blinking. Should I leave it like this overnight, or should I try something else? (The first time through I ran ComboFix with AVG disabled for 15 minutes, as per their instructions. Thinking that it might be AVG that was causing ComboFix to lock up, on the second time through I disabled AVG until the next reboot, but the result was the same. Incidentally I have gone and looked inside that TEMP folder, and at the moment it is empty.)

    Thanks a lot for your help.
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Yep, occasionally Combofix can appear idle for maybe 2 to 3 hours, it depends exactly what is happening. If it continues to lock up after 3rd attempt we may need a fresh approach.

    The BSOD death you mention with error 7B can be indicative of rootkit action. Maybe better to run TDSSKiller if CF does not progress...

    Please download the latest version of TDSSKiller from Here and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


      [​IMG]

    • Put a checkmark beside loaded modules.


      [​IMG]

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.


      [​IMG]

    • Click the Start Scan button.


      [​IMG]

    • The scan will be quick.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.


      [​IMG]

    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
     
  9. Tecnico Italiano

    Tecnico Italiano Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    34
    OK, I am starting it up again now, with AVG still disabled until the next reboot, with Windows Firewall disabled, and with no other programs or windows open. I will leave it all night, and if it locks up again then tomorrow I will try TDSSKiller. Thanks a million, and good night!
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Yep its 10 after midnight local time for me, time for sleep. Catch up later....:)
     
  11. Tecnico Italiano

    Tecnico Italiano Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    34
    Hi Kevin. On the third try ComboFix stopped at the same place. I left it there for about three hours, then shut down the computer. Today I have downloaded and run TDSSKiller as per your instructions, except that instead of the option "Cure (default)" there was "Copy file to quarantine." The default was "Skip". To be safe I selected "Copy file to quarantine", and the window that followed said, "Curing..." Should I run it again and choose "Skip" instead? The program found 17 threats, all of them files that lacked signatures, all of medium risk. Below is the log. Thanks!

    15:53:53.0953 0584 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    15:53:54.0515 0584 ============================================================
    15:53:54.0515 0584 Current date / time: 2013/01/26 15:53:54.0515
    15:53:54.0515 0584 SystemInfo:
    15:53:54.0515 0584
    15:53:54.0515 0584 OS Version: 5.1.2600 ServicePack: 3.0
    15:53:54.0515 0584 Product type: Workstation
    15:53:54.0515 0584 ComputerName: ACER-CD38DA1573
    15:53:54.0515 0584 UserName: Giuseppe
    15:53:54.0515 0584 Windows directory: C:\WINDOWS
    15:53:54.0515 0584 System windows directory: C:\WINDOWS
    15:53:54.0515 0584 Processor architecture: Intel x86
    15:53:54.0515 0584 Number of processors: 1
    15:53:54.0515 0584 Page size: 0x1000
    15:53:54.0515 0584 Boot type: Normal boot
    15:53:54.0515 0584 ============================================================
    15:54:00.0703 0584 BG loaded
    15:54:02.0843 0584 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    15:54:04.0453 0584 ============================================================
    15:54:04.0453 0584 \Device\Harddisk0\DR0:
    15:54:04.0484 0584 MBR partitions:
    15:54:04.0484 0584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x445C7AF
    15:54:04.0531 0584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x50ADDD3
    15:54:04.0531 0584 ============================================================
    15:54:04.0921 0584 C: <-> \Device\Harddisk0\DR0\Partition1
    15:54:06.0703 0584 D: <-> \Device\Harddisk0\DR0\Partition2
    15:54:06.0921 0584 ============================================================
    15:54:06.0921 0584 Initialize success
    15:54:06.0921 0584 ============================================================
    15:55:20.0140 2892 ============================================================
    15:55:20.0140 2892 Scan started
    15:55:20.0140 2892 Mode: Manual; SigCheck; TDLFS;
    15:55:20.0140 2892 ============================================================
    15:55:22.0500 2892 ================ Scan system memory ========================
    15:55:22.0500 2892 System memory - ok
    15:55:22.0500 2892 ================ Scan services =============================
    15:55:22.0640 2892 [ 2F0386C44AEEBDF02E477F0A932A9FD0 ] 6to4 C:\WINDOWS\System32\6to4svc.dll
    15:55:23.0796 2892 6to4 - ok
    15:55:23.0828 2892 Abiosdsk - ok
    15:55:23.0921 2892 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    15:55:25.0390 2892 abp480n5 - ok
    15:55:28.0687 2892 [ D766E636187B8F240BBFBABCD51EB2C6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    15:55:29.0171 2892 ACPI - ok
    15:55:32.0578 2892 [ 49AC5CD87FBDDA62F3E25190019E7627 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    15:55:33.0031 2892 ACPIEC - ok
    15:55:34.0546 2892 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    15:55:34.0703 2892 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
    15:55:34.0703 2892 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
    15:55:34.0906 2892 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    15:55:35.0015 2892 AdobeFlashPlayerUpdateSvc - ok
    15:55:35.0109 2892 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    15:55:35.0281 2892 adpu160m - ok
    15:55:35.0343 2892 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    15:55:35.0500 2892 aec - ok
    15:55:35.0640 2892 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
    15:55:35.0671 2892 AegisP ( UnsignedFile.Multi.Generic ) - warning
    15:55:35.0671 2892 AegisP - detected UnsignedFile.Multi.Generic (1)
    15:55:35.0765 2892 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    15:55:35.0875 2892 AFD - ok
    15:55:36.0015 2892 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    15:55:36.0171 2892 agp440 - ok
    15:55:36.0343 2892 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    15:55:36.0500 2892 agpCPQ - ok
    15:55:36.0562 2892 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    15:55:36.0671 2892 Aha154x - ok
    15:55:36.0781 2892 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    15:55:36.0968 2892 aic78u2 - ok
    15:55:37.0187 2892 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    15:55:37.0390 2892 aic78xx - ok
    15:55:37.0484 2892 [ 14A077AD0CF6116D1102631D8E1EDEE8 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    15:55:37.0640 2892 Alerter - ok
    15:55:37.0734 2892 [ 79FE2E0D7859738225816658F0BB2A0D ] ALG C:\WINDOWS\System32\alg.exe
    15:55:37.0890 2892 ALG - ok
    15:55:37.0953 2892 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    15:55:38.0125 2892 AliIde - ok
    15:55:38.0234 2892 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    15:55:38.0437 2892 alim1541 - ok
    15:55:38.0609 2892 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    15:55:38.0796 2892 amdagp - ok
    15:55:38.0843 2892 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    15:55:39.0031 2892 amsint - ok
    15:55:39.0203 2892 AppMgmt - ok
    15:55:39.0234 2892 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    15:55:39.0484 2892 asc - ok
    15:55:39.0640 2892 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    15:55:39.0750 2892 asc3350p - ok
    15:55:39.0796 2892 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    15:55:39.0984 2892 asc3550 - ok
    15:55:40.0375 2892 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    15:55:40.0421 2892 aspnet_state - ok
    15:55:40.0484 2892 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    15:55:40.0640 2892 AsyncMac - ok
    15:55:40.0734 2892 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    15:55:40.0937 2892 atapi - ok
    15:55:40.0953 2892 Atdisk - ok
    15:55:41.0093 2892 [ 91FA52A79C87D1CD141C59844506A02B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    15:55:41.0187 2892 Ati HotKey Poller - ok
    15:55:41.0359 2892 [ 956C7EC3A9DE96F785B829BEB41E3C3E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    15:55:41.0609 2892 ati2mtag - ok
    15:55:41.0718 2892 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    15:55:41.0875 2892 Atmarpc - ok
    15:55:42.0078 2892 [ 1B58D118049304E88464BE614C6D0014 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    15:55:42.0234 2892 AudioSrv - ok
    15:55:42.0312 2892 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    15:55:42.0515 2892 audstub - ok
    15:55:43.0437 2892 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Programmi\AVG\AVG2013\avgidsagent.exe
    15:55:43.0828 2892 AVGIDSAgent - ok
    15:55:43.0968 2892 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
    15:55:50.0515 2892 AVGIDSDriver - ok
    15:55:50.0578 2892 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
    15:55:50.0609 2892 AVGIDSHX - ok
    15:55:50.0656 2892 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
    15:55:50.0687 2892 AVGIDSShim - ok
    15:55:50.0734 2892 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    15:55:50.0765 2892 Avgldx86 - ok
    15:55:50.0812 2892 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
    15:55:50.0859 2892 Avglogx - ok
    15:55:50.0906 2892 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    15:55:50.0937 2892 Avgmfx86 - ok
    15:55:51.0000 2892 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    15:55:51.0031 2892 Avgrkx86 - ok
    15:55:51.0093 2892 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    15:55:51.0140 2892 Avgtdix - ok
    15:55:51.0234 2892 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Programmi\AVG\AVG2013\avgwdsvc.exe
    15:55:51.0250 2892 avgwd - ok
    15:55:51.0265 2892 AWService - ok
    15:55:51.0312 2892 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    15:55:51.0484 2892 Beep - ok
    15:55:51.0562 2892 [ 48C4763A9C8990FB48B73445BEB15D6A ] BITS C:\WINDOWS\system32\qmgr.dll
    15:55:51.0718 2892 BITS - ok
    15:55:51.0843 2892 [ 076D11B52F066ED33E3A80F8070A3E2E ] Browser C:\WINDOWS\System32\browser.dll
    15:55:51.0953 2892 Browser - ok
    15:55:52.0015 2892 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
    15:55:52.0062 2892 BrScnUsb - ok
    15:55:52.0203 2892 catchme - ok
    15:55:52.0234 2892 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    15:55:52.0406 2892 cbidf - ok
    15:55:52.0421 2892 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    15:55:52.0546 2892 cbidf2k - ok
    15:55:52.0671 2892 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    15:55:52.0812 2892 CCDECODE - ok
    15:55:52.0828 2892 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    15:55:52.0937 2892 cd20xrnt - ok
    15:55:52.0968 2892 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    15:55:53.0125 2892 Cdaudio - ok
    15:55:53.0187 2892 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    15:55:53.0328 2892 Cdfs - ok
    15:55:53.0375 2892 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    15:55:53.0515 2892 Cdrom - ok
    15:55:53.0531 2892 Changer - ok
    15:55:53.0593 2892 [ D04F2BEB5EA63D0766E12E44AEF7C38D ] CiSvc C:\WINDOWS\system32\cisvc.exe
    15:55:53.0750 2892 CiSvc - ok
    15:55:53.0875 2892 [ 48CB1DEFA1A6506C3CF09E4950F82EF6 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    15:55:54.0031 2892 ClipSrv - ok
    15:55:54.0156 2892 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:55:54.0187 2892 clr_optimization_v2.0.50727_32 - ok
    15:55:54.0234 2892 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    15:55:54.0375 2892 CmBatt - ok
    15:55:54.0406 2892 [ 03A71B880380D15A0F951612B0F52BE8 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    15:55:54.0546 2892 CmdIde - ok
    15:55:54.0609 2892 [ BDDE322DD3E6ABBC589C5DC8A948A661 ] cmusbser C:\WINDOWS\system32\DRIVERS\cmusbser.sys
    15:55:54.0671 2892 cmusbser - ok
    15:55:54.0765 2892 [ D5A33465209C6C07F4AEC31611F1AE5A ] Communication Modem Device Manager II C:\WINDOWS\system32\RegService.exe
    15:55:54.0781 2892 Communication Modem Device Manager II ( UnsignedFile.Multi.Generic ) - warning
    15:55:54.0781 2892 Communication Modem Device Manager II - detected UnsignedFile.Multi.Generic (1)
    15:55:54.0812 2892 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    15:55:54.0937 2892 Compbatt - ok
    15:55:55.0000 2892 COMSysApp - ok
    15:55:55.0046 2892 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    15:55:55.0218 2892 Cpqarray - ok
    15:55:55.0312 2892 [ B6FCBB157E9C8ABDCA4134C535535A8B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    15:55:55.0437 2892 CryptSvc - ok
    15:55:55.0515 2892 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    15:55:55.0687 2892 dac2w2k - ok
    15:55:55.0718 2892 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    15:55:55.0890 2892 dac960nt - ok
    15:55:56.0046 2892 [ BC4E0226341AAEC1222336B3AED86BAB ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    15:55:56.0171 2892 DcomLaunch - ok
    15:55:56.0281 2892 [ 699EE7F752A25180AEB92C3A0EAEE440 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    15:55:56.0421 2892 Dhcp - ok
    15:55:56.0531 2892 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    15:55:56.0734 2892 Disk - ok
    15:55:56.0828 2892 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
    15:55:56.0937 2892 DKbFltr - ok
    15:55:57.0000 2892 dmadmin - ok
    15:55:57.0156 2892 [ 82BC125A8ED33F5F0E75F2AAC1065323 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    15:55:57.0406 2892 dmboot - ok
    15:55:57.0453 2892 [ E959DDC0EA7AC11EE5E5602E2A364310 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    15:55:57.0609 2892 dmio - ok
    15:55:57.0671 2892 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    15:55:57.0843 2892 dmload - ok
    15:55:57.0968 2892 [ A01858C50704B2D2EDEEBBF6BBBCED2A ] dmserver C:\WINDOWS\System32\dmserver.dll
    15:55:58.0281 2892 dmserver - ok
    15:55:58.0390 2892 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    15:55:58.0546 2892 DMusic - ok
    15:55:58.0718 2892 [ B7A1162B1A26DF7B60D5D9500006096C ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    15:55:58.0859 2892 Dnscache - ok
    15:55:58.0968 2892 [ D580D77DFF316BD8C9D73B38695DE8DC ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    15:55:59.0125 2892 Dot3svc - ok
    15:55:59.0187 2892 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    15:55:59.0359 2892 dpti2o - ok
    15:55:59.0421 2892 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    15:55:59.0562 2892 drmkaud - ok
    15:55:59.0625 2892 [ 86B1F123BACD444E81960B339BAE3FF2 ] EapHost C:\WINDOWS\System32\eapsvc.dll
    15:55:59.0765 2892 EapHost - ok
    15:55:59.0812 2892 [ D68564FCFBDFC04280CDBBB37CF7EF7F ] EpmPsd C:\WINDOWS\system32\drivers\epm-psd.sys
    15:55:59.0843 2892 EpmPsd ( UnsignedFile.Multi.Generic ) - warning
    15:55:59.0843 2892 EpmPsd - detected UnsignedFile.Multi.Generic (1)
    15:55:59.0875 2892 [ 2D0C4A7077F6C68449479F5444C580A7 ] EpmShd C:\WINDOWS\system32\drivers\epm-shd.sys
    15:55:59.0906 2892 EpmShd ( UnsignedFile.Multi.Generic ) - warning
    15:55:59.0906 2892 EpmShd - detected UnsignedFile.Multi.Generic (1)
    15:56:00.0000 2892 [ B6599EDA9F3EBEF064504EE35BBECA1C ] ERSvc C:\WINDOWS\System32\ersvc.dll
    15:56:00.0125 2892 ERSvc - ok
    15:56:00.0203 2892 [ 26845F272435302E0F3322E660A24F7D ] Eventlog C:\WINDOWS\system32\services.exe
    15:56:00.0250 2892 Eventlog - ok
    15:56:00.0609 2892 [ 8360CB9756E598A5C6214EACFB3677C3 ] EventSystem C:\WINDOWS\system32\es.dll
    15:56:00.0671 2892 EventSystem - ok
    15:56:00.0828 2892 [ F8AF9BA55E23599FFF540E976194F546 ] EvtEng C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    15:56:00.0906 2892 EvtEng ( UnsignedFile.Multi.Generic ) - warning
    15:56:00.0906 2892 EvtEng - detected UnsignedFile.Multi.Generic (1)
    15:56:01.0015 2892 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    15:56:01.0203 2892 Fastfat - ok
    15:56:01.0359 2892 [ DCCC606FC144F6E44E497F9A906F1C30 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    15:56:01.0406 2892 FastUserSwitchingCompatibility - ok
    15:56:01.0640 2892 [ F8FB4ADE197638AF6F0AF0DF0D199742 ] Fax C:\WINDOWS\system32\fxssvc.exe
    15:56:01.0781 2892 Fax - ok
    15:56:01.0875 2892 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    15:56:02.0078 2892 Fdc - ok
    15:56:02.0140 2892 [ 2CFEA3326981A18C6BAF2BD9BE76225B ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    15:56:02.0296 2892 Fips - ok
    15:56:02.0343 2892 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    15:56:02.0500 2892 Flpydisk - ok
    15:56:02.0640 2892 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    15:56:02.0828 2892 FltMgr - ok
    15:56:03.0328 2892 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    15:56:03.0468 2892 FontCache3.0.0.0 - ok
    15:56:03.0531 2892 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    15:56:03.0703 2892 Fs_Rec - ok
    15:56:04.0234 2892 [ F3269A6EE547EA87B949A1CEA4816B38 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    15:56:04.0515 2892 Ftdisk - ok
    15:56:04.0656 2892 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    15:56:04.0828 2892 Gpc - ok
    15:56:05.0687 2892 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programmi\Google\Update\GoogleUpdate.exe
    15:56:05.0718 2892 gupdate - ok
    15:56:05.0734 2892 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programmi\Google\Update\GoogleUpdate.exe
    15:56:05.0750 2892 gupdatem - ok
    15:56:06.0328 2892 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    15:56:06.0468 2892 HDAudBus - ok
    15:56:06.0578 2892 [ 6CE66B51B4EB23D9D073F92698C55C8D ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    15:56:06.0718 2892 helpsvc - ok
    15:56:06.0765 2892 [ 43D985A9A51E0295091B6EBE84C96B78 ] HidServ C:\WINDOWS\System32\hidserv.dll
    15:56:06.0890 2892 HidServ - ok
    15:56:06.0921 2892 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    15:56:07.0078 2892 HidUsb - ok
    15:56:07.0281 2892 [ 00CAD842F48947887A972828ACA665F7 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    15:56:07.0484 2892 hkmsvc - ok
    15:56:07.0531 2892 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    15:56:07.0687 2892 hpn - ok
    15:56:07.0750 2892 [ A902A7E76C245210EEE9EF5185158E9C ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    15:56:07.0828 2892 HSFHWAZL - ok
    15:56:07.0968 2892 [ C9F4E7DA78A02623ABF78A4A34CE79B1 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    15:56:08.0078 2892 HSF_DPV - ok
    15:56:08.0140 2892 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    15:56:08.0203 2892 HTTP - ok
    15:56:08.0281 2892 [ 450091AEBFCD08E5858533EAB5B9A436 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    15:56:08.0421 2892 HTTPFilter - ok
    15:56:08.0453 2892 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    15:56:08.0609 2892 i2omgmt - ok
    15:56:08.0625 2892 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    15:56:08.0765 2892 i2omp - ok
    15:56:08.0796 2892 [ 610726E28AF55B95043C5C35A727E320 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    15:56:08.0937 2892 i8042prt - ok
    15:56:09.0062 2892 [ 240D0F5D7CAAFD87BD8D801A97BBE041 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    15:56:09.0218 2892 ialm - ok
    15:56:09.0453 2892 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:56:09.0828 2892 idsvc - ok
    15:56:09.0937 2892 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    15:56:10.0093 2892 Imapi - ok
    15:56:10.0234 2892 [ DB491237445F172FDDDF00541DE1A51D ] ImapiService C:\WINDOWS\system32\imapi.exe
    15:56:10.0375 2892 ImapiService - ok
    15:56:10.0421 2892 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    15:56:10.0578 2892 ini910u - ok
    15:56:10.0875 2892 [ 4078D4795E394BF2ADBED6FCC9827F78 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    15:56:11.0218 2892 IntcAzAudAddService - ok
    15:56:11.0390 2892 [ 027FE9B28FB0F861C181D25923B31E78 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    15:56:11.0531 2892 IntelIde - ok
    15:56:11.0593 2892 [ EBD830A0970C438047006A49C23E287F ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    15:56:11.0718 2892 intelppm - ok
    15:56:11.0781 2892 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    15:56:11.0921 2892 Ip6Fw - ok
    15:56:11.0953 2892 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    15:56:12.0109 2892 IpFilterDriver - ok
    15:56:12.0156 2892 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    15:56:12.0281 2892 IpInIp - ok
    15:56:12.0328 2892 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    15:56:12.0468 2892 IpNat - ok
    15:56:12.0515 2892 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    15:56:12.0656 2892 IPSec - ok
    15:56:12.0703 2892 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    15:56:12.0828 2892 IRENUM - ok
    15:56:12.0906 2892 [ 0953594BEB81CC72FCC62D37921B25A6 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    15:56:13.0046 2892 isapnp - ok
    15:56:13.0171 2892 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programmi\Java\jre6\bin\jqs.exe
    15:56:13.0187 2892 JavaQuickStarterService - ok
    15:56:13.0250 2892 [ 28B6EACE513CA7EABA3B809AD4BC274D ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    15:56:13.0406 2892 Kbdclass - ok
    15:56:13.0468 2892 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    15:56:13.0593 2892 kmixer - ok
    15:56:13.0671 2892 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    15:56:13.0750 2892 KSecDD - ok
    15:56:13.0796 2892 [ 0F726D49C0B19E5A506A1CDFCE0EE42F ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    15:56:13.0859 2892 lanmanserver - ok
    15:56:13.0968 2892 [ E13B0181DDA60B93E3253EFF52A79CBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    15:56:14.0031 2892 lanmanworkstation - ok
    15:56:14.0046 2892 lbrtfdc - ok
    15:56:14.0109 2892 [ E01255727D0B158538D7C2B469B533A8 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    15:56:14.0250 2892 LmHosts - ok
    15:56:14.0296 2892 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    15:56:14.0328 2892 MBAMProtector - ok
    15:56:14.0437 2892 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
    15:56:14.0468 2892 MBAMScheduler - ok
    15:56:14.0546 2892 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
    15:56:14.0593 2892 MBAMService - ok
    15:56:14.0734 2892 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
    15:56:14.0812 2892 MDM ( UnsignedFile.Multi.Generic ) - warning
    15:56:14.0812 2892 MDM - detected UnsignedFile.Multi.Generic (1)
    15:56:14.0875 2892 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    15:56:14.0921 2892 mdmxsdk - ok
    15:56:14.0984 2892 [ 3B32F662C8607E891F325E41F7EE225C ] Messenger C:\WINDOWS\System32\msgsvc.dll
    15:56:15.0125 2892 Messenger - ok
    15:56:15.0234 2892 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe
    15:56:15.0281 2892 Microsoft Office Groove Audit Service - ok
    15:56:15.0312 2892 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    15:56:15.0484 2892 mnmdd - ok
    15:56:15.0546 2892 [ 514A299EC926BAADA3C718B171476AA4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    15:56:15.0734 2892 mnmsrvc - ok
    15:56:15.0765 2892 [ 8CB6636806D76B85FAFAEE94D75F5129 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    15:56:15.0906 2892 Modem - ok
    15:56:15.0953 2892 [ E904EBED608055A2BFB824C07F59766C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    15:56:16.0093 2892 Mouclass - ok
    15:56:16.0140 2892 [ D7662F0CF5B77BBBE3202716F5BD5318 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    15:56:16.0312 2892 mouhid - ok
    15:56:16.0375 2892 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    15:56:16.0515 2892 MountMgr - ok
    15:56:16.0578 2892 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    15:56:16.0734 2892 mraid35x - ok
    15:56:16.0796 2892 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    15:56:16.0937 2892 MRxDAV - ok
    15:56:17.0015 2892 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    15:56:17.0156 2892 MRxSmb - ok
    15:56:17.0218 2892 [ 01F77E9E473235C31796ADE46107B0AD ] MSDTC C:\WINDOWS\system32\msdtc.exe
    15:56:17.0359 2892 MSDTC - ok
    15:56:17.0406 2892 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    15:56:17.0531 2892 Msfs - ok
    15:56:17.0609 2892 MSIServer - ok
    15:56:17.0671 2892 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    15:56:17.0828 2892 MSKSSRV - ok
    15:56:17.0875 2892 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    15:56:18.0046 2892 MSPCLOCK - ok
    15:56:18.0093 2892 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    15:56:18.0234 2892 MSPQM - ok
    15:56:18.0265 2892 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    15:56:18.0390 2892 mssmbios - ok
    15:56:18.0421 2892 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    15:56:18.0562 2892 MSTEE - ok
    15:56:18.0625 2892 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    15:56:18.0703 2892 Mup - ok
    15:56:18.0750 2892 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    15:56:18.0890 2892 NABTSFEC - ok
    15:56:19.0015 2892 [ 911587FD303C9690A428BB4B04732B61 ] napagent C:\WINDOWS\System32\qagentrt.dll
    15:56:19.0156 2892 napagent - ok
    15:56:19.0203 2892 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    15:56:19.0390 2892 NDIS - ok
    15:56:19.0437 2892 [ 1F76996253071CBAE0A5AB5D8551EF88 ] NdisFilt C:\WINDOWS\system32\Drivers\NdisFilt.sys
    15:56:19.0484 2892 NdisFilt ( UnsignedFile.Multi.Generic ) - warning
    15:56:19.0484 2892 NdisFilt - detected UnsignedFile.Multi.Generic (1)
    15:56:19.0546 2892 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    15:56:19.0671 2892 NdisIP - ok
    15:56:19.0718 2892 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    15:56:19.0796 2892 NdisTapi - ok
    15:56:19.0843 2892 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    15:56:19.0968 2892 Ndisuio - ok
    15:56:20.0015 2892 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    15:56:20.0156 2892 NdisWan - ok
    15:56:20.0203 2892 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    15:56:20.0250 2892 NDProxy - ok
    15:56:20.0296 2892 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    15:56:20.0453 2892 NetBIOS - ok
    15:56:20.0515 2892 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    15:56:20.0671 2892 NetBT - ok
    15:56:20.0734 2892 [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDE C:\WINDOWS\system32\netdde.exe
    15:56:20.0890 2892 NetDDE - ok
    15:56:20.0906 2892 [ 1B09227E41F414A93DBC0BAF80C4D527 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    15:56:21.0031 2892 NetDDEdsdm - ok
    15:56:21.0125 2892 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] Netlogon C:\WINDOWS\system32\lsass.exe
    15:56:21.0265 2892 Netlogon - ok
    15:56:21.0343 2892 [ 02815B70FC4CA8611A926176F1C39FC2 ] Netman C:\WINDOWS\System32\netman.dll
    15:56:21.0484 2892 Netman - ok
    15:56:21.0515 2892 [ 6A25F27202F3122A44A6B74EE46E7A76 ] NETMNT C:\WINDOWS\system32\DRIVERS\NETMNT.sys
    15:56:21.0546 2892 NETMNT ( UnsignedFile.Multi.Generic ) - warning
    15:56:21.0546 2892 NETMNT - detected UnsignedFile.Multi.Generic (1)
    15:56:21.0640 2892 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:56:21.0953 2892 NetTcpPortSharing - ok
    15:56:22.0046 2892 [ C6B69A18D39744725FB73AC85E46032B ] Nla C:\WINDOWS\System32\mswsock.dll
    15:56:22.0093 2892 Nla - ok
    15:56:22.0140 2892 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
    15:56:22.0281 2892 nm - ok
    15:56:22.0359 2892 NMIndexingService - ok
    15:56:22.0421 2892 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    15:56:22.0562 2892 Npfs - ok
    15:56:22.0640 2892 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    15:56:22.0812 2892 Ntfs - ok
    15:56:22.0921 2892 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    15:56:22.0968 2892 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
    15:56:22.0968 2892 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
    15:56:23.0000 2892 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    15:56:23.0125 2892 NtLmSsp - ok
    15:56:23.0265 2892 [ 89DB90B5F35D2795D9FC56D933CC72B8 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    15:56:23.0437 2892 NtmsSvc - ok
    15:56:23.0468 2892 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    15:56:23.0625 2892 Null - ok
    15:56:23.0687 2892 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    15:56:23.0828 2892 NwlnkFlt - ok
    15:56:23.0859 2892 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    15:56:24.0046 2892 NwlnkFwd - ok
    15:56:24.0109 2892 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    15:56:24.0265 2892 NwlnkIpx - ok
    15:56:24.0281 2892 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    15:56:24.0468 2892 NwlnkNb - ok
    15:56:24.0515 2892 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    15:56:24.0640 2892 NwlnkSpx - ok
    15:56:24.0765 2892 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE
    15:56:24.0875 2892 odserv - ok
    15:56:24.0921 2892 [ 26C4A4B64D1DD8E6FDFB2F4897BE029C ] OsaFsLoc C:\WINDOWS\system32\drivers\OsaFsLoc.sys
    15:56:24.0953 2892 OsaFsLoc ( UnsignedFile.Multi.Generic ) - warning
    15:56:24.0953 2892 OsaFsLoc - detected UnsignedFile.Multi.Generic (1)
    15:56:25.0015 2892 [ 9D1177C2A8DE936B33D85FF75E8CBF1A ] osaio C:\WINDOWS\system32\drivers\osaio.sys
    15:56:25.0046 2892 osaio ( UnsignedFile.Multi.Generic ) - warning
    15:56:25.0046 2892 osaio - detected UnsignedFile.Multi.Generic (1)
    15:56:25.0078 2892 [ 3245BEE5176697FAF0744A2E1288DC77 ] osanbm C:\WINDOWS\system32\drivers\osanbm.sys
    15:56:25.0093 2892 osanbm ( UnsignedFile.Multi.Generic ) - warning
    15:56:25.0093 2892 osanbm - detected UnsignedFile.Multi.Generic (1)
    15:56:25.0156 2892 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
    15:56:25.0218 2892 ose - ok
    15:56:25.0281 2892 [ 4E9408A178B2D955871C2CDD278DE3C3 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    15:56:25.0421 2892 Parport - ok
    15:56:25.0484 2892 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    15:56:25.0609 2892 PartMgr - ok
    15:56:25.0671 2892 [ 0DABEF655A444CB1E193626FB1D24B9F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    15:56:25.0843 2892 ParVdm - ok
    15:56:25.0859 2892 PCASp50 - ok
    15:56:25.0906 2892 [ F40A46892AFEBB0314536B849D57C11E ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    15:56:26.0062 2892 PCI - ok
    15:56:26.0078 2892 PCIDump - ok
    15:56:26.0109 2892 [ B2DF00D650FD6C4EE781740ED3C8E67F ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    15:56:26.0265 2892 PCIIde - ok
    15:56:26.0328 2892 [ 815C50F2B1D1562800BDCE8BE895000E ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    15:56:26.0453 2892 Pcmcia - ok
    15:56:26.0484 2892 PDCOMP - ok
    15:56:26.0500 2892 PDFRAME - ok
    15:56:26.0515 2892 PDRELI - ok
    15:56:26.0531 2892 PDRFRAME - ok
    15:56:26.0562 2892 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    15:56:26.0703 2892 perc2 - ok
    15:56:26.0734 2892 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    15:56:26.0875 2892 perc2hib - ok
    15:56:26.0953 2892 [ 26845F272435302E0F3322E660A24F7D ] PlugPlay C:\WINDOWS\system32\services.exe
    15:56:27.0000 2892 PlugPlay - ok
    15:56:27.0140 2892 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    15:56:27.0250 2892 PolicyAgent - ok
    15:56:27.0312 2892 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    15:56:27.0453 2892 PptpMiniport - ok
    15:56:27.0484 2892 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    15:56:29.0046 2892 ProtectedStorage - ok
    15:56:29.0109 2892 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    15:56:29.0265 2892 PSched - ok
    15:56:29.0312 2892 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    15:56:29.0468 2892 Ptilink - ok
    15:56:29.0500 2892 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    15:56:29.0671 2892 ql1080 - ok
    15:56:29.0718 2892 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    15:56:29.0890 2892 Ql10wnt - ok
    15:56:29.0921 2892 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    15:56:30.0062 2892 ql12160 - ok
    15:56:30.0093 2892 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    15:56:30.0265 2892 ql1240 - ok
    15:56:30.0312 2892 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    15:56:30.0484 2892 ql1280 - ok
    15:56:30.0515 2892 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    15:56:30.0656 2892 RasAcd - ok
    15:56:30.0718 2892 [ 9839B418343D6E6E52659BDF3FF1FE67 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    15:56:30.0875 2892 RasAuto - ok
    15:56:30.0937 2892 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    15:56:31.0078 2892 Rasl2tp - ok
    15:56:31.0171 2892 [ 62AD41548E720DB4763B86F95E44F3FA ] RasMan C:\WINDOWS\System32\rasmans.dll
    15:56:31.0296 2892 RasMan - ok
    15:56:31.0343 2892 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    15:56:31.0484 2892 RasPppoe - ok
    15:56:31.0515 2892 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    15:56:31.0671 2892 Raspti - ok
    15:56:31.0718 2892 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    15:56:31.0875 2892 Rdbss - ok
    15:56:31.0906 2892 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    15:56:32.0062 2892 RDPCDD - ok
    15:56:32.0125 2892 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    15:56:32.0312 2892 rdpdr - ok
    15:56:32.0390 2892 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    15:56:32.0468 2892 RDPWD - ok
    15:56:32.0546 2892 [ CC72E6AE90245F0AE48BF1236A7E1F9C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    15:56:32.0703 2892 RDSessMgr - ok
    15:56:32.0750 2892 [ 393FC252593323B624B230ECA6B85E63 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    15:56:32.0890 2892 redbook - ok
    15:56:33.0015 2892 [ 68A4629A901CFB5B6628AF55AE0D0808 ] RegSrvc C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    15:56:33.0031 2892 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
    15:56:33.0031 2892 RegSrvc - detected UnsignedFile.Multi.Generic (1)
    15:56:33.0156 2892 [ 7EBBF16FBD3E0E34F084FA635C1844E3 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    15:56:33.0296 2892 RemoteAccess - ok
    15:56:33.0328 2892 rpcapd - ok
    15:56:33.0406 2892 [ DC97F6C8A94691834439872B9E8FF2B3 ] RpcLocator C:\WINDOWS\system32\locator.exe
    15:56:33.0531 2892 RpcLocator - ok
    15:56:33.0625 2892 [ BC4E0226341AAEC1222336B3AED86BAB ] RpcSs C:\WINDOWS\system32\rpcss.dll
    15:56:33.0718 2892 RpcSs - ok
    15:56:33.0781 2892 [ DCE0D20F8FB66DF41D53734BFF9D66F0 ] RSVP C:\WINDOWS\system32\rsvp.exe
    15:56:33.0953 2892 RSVP - ok
    15:56:33.0984 2892 [ 7889E3981E0A5D347E037ABD467D53A5 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    15:56:34.0281 2892 RTL8023xp - ok
    15:56:34.0359 2892 [ 44833553A6FBDAC1554F290F10018BA4 ] S24EventMonitor C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    15:56:34.0421 2892 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
    15:56:34.0421 2892 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
    15:56:34.0468 2892 [ 662C9F09076A2E1224C8833DEF1F5CB0 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
    15:56:34.0515 2892 s24trans ( UnsignedFile.Multi.Generic ) - warning
    15:56:34.0515 2892 s24trans - detected UnsignedFile.Multi.Generic (1)
    15:56:34.0593 2892 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] SamSs C:\WINDOWS\system32\lsass.exe
    15:56:34.0718 2892 SamSs - ok
    15:56:34.0781 2892 [ 1D456F1CD76A80793C07BA52CF3A7455 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    15:56:34.0921 2892 SCardSvr - ok
    15:56:35.0000 2892 [ 511886E5BD060046CCE8373E92E62EDF ] Schedule C:\WINDOWS\system32\schedsvc.dll
    15:56:35.0140 2892 Schedule - ok
    15:56:35.0187 2892 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    15:56:35.0328 2892 Secdrv - ok
    15:56:35.0421 2892 [ 17C6354CA08E7C7972E12C67478AE134 ] seclogon C:\WINDOWS\System32\seclogon.dll
    15:56:35.0562 2892 seclogon - ok
    15:56:35.0640 2892 [ A0ECA1CE0FCCB29C5E4E1F416E95E73E ] SENS C:\WINDOWS\system32\sens.dll
    15:56:35.0781 2892 SENS - ok
    15:56:35.0843 2892 [ FDBD9D64E2E03270021D424F0DCCF79D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    15:56:36.0000 2892 Serial - ok
    15:56:36.0125 2892 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    15:56:36.0218 2892 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
    15:56:36.0218 2892 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
    15:56:36.0281 2892 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    15:56:36.0421 2892 Sfloppy - ok
    15:56:36.0531 2892 [ 152C0555925DFE028E3148FD215146BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    15:56:36.0687 2892 SharedAccess - ok
    15:56:36.0765 2892 [ DCCC606FC144F6E44E497F9A906F1C30 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    15:56:36.0812 2892 ShellHWDetection - ok
    15:56:36.0828 2892 Simbad - ok
    15:56:36.0937 2892 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    15:56:37.0093 2892 sisagp - ok
    15:56:37.0156 2892 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    15:56:37.0312 2892 SLIP - ok
    15:56:37.0359 2892 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    15:56:37.0453 2892 Sparrow - ok
    15:56:37.0500 2892 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    15:56:37.0625 2892 splitter - ok
    15:56:37.0671 2892 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    15:56:37.0734 2892 Spooler - ok
    15:56:37.0781 2892 [ 618718CAE288BF7CBD8FCBAB2577D932 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    15:56:38.0000 2892 sr - ok
    15:56:38.0078 2892 [ B3E3DA70A7A76E69B872DE3D06D32C19 ] srservice C:\WINDOWS\system32\srsvc.dll
    15:56:38.0218 2892 srservice - ok
    15:56:38.0281 2892 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    15:56:38.0343 2892 Srv - ok
    15:56:38.0406 2892 [ 5215569DD3A8FBC65A85E85F3C12258B ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    15:56:38.0546 2892 SSDPSRV - ok
    15:56:38.0640 2892 [ 3B9263E137896E4D303494F116E00608 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    15:56:38.0796 2892 stisvc - ok
    15:56:38.0843 2892 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    15:56:39.0000 2892 streamip - ok
    15:56:39.0031 2892 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    15:56:39.0187 2892 swenum - ok
    15:56:39.0234 2892 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    15:56:39.0359 2892 swmidi - ok
    15:56:39.0453 2892 SwPrv - ok
    15:56:39.0500 2892 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    15:56:39.0671 2892 symc810 - ok
    15:56:39.0718 2892 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    15:56:39.0859 2892 symc8xx - ok
    15:56:39.0906 2892 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    15:56:40.0078 2892 sym_hi - ok
    15:56:40.0125 2892 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    15:56:40.0265 2892 sym_u3 - ok
    15:56:40.0328 2892 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    15:56:40.0453 2892 sysaudio - ok
    15:56:40.0531 2892 [ A34A9A872EEC4C026FD542AC7156FE0B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    15:56:40.0687 2892 SysmonLog - ok
    15:56:40.0765 2892 [ 6B85F1A9DCE45D45BFFAD3222C21F297 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    15:56:40.0890 2892 TapiSrv - ok
    15:56:40.0984 2892 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    15:56:41.0046 2892 Tcpip - ok
    15:56:41.0093 2892 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    15:56:41.0171 2892 Tcpip6 - ok
    15:56:41.0218 2892 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    15:56:41.0375 2892 TDPIPE - ok
    15:56:41.0406 2892 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    15:56:41.0562 2892 TDTCP - ok
    15:56:41.0609 2892 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    15:56:41.0750 2892 TermDD - ok
    15:56:41.0921 2892 [ FE5A5329CCFC33D645C33077FF04F052 ] TermService C:\WINDOWS\System32\termsrv.dll
    15:56:42.0046 2892 TermService - ok
    15:56:42.0125 2892 [ DCCC606FC144F6E44E497F9A906F1C30 ] Themes C:\WINDOWS\System32\shsvcs.dll
    15:56:42.0156 2892 Themes - ok
    15:56:42.0218 2892 [ B5CEE774DA04340C6F4C0FD14286A50E ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    15:56:42.0390 2892 TosIde - ok
    15:56:42.0453 2892 [ 690294999DF1248FAF85D95B31955D0C ] TrkWks C:\WINDOWS\system32\trkwks.dll
    15:56:42.0593 2892 TrkWks - ok
    15:56:42.0625 2892 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
    15:56:42.0750 2892 tunmp - ok
    15:56:42.0828 2892 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    15:56:42.0968 2892 Udfs - ok
    15:56:43.0031 2892 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    15:56:43.0125 2892 ultra - ok
    15:56:43.0203 2892 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    15:56:43.0406 2892 Update - ok
    15:56:43.0484 2892 [ 8057B0744D9842A090E51D2845861D5F ] upnphost C:\WINDOWS\System32\upnphost.dll
    15:56:43.0828 2892 upnphost - ok
    15:56:43.0937 2892 [ F5E8B846EC10E1DF8DCA64119E2EB709 ] UPS C:\WINDOWS\System32\ups.exe
    15:56:44.0062 2892 UPS - ok
    15:56:44.0125 2892 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    15:56:44.0281 2892 usbaudio - ok
    15:56:44.0312 2892 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    15:56:44.0468 2892 usbccgp - ok
    15:56:44.0500 2892 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    15:56:44.0671 2892 usbehci - ok
    15:56:44.0718 2892 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    15:56:44.0859 2892 usbhub - ok
    15:56:44.0906 2892 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    15:56:45.0062 2892 usbprint - ok
    15:56:45.0109 2892 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    15:56:45.0265 2892 usbscan - ok
    15:56:45.0328 2892 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
    15:56:45.0468 2892 usbser - ok
    15:56:45.0531 2892 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    15:56:45.0640 2892 USBSTOR - ok
    15:56:45.0671 2892 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    15:56:45.0828 2892 usbuhci - ok
    15:56:45.0937 2892 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    15:56:46.0093 2892 usbvideo - ok
    15:56:46.0125 2892 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    15:56:46.0281 2892 VgaSave - ok
    15:56:46.0312 2892 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    15:56:46.0468 2892 viaagp - ok
    15:56:46.0515 2892 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    15:56:46.0671 2892 ViaIde - ok
    15:56:46.0734 2892 [ 58B38D0D3944F9EA5E451E7AC94170F3 ] vodafone_K3805-z_cdc_acm C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys
    15:56:46.0843 2892 vodafone_K3805-z_cdc_acm - ok
    15:56:46.0906 2892 [ AF066B09E09DC27FCFDC9E0AFE804945 ] vodafone_K3805-z_cdc_ecm C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys
    15:56:46.0968 2892 vodafone_K3805-z_cdc_ecm - ok
    15:56:46.0984 2892 [ EE5C3866842670440216D0724D348A72 ] vodafone_K3805-z_cpo C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_cpo.sys
    15:56:47.0046 2892 vodafone_K3805-z_cpo - ok
    15:56:47.0109 2892 [ 381BA57C1EE2AB1BAFCB4A6035CC305F ] vodafone_K3805-z_dc_enum C:\WINDOWS\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
    15:56:47.0156 2892 vodafone_K3805-z_dc_enum - ok
    15:56:47.0218 2892 [ E46C1B5A56DA7DA603D09DFCC79EC59E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    15:56:47.0375 2892 VolSnap - ok
    15:56:47.0468 2892 [ C2FE17125256102F5B44194D5DB0A799 ] VSS C:\WINDOWS\System32\vssvc.exe
    15:56:47.0625 2892 VSS - ok
    15:56:47.0890 2892 [ 9EE38FFCB4CBE5BEE6C305700DDC4725 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
    15:56:48.0140 2892 w29n51 - ok
    15:56:48.0265 2892 [ 2969DD84B584A6BB541A5273103957A3 ] W32Time C:\WINDOWS\system32\w32time.dll
    15:56:48.0390 2892 W32Time - ok
    15:56:48.0468 2892 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    15:56:48.0625 2892 Wanarp - ok
    15:56:48.0703 2892 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    15:56:48.0781 2892 Wdf01000 - ok
    15:56:48.0796 2892 WDICA - ok
    15:56:48.0828 2892 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    15:56:48.0968 2892 wdmaud - ok
    15:56:49.0093 2892 [ 2EC50EE79B65F60C8E8B4A03BBB3A42F ] WebClient C:\WINDOWS\System32\webclnt.dll
    15:56:49.0234 2892 WebClient - ok
    15:56:49.0328 2892 [ C1D5CBD8AA0D674DA1BA1BB189696396 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    15:56:49.0468 2892 winachsf - ok
    15:56:49.0562 2892 [ 40911E98D0F1CBB1015F2101982F1DDF ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    15:56:49.0703 2892 winmgmt - ok
    15:56:49.0765 2892 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    15:56:49.0843 2892 WmdmPmSN - ok
    15:56:49.0921 2892 [ 81FD02839FDB10ACF0EC40B809B9F8CC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    15:56:50.0062 2892 WmiApSrv - ok
    15:56:50.0171 2892 [ F30DC8F80CF65A323E8B6A2DB81561E3 ] WMPNetworkSvc C:\Programmi\Windows Media Player\WMPNetwk.exe
    15:56:50.0312 2892 WMPNetworkSvc - ok
    15:56:50.0390 2892 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    15:56:50.0453 2892 WpdUsb - ok
    15:56:50.0484 2892 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    15:56:50.0656 2892 WS2IFSL - ok
    15:56:50.0750 2892 [ 926D921C93CFF1E19EF4DE3E4C8368CA ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    15:56:50.0875 2892 wscsvc - ok
    15:56:50.0937 2892 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    15:56:51.0078 2892 WSTCODEC - ok
    15:56:51.0156 2892 [ CC48415E6C7CBAA441A3D6A6DCCBCFA6 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    15:56:51.0296 2892 wuauserv - ok
    15:56:51.0375 2892 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    15:56:51.0421 2892 WudfPf - ok
    15:56:51.0484 2892 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    15:56:51.0531 2892 WudfRd - ok
    15:56:51.0609 2892 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    15:56:51.0640 2892 WudfSvc - ok
    15:56:51.0750 2892 [ 053E0307A08CAC60793E27E921B46B3E ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    15:56:51.0906 2892 WZCSVC - ok
    15:56:52.0015 2892 [ 5526482DCBA6047641B13BF9C75A74E0 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    15:56:52.0187 2892 xmlprov - ok
    15:56:52.0218 2892 ================ Scan global ===============================
    15:56:52.0390 2892 [ 17DDFE6A0B5404C5EF4C03AD996D0562 ] C:\WINDOWS\system32\basesrv.dll
    15:56:52.0531 2892 [ 7B39F8912DF2C266411F7248EC250AE6 ] C:\WINDOWS\system32\winsrv.dll
    15:56:52.0656 2892 [ 7B39F8912DF2C266411F7248EC250AE6 ] C:\WINDOWS\system32\winsrv.dll
    15:56:52.0718 2892 [ 26845F272435302E0F3322E660A24F7D ] C:\WINDOWS\system32\services.exe
    15:56:52.0718 2892 [Global] - ok
    15:56:52.0718 2892 ================ Scan MBR ==================================
    15:56:52.0765 2892 [ 828E02D5C4A4FBE53441EE9DBEE51F43 ] \Device\Harddisk0\DR0
    15:56:53.0140 2892 \Device\Harddisk0\DR0 - ok
    15:56:53.0140 2892 ================ Scan VBR ==================================
    15:56:53.0187 2892 [ 8A416147407C95EB1A2044AD641E6056 ] \Device\Harddisk0\DR0\Partition1
    15:56:53.0203 2892 \Device\Harddisk0\DR0\Partition1 - ok
    15:56:53.0234 2892 [ 8B18B9A2DF8AEA00210488244D81078A ] \Device\Harddisk0\DR0\Partition2
    15:56:53.0234 2892 \Device\Harddisk0\DR0\Partition2 - ok
    15:56:53.0234 2892 ================ Scan active images ========================
    15:56:53.0234 2892 [ 8F861EDA21C05857EB8197300A92501C ] C:\WINDOWS\System32\DRIVERS\TUNMP.SYS
    15:56:53.0234 2892 C:\WINDOWS\System32\DRIVERS\TUNMP.SYS - ok
    15:56:53.0250 2892 [ EBD830A0970C438047006A49C23E287F ] C:\WINDOWS\System32\DRIVERS\INTELPPM.SYS
    15:56:53.0250 2892 C:\WINDOWS\System32\DRIVERS\INTELPPM.SYS - ok
    15:56:53.0250 2892 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
    15:56:53.0250 2892 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS - ok
    15:56:53.0265 2892 [ 240D0F5D7CAAFD87BD8D801A97BBE041 ] C:\WINDOWS\System32\DRIVERS\IALMNT5.SYS
    15:56:53.0265 2892 C:\WINDOWS\System32\DRIVERS\IALMNT5.SYS - ok
    15:56:53.0265 2892 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\System32\DRIVERS\Hdaudbus.sys
    15:56:53.0265 2892 C:\WINDOWS\System32\DRIVERS\Hdaudbus.sys - ok
    15:56:53.0265 2892 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
    15:56:53.0265 2892 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS - ok
    15:56:53.0281 2892 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\System32\DRIVERS\USBUHCI.SYS
    15:56:53.0281 2892 C:\WINDOWS\System32\DRIVERS\USBUHCI.SYS - ok
    15:56:53.0281 2892 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\System32\DRIVERS\USBEHCI.SYS
    15:56:53.0281 2892 C:\WINDOWS\System32\DRIVERS\USBEHCI.SYS - ok
    15:56:53.0296 2892 [ 9EE38FFCB4CBE5BEE6C305700DDC4725 ] C:\WINDOWS\System32\DRIVERS\W29N51.SYS
    15:56:53.0296 2892 C:\WINDOWS\System32\DRIVERS\W29N51.SYS - ok
    15:56:53.0296 2892 [ 7889E3981E0A5D347E037ABD467D53A5 ] C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys
    15:56:53.0296 2892 C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys - ok
    15:56:53.0312 2892 [ 610726E28AF55B95043C5C35A727E320 ] C:\WINDOWS\System32\DRIVERS\I8042PRT.SYS
    15:56:53.0312 2892 C:\WINDOWS\System32\DRIVERS\I8042PRT.SYS - ok
    15:56:53.0312 2892 [ 08D30AF92C270F2E76787C81589DBAD6 ] C:\WINDOWS\System32\DRIVERS\DKbFltr.SYS
    15:56:53.0312 2892 C:\WINDOWS\System32\DRIVERS\DKbFltr.SYS - ok
    15:56:53.0328 2892 [ 28B6EACE513CA7EABA3B809AD4BC274D ] C:\WINDOWS\System32\DRIVERS\KBDCLASS.SYS
    15:56:53.0328 2892 C:\WINDOWS\System32\DRIVERS\KBDCLASS.SYS - ok
    15:56:53.0328 2892 [ E904EBED608055A2BFB824C07F59766C ] C:\WINDOWS\System32\DRIVERS\MOUCLASS.SYS
    15:56:53.0328 2892 C:\WINDOWS\System32\DRIVERS\MOUCLASS.SYS - ok
    15:56:53.0343 2892 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\System32\DRIVERS\IMAPI.SYS
    15:56:53.0343 2892 C:\WINDOWS\System32\DRIVERS\IMAPI.SYS - ok
    15:56:53.0343 2892 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\System32\DRIVERS\CDROM.SYS
    15:56:53.0343 2892 C:\WINDOWS\System32\DRIVERS\CDROM.SYS - ok
    15:56:53.0359 2892 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\System32\DRIVERS\KS.SYS
    15:56:53.0359 2892 C:\WINDOWS\System32\DRIVERS\KS.SYS - ok
    15:56:53.0359 2892 [ 393FC252593323B624B230ECA6B85E63 ] C:\WINDOWS\System32\DRIVERS\REDBOOK.SYS
    15:56:53.0359 2892 C:\WINDOWS\System32\DRIVERS\REDBOOK.SYS - ok
    15:56:53.0359 2892 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
    15:56:53.0359 2892 C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys - ok
    15:56:53.0375 2892 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\System32\DRIVERS\AUDSTUB.SYS
    15:56:53.0375 2892 C:\WINDOWS\System32\DRIVERS\AUDSTUB.SYS - ok
    15:56:53.0375 2892 [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\System32\DRIVERS\CmBatt.sys
    15:56:53.0375 2892 C:\WINDOWS\System32\DRIVERS\CmBatt.sys - ok
    15:56:53.0390 2892 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\System32\DRIVERS\RASL2TP.SYS
    15:56:53.0390 2892 C:\WINDOWS\System32\DRIVERS\RASL2TP.SYS - ok
    15:56:53.0390 2892 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\System32\DRIVERS\NDISTAPI.SYS
    15:56:53.0390 2892 C:\WINDOWS\System32\DRIVERS\NDISTAPI.SYS - ok
    15:56:53.0406 2892 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\System32\DRIVERS\NDISWAN.SYS
    15:56:53.0406 2892 C:\WINDOWS\System32\DRIVERS\NDISWAN.SYS - ok
    15:56:53.0406 2892 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\System32\DRIVERS\RASPPPOE.SYS
    15:56:53.0406 2892 C:\WINDOWS\System32\DRIVERS\RASPPPOE.SYS - ok
    15:56:53.0421 2892 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\System32\DRIVERS\TDI.SYS
    15:56:53.0421 2892 C:\WINDOWS\System32\DRIVERS\TDI.SYS - ok
    15:56:53.0421 2892 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\System32\DRIVERS\RASPPTP.SYS
    15:56:53.0421 2892 C:\WINDOWS\System32\DRIVERS\RASPPTP.SYS - ok
    15:56:53.0421 2892 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\System32\DRIVERS\PSCHED.SYS
    15:56:53.0421 2892 C:\WINDOWS\System32\DRIVERS\PSCHED.SYS - ok
    15:56:53.0437 2892 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\System32\DRIVERS\MSGPC.SYS
    15:56:53.0437 2892 C:\WINDOWS\System32\DRIVERS\MSGPC.SYS - ok
    15:56:53.0437 2892 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\System32\DRIVERS\PTILINK.SYS
    15:56:53.0437 2892 C:\WINDOWS\System32\DRIVERS\PTILINK.SYS - ok
    15:56:53.0453 2892 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\System32\DRIVERS\RASPTI.SYS
    15:56:53.0453 2892 C:\WINDOWS\System32\DRIVERS\RASPTI.SYS - ok
    15:56:53.0453 2892 [ 88155247177638048422893737429D9E ] C:\WINDOWS\System32\DRIVERS\TERMDD.SYS
    15:56:53.0453 2892 C:\WINDOWS\System32\DRIVERS\TERMDD.SYS - ok
    15:56:53.0468 2892 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\System32\DRIVERS\SWENUM.SYS
    15:56:53.0468 2892 C:\WINDOWS\System32\DRIVERS\SWENUM.SYS - ok
    15:56:53.0468 2892 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\System32\DRIVERS\UPDATE.SYS
    15:56:53.0468 2892 C:\WINDOWS\System32\DRIVERS\UPDATE.SYS - ok
    15:56:53.0484 2892 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\System32\DRIVERS\MSSMBIOS.SYS
    15:56:53.0484 2892 C:\WINDOWS\System32\DRIVERS\MSSMBIOS.SYS - ok
    15:56:53.0484 2892 [ 381BA57C1EE2AB1BAFCB4A6035CC305F ] C:\WINDOWS\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys
    15:56:53.0484 2892 C:\WINDOWS\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys - ok
    15:56:53.0500 2892 [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\System32\DRIVERS\WDFLDR.SYS
    15:56:53.0500 2892 C:\WINDOWS\System32\DRIVERS\WDFLDR.SYS - ok
    15:56:53.0500 2892 [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\System32\DRIVERS\WDF01000.SYS
    15:56:53.0500 2892 C:\WINDOWS\System32\DRIVERS\WDF01000.SYS - ok
    15:56:53.0500 2892 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\System32\DRIVERS\NDPROXY.SYS
    15:56:53.0500 2892 C:\WINDOWS\System32\DRIVERS\NDPROXY.SYS - ok
    15:56:53.0515 2892 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\System32\DRIVERS\DRMK.SYS
    15:56:53.0515 2892 C:\WINDOWS\System32\DRIVERS\DRMK.SYS - ok
    15:56:53.0515 2892 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\System32\DRIVERS\PORTCLS.SYS
    15:56:53.0515 2892 C:\WINDOWS\System32\DRIVERS\PORTCLS.SYS - ok
    15:56:53.0531 2892 [ 4078D4795E394BF2ADBED6FCC9827F78 ] C:\WINDOWS\System32\DRIVERS\RtkHDAud.Sys
    15:56:53.0531 2892 C:\WINDOWS\System32\DRIVERS\RtkHDAud.Sys - ok
    15:56:53.0531 2892 [ A902A7E76C245210EEE9EF5185158E9C ] C:\WINDOWS\System32\DRIVERS\HSFHWAZL.SYS
    15:56:53.0531 2892 C:\WINDOWS\System32\DRIVERS\HSFHWAZL.SYS - ok
    15:56:53.0546 2892 [ C9F4E7DA78A02623ABF78A4A34CE79B1 ] C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS
    15:56:53.0546 2892 C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS - ok
    15:56:53.0546 2892 [ C1D5CBD8AA0D674DA1BA1BB189696396 ] C:\WINDOWS\System32\DRIVERS\HSF_CNXT.SYS
    15:56:53.0546 2892 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.SYS - ok
    15:56:53.0562 2892 [ 8CB6636806D76B85FAFAEE94D75F5129 ] C:\WINDOWS\System32\DRIVERS\MODEM.SYS
    15:56:53.0562 2892 C:\WINDOWS\System32\DRIVERS\MODEM.SYS - ok
    15:56:53.0562 2892 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\System32\DRIVERS\USBD.SYS
    15:56:53.0562 2892 C:\WINDOWS\System32\DRIVERS\USBD.SYS - ok
    15:56:53.0578 2892 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\System32\DRIVERS\USBHUB.SYS
    15:56:53.0578 2892 C:\WINDOWS\System32\DRIVERS\USBHUB.SYS - ok
    15:56:53.0578 2892 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\System32\DRIVERS\FDC.SYS
    15:56:53.0578 2892 C:\WINDOWS\System32\DRIVERS\FDC.SYS - ok
    15:56:53.0578 2892 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\System32\DRIVERS\FLPYDISK.SYS
    15:56:53.0593 2892 C:\WINDOWS\System32\DRIVERS\FLPYDISK.SYS - ok
    15:56:53.0593 2892 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\System32\DRIVERS\SFLOPPY.SYS
    15:56:53.0593 2892 C:\WINDOWS\System32\DRIVERS\SFLOPPY.SYS - ok
    15:56:53.0609 2892 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\System32\DRIVERS\CDAUDIO.SYS
    15:56:53.0609 2892 C:\WINDOWS\System32\DRIVERS\CDAUDIO.SYS - ok
    15:56:53.0609 2892 [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\System32\DRIVERS\I2OMGMT.SYS
    15:56:53.0609 2892 C:\WINDOWS\System32\DRIVERS\I2OMGMT.SYS - ok
    15:56:53.0609 2892 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\System32\DRIVERS\BEEP.SYS
    15:56:53.0609 2892 C:\WINDOWS\System32\DRIVERS\BEEP.SYS - ok
    15:56:53.0625 2892 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\System32\DRIVERS\FS_REC.SYS
    15:56:53.0625 2892 C:\WINDOWS\System32\DRIVERS\FS_REC.SYS - ok
    15:56:53.0625 2892 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\System32\DRIVERS\MNMDD.SYS
    15:56:53.0625 2892 C:\WINDOWS\System32\DRIVERS\MNMDD.SYS - ok
    15:56:53.0640 2892 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\System32\DRIVERS\NULL.SYS
    15:56:53.0640 2892 C:\WINDOWS\System32\DRIVERS\NULL.SYS - ok
    15:56:53.0640 2892 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\System32\DRIVERS\VGA.SYS
    15:56:53.0640 2892 C:\WINDOWS\System32\DRIVERS\VGA.SYS - ok
    15:56:53.0656 2892 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\System32\DRIVERS\MSFS.SYS
    15:56:53.0656 2892 C:\WINDOWS\System32\DRIVERS\MSFS.SYS - ok
    15:56:53.0656 2892 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\System32\DRIVERS\RDPCDD.SYS
    15:56:53.0656 2892 C:\WINDOWS\System32\DRIVERS\RDPCDD.SYS - ok
    15:56:53.0671 2892 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\System32\DRIVERS\NPFS.SYS
    15:56:53.0671 2892 C:\WINDOWS\System32\DRIVERS\NPFS.SYS - ok
    15:56:53.0671 2892 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\System32\DRIVERS\IPSEC.SYS
    15:56:53.0671 2892 C:\WINDOWS\System32\DRIVERS\IPSEC.SYS - ok
    15:56:53.0671 2892 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\System32\DRIVERS\RASACD.SYS
    15:56:53.0671 2892 C:\WINDOWS\System32\DRIVERS\RASACD.SYS - ok
    15:56:53.0687 2892 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\System32\DRIVERS\TCPIP.SYS
    15:56:53.0687 2892 C:\WINDOWS\System32\DRIVERS\TCPIP.SYS - ok
    15:56:53.0687 2892 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] C:\WINDOWS\System32\DRIVERS\TCPIP6.SYS
    15:56:53.0687 2892 C:\WINDOWS\System32\DRIVERS\TCPIP6.SYS - ok
    15:56:53.0703 2892 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\System32\DRIVERS\IPNAT.SYS
    15:56:53.0703 2892 C:\WINDOWS\System32\DRIVERS\IPNAT.SYS - ok
    15:56:53.0703 2892 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\System32\DRIVERS\WANARP.SYS
    15:56:53.0703 2892 C:\WINDOWS\System32\DRIVERS\WANARP.SYS - ok
    15:56:53.0718 2892 [ BA73B38E9033FC6018DB736B635706AE ] C:\WINDOWS\System32\DRIVERS\AVGTDIX.SYS
    15:56:53.0718 2892 C:\WINDOWS\System32\DRIVERS\AVGTDIX.SYS - ok
    15:56:53.0718 2892 [ 3BB22519A194418D5FEC05D800A19AD0 ] C:\WINDOWS\System32\DRIVERS\IP6FW.SYS
    15:56:53.0718 2892 C:\WINDOWS\System32\DRIVERS\IP6FW.SYS - ok
    15:56:53.0734 2892 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\System32\DRIVERS\NETBT.SYS
    15:56:53.0734 2892 C:\WINDOWS\System32\DRIVERS\NETBT.SYS - ok
    15:56:53.0734 2892 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\System32\DRIVERS\AFD.SYS
    15:56:53.0734 2892 C:\WINDOWS\System32\DRIVERS\AFD.SYS - ok
    15:56:53.0734 2892 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\System32\DRIVERS\ws2ifsl.sys
    15:56:53.0734 2892 C:\WINDOWS\System32\DRIVERS\ws2ifsl.sys - ok
    15:56:53.0750 2892 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\System32\DRIVERS\NETBIOS.SYS
    15:56:53.0750 2892 C:\WINDOWS\System32\DRIVERS\NETBIOS.SYS - ok
    15:56:53.0765 2892 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\System32\DRIVERS\RDBSS.SYS
    15:56:53.0765 2892 C:\WINDOWS\System32\DRIVERS\RDBSS.SYS - ok
    15:56:53.0781 2892 [ 26C4A4B64D1DD8E6FDFB2F4897BE029C ] C:\WINDOWS\System32\DRIVERS\OsaFsLoc.sys
    15:56:53.0781 2892 C:\WINDOWS\System32\DRIVERS\OsaFsLoc.sys - ok
    15:56:53.0781 2892 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\System32\DRIVERS\MRXSMB.SYS
    15:56:53.0781 2892 C:\WINDOWS\System32\DRIVERS\MRXSMB.SYS - ok
    15:56:53.0796 2892 [ 2CFEA3326981A18C6BAF2BD9BE76225B ] C:\WINDOWS\System32\DRIVERS\FIPS.SYS
    15:56:53.0796 2892 C:\WINDOWS\System32\DRIVERS\FIPS.SYS - ok
    15:56:53.0796 2892 [ D53D35031365A0ECCB1DC1BC1B15B18E ] C:\WINDOWS\System32\DRIVERS\AVGLDX86.SYS
    15:56:53.0796 2892 C:\WINDOWS\System32\DRIVERS\AVGLDX86.SYS - ok
    15:56:53.0796 2892 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
    15:56:53.0796 2892 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS - ok
    15:56:53.0812 2892 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
    15:56:53.0812 2892 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS - ok
    15:56:53.0828 2892 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\System32\DRIVERS\HIDUSB.SYS
    15:56:53.0828 2892 C:\WINDOWS\System32\DRIVERS\HIDUSB.SYS - ok
    15:56:53.0828 2892 [ D7662F0CF5B77BBBE3202716F5BD5318 ] C:\WINDOWS\System32\DRIVERS\MOUHID.SYS
    15:56:53.0828 2892 C:\WINDOWS\System32\DRIVERS\MOUHID.SYS - ok
    15:56:53.0843 2892 [ 7BB2C605094DBCA536D127B434214862 ] C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys
    15:56:53.0843 2892 C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys - ok
    15:56:53.0843 2892 [ A8DE230CC8536790CA07D37FBCD87A74 ] C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys
    15:56:53.0843 2892 C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys - ok
    15:56:53.0859 2892 [ 47AA35C22DEF2B265449B7CCDF4251AE ] C:\WINDOWS\System32\SMSS.EXE
    15:56:53.0859 2892 C:\WINDOWS\System32\SMSS.EXE - ok
    15:56:53.0875 2892 [ 78F29E510389B06BF7417E82E3BB54FF ] C:\WINDOWS\System32\ntdll.dll
    15:56:53.0875 2892 C:\WINDOWS\System32\ntdll.dll - ok
    15:56:53.0875 2892 [ 0B1A3EEBFC02F6868334086D3820B53A ] C:\WINDOWS\System32\AUTOCHK.EXE
    15:56:53.0875 2892 C:\WINDOWS\System32\AUTOCHK.EXE - ok
    15:56:53.0890 2892 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] C:\WINDOWS\System32\DRIVERS\NTFS.SYS
    15:56:53.0890 2892 C:\WINDOWS\System32\DRIVERS\NTFS.SYS - ok
    15:56:53.0890 2892 [ 544D486301588C8199187C9AB5778B4B ] C:\Programmi\AVG\AVG2013\AVGRSX.EXE
    15:56:53.0890 2892 C:\Programmi\AVG\AVG2013\AVGRSX.EXE - ok
    15:56:53.0906 2892 [ 484987420BC8DED2CB26C6F4EC9BA7F2 ] C:\Programmi\AVG\AVG2013\AVGSYSX.DLL
    15:56:53.0906 2892 C:\Programmi\AVG\AVG2013\AVGSYSX.DLL - ok
    15:56:53.0906 2892 [ 42836D10270B1940F9A2FF77AE679537 ] C:\Programmi\AVG\AVG2013\avgntopensslx.dll
    15:56:53.0906 2892 C:\Programmi\AVG\AVG2013\avgntopensslx.dll - ok
    15:56:53.0921 2892 [ 1C2E1FC9F8ED794CC191E92F27D1391C ] C:\Programmi\AVG\AVG2013\AVGLOGX.DLL
    15:56:53.0921 2892 C:\Programmi\AVG\AVG2013\AVGLOGX.DLL - ok
    15:56:53.0921 2892 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\System32\DRIVERS\CDFS.SYS
    15:56:53.0921 2892 C:\WINDOWS\System32\DRIVERS\CDFS.SYS - ok
    15:56:53.0921 2892 [ 0E297F71CBFAA611F830407D1054DC70 ] C:\Programmi\AVG\AVG2013\AVGCHJWX.DLL
    15:56:53.0921 2892 C:\Programmi\AVG\AVG2013\AVGCHJWX.DLL - ok
    15:56:53.0937 2892 [ CCF775179F42797A3EE8BA5678543621 ] C:\Programmi\AVG\AVG2013\AVGCCLIX.DLL
    15:56:53.0937 2892 C:\Programmi\AVG\AVG2013\AVGCCLIX.DLL - ok
    15:56:53.0937 2892 [ 76FFA2433FEB42E78FB5421A50C8FBE3 ] C:\Programmi\AVG\AVG2013\AVGCLITX.DLL
    15:56:53.0937 2892 C:\Programmi\AVG\AVG2013\AVGCLITX.DLL - ok
    15:56:53.0953 2892 [ 99997FA9056ACB38AA388BDA134CEF6E ] C:\Programmi\AVG\AVG2013\AVGCSRVX.EXE
    15:56:53.0953 2892 C:\Programmi\AVG\AVG2013\AVGCSRVX.EXE - ok
    15:56:53.0953 2892 [ 43B6BD4F2702A4704DCB02172E7B6C30 ] C:\Programmi\AVG\AVG2013\AVGCOREX.DLL
    15:56:53.0953 2892 C:\Programmi\AVG\AVG2013\AVGCOREX.DLL - ok
    15:56:53.0968 2892 [ 95EFDCB44DD093EDAD447F1D21C8A3F7 ] C:\Programmi\AVG\AVG2013\AVGCERTX.DLL
    15:56:53.0968 2892 C:\Programmi\AVG\AVG2013\AVGCERTX.DLL - ok
    15:56:53.0968 2892 [ 6F19639188F792BBB234B2A3FCB0C8C9 ] C:\Programmi\AVG\AVG2013\AVGCHCLX.DLL
    15:56:53.0968 2892 C:\Programmi\AVG\AVG2013\AVGCHCLX.DLL - ok
    15:56:53.0984 2892 [ A6251155B7017D4B4A77A3531A8DA6D8 ] C:\Programmi\AVG\AVG2013\AVGCOMMX.DLL
    15:56:53.0984 2892 C:\Programmi\AVG\AVG2013\AVGCOMMX.DLL - ok
    15:56:53.0984 2892 [ F820B93E4ABCCABD698A175FD5FC83FE ] C:\Programmi\AVG\AVG2013\avgntsqlitex.dll
    15:56:53.0984 2892 C:\Programmi\AVG\AVG2013\avgntsqlitex.dll - ok
    15:56:53.0984 2892 [ CE7DB8EE1C9BD8A40F84529DDC28B0D8 ] C:\WINDOWS\System32\SFCFILES.DLL
    15:56:53.0984 2892 C:\WINDOWS\System32\SFCFILES.DLL - ok
    15:56:54.0000 2892 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
    15:56:54.0000 2892 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS - ok
    15:56:54.0000 2892 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\System32\DRIVERS\ATAPI.SYS
    15:56:54.0000 2892 C:\WINDOWS\System32\DRIVERS\ATAPI.SYS - ok
    15:56:54.0015 2892 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\System32\DRIVERS\DXAPI.SYS
    15:56:54.0015 2892 C:\WINDOWS\System32\DRIVERS\DXAPI.SYS - ok
    15:56:54.0015 2892 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\System32\WATCHDOG.SYS
    15:56:54.0015 2892 C:\WINDOWS\System32\WATCHDOG.SYS - ok
    15:56:54.0031 2892 [ 1FD26813BEBCBACB7AB0D7F828EAFED0 ] C:\WINDOWS\System32\WIN32K.SYS
    15:56:54.0031 2892 C:\WINDOWS\System32\WIN32K.SYS - ok
    15:56:54.0031 2892 [ 7378D0AB67B54396CA0FB623A5AAAC94 ] C:\WINDOWS\System32\CSRSS.EXE
    15:56:54.0031 2892 C:\WINDOWS\System32\CSRSS.EXE - ok
    15:56:54.0046 2892 [ F5737EF97EA2516AC5CB736472B976E6 ] C:\WINDOWS\System32\CSRSRV.DLL
    15:56:54.0046 2892 C:\WINDOWS\System32\CSRSRV.DLL - ok
    15:56:54.0046 2892 [ 17DDFE6A0B5404C5EF4C03AD996D0562 ] C:\WINDOWS\System32\BASESRV.DLL
    15:56:54.0046 2892 C:\WINDOWS\System32\BASESRV.DLL - ok
    15:56:54.0046 2892 [ 7B39F8912DF2C266411F7248EC250AE6 ] C:\WINDOWS\System32\WINSRV.DLL
    15:56:54.0046 2892 C:\WINDOWS\System32\WINSRV.DLL - ok
    15:56:54.0062 2892 [ 3D925C52548584DF79C080DBBB9717B5 ] C:\WINDOWS\System32\GDI32.DLL
    15:56:54.0062 2892 C:\WINDOWS\System32\GDI32.DLL - ok
    15:56:54.0062 2892 [ 8F1CCE239AECE0D7FF4A240B709DA118 ] C:\WINDOWS\System32\KERNEL32.DLL
    15:56:54.0062 2892 C:\WINDOWS\System32\KERNEL32.DLL - ok
    15:56:54.0078 2892 [ FA94696C0727BD59E517C674CD6E7C72 ] C:\WINDOWS\System32\USER32.DLL
    15:56:54.0078 2892 C:\WINDOWS\System32\USER32.DLL - ok
    15:56:54.0078 2892 [ 1E63346FDDB693C8D5D574A49C877A2C ] C:\WINDOWS\System32\LPK.DLL
    15:56:54.0078 2892 C:\WINDOWS\System32\LPK.DLL - ok
    15:56:54.0093 2892 [ 9B9E11304DF13254CF177F95F7A33D9B ] C:\WINDOWS\System32\USP10.DLL
    15:56:54.0093 2892 C:\WINDOWS\System32\USP10.DLL - ok
    15:56:54.0093 2892 [ F63CB6DBE268EA0620C67A90CF43885E ] C:\WINDOWS\System32\ADVAPI32.DLL
    15:56:54.0093 2892 C:\WINDOWS\System32\ADVAPI32.DLL - ok
    15:56:54.0109 2892 [ D83526F6FBCCB14F256D9AEFD1D2D1DB ] C:\WINDOWS\System32\RPCRT4.DLL
    15:56:54.0109 2892 C:\WINDOWS\System32\RPCRT4.DLL - ok
    15:56:54.0109 2892 [ 3156B7E5BB6C64250A04A23B57836322 ] C:\WINDOWS\System32\SECUR32.DLL
    15:56:54.0109 2892 C:\WINDOWS\System32\SECUR32.DLL - ok
    15:56:54.0109 2892 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\System32\DRIVERS\DXG.SYS
    15:56:54.0109 2892 C:\WINDOWS\System32\DRIVERS\DXG.SYS - ok
    15:56:54.0125 2892 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\System32\DRIVERS\DXGTHK.SYS
    15:56:54.0125 2892 C:\WINDOWS\System32\DRIVERS\DXGTHK.SYS - ok
    15:56:54.0125 2892 [ 9E57AF3D019BA7C1523B663C8FA7733D ] C:\WINDOWS\System32\IALMRNT5.DLL
    15:56:54.0125 2892 C:\WINDOWS\System32\IALMRNT5.DLL - ok
    15:56:54.0140 2892 [ CC29CF5BA4F3AD6BED8E424866810223 ] C:\WINDOWS\System32\IALMDNT5.DLL
    15:56:54.0140 2892 C:\WINDOWS\System32\IALMDNT5.DLL - ok
    15:56:54.0140 2892 [ 935345054429294524738EF4C2A3806D ] C:\WINDOWS\System32\VGA.DLL
    15:56:54.0140 2892 C:\WINDOWS\System32\VGA.DLL - ok
    15:56:54.0156 2892 [ F0683C310687E88FB4D1B814BDFB82A3 ] C:\WINDOWS\System32\IALMDEV5.DLL
    15:56:54.0156 2892 C:\WINDOWS\System32\IALMDEV5.DLL - ok
    15:56:54.0156 2892 [ 85091A542F424FCC77027C7CBC5FA87E ] C:\WINDOWS\System32\IALMDD5.DLL
    15:56:54.0156 2892 C:\WINDOWS\System32\IALMDD5.DLL - ok
    15:56:54.0156 2892 [ 9259170D29B5A256735FCB8B80280857 ] C:\WINDOWS\System32\WINLOGON.EXE
    15:56:54.0156 2892 C:\WINDOWS\System32\WINLOGON.EXE - ok
    15:56:54.0171 2892 [ 477226A3D95FEA7DD20D3AA0C69F3C00 ] C:\WINDOWS\System32\AUTHZ.DLL
    15:56:54.0171 2892 C:\WINDOWS\System32\AUTHZ.DLL - ok
    15:56:54.0171 2892 [ A6C5A59628C1E6A5E7238DDB942F4DDD ] C:\WINDOWS\System32\MSVCRT.DLL
    15:56:54.0171 2892 C:\WINDOWS\System32\MSVCRT.DLL - ok
    15:56:54.0187 2892 [ 781D19FFC551A3D9FEEAC91C77AAE9F8 ] C:\WINDOWS\System32\CRYPT32.DLL
    15:56:54.0187 2892 C:\WINDOWS\System32\CRYPT32.DLL - ok
    15:56:54.0187 2892 [ 7AA0E7D88D71E92D692C2D1565DCBF07 ] C:\WINDOWS\System32\MSASN1.DLL
    15:56:54.0187 2892 C:\WINDOWS\System32\MSASN1.DLL - ok
    15:56:54.0203 2892 [ 84D2060E3AC05F8F057F6AE4C3FCF1B9 ] C:\WINDOWS\System32\NDDEAPI.DLL
    15:56:54.0203 2892 C:\WINDOWS\System32\NDDEAPI.DLL - ok
    15:56:54.0203 2892 [ 3C24A924CF47E3D49C636FCC5FB9EF7A ] C:\WINDOWS\System32\PROFMAP.DLL
    15:56:54.0203 2892 C:\WINDOWS\System32\PROFMAP.DLL - ok
    15:56:54.0218 2892 [ 00A0D6896E203861A49E0B64A2518BEE ] C:\WINDOWS\System32\NETAPI32.DLL
    15:56:54.0218 2892 C:\WINDOWS\System32\NETAPI32.DLL - ok
    15:56:54.0218 2892 [ 135E88124CFE32C52999FF38297FD77D ] C:\WINDOWS\System32\USERENV.DLL
    15:56:54.0218 2892 C:\WINDOWS\System32\USERENV.DLL - ok
    15:56:54.0234 2892 [ E1C59AD809E2F713911002CC935C1387 ] C:\WINDOWS\System32\PSAPI.DLL
    15:56:54.0234 2892 C:\WINDOWS\System32\PSAPI.DLL - ok
    15:56:54.0234 2892 [ DB7A2BFEA03351B3B1ABD18CED51686D ] C:\WINDOWS\System32\REGAPI.DLL
    15:56:54.0234 2892 C:\WINDOWS\System32\REGAPI.DLL - ok
    15:56:54.0234 2892 [ 747F63CC54701F6D6EEBFC9BE6A2185A ] C:\WINDOWS\System32\SETUPAPI.DLL
    15:56:54.0234 2892 C:\WINDOWS\System32\SETUPAPI.DLL - ok
    15:56:54.0250 2892 [ DF664CCE822387D0CB6A35787B6DF6CD ] C:\WINDOWS\System32\VERSION.DLL
    15:56:54.0250 2892 C:\WINDOWS\System32\VERSION.DLL - ok
    15:56:54.0250 2892 [ C67292CE35C59D2FCAE3996EB6DE6CF0 ] C:\WINDOWS\System32\WINSTA.DLL
    15:56:54.0250 2892 C:\WINDOWS\System32\WINSTA.DLL - ok
    15:56:54.0265 2892 [ E6325328002404E743B94C6FCFB75586 ] C:\WINDOWS\System32\WINTRUST.DLL
    15:56:54.0265 2892 C:\WINDOWS\System32\WINTRUST.DLL - ok
    15:56:54.0265 2892 [ 5728855D7C805E5AF40A2F7604940435 ] C:\WINDOWS\System32\IMAGEHLP.DLL
    15:56:54.0265 2892 C:\WINDOWS\System32\IMAGEHLP.DLL - ok
    15:56:54.0281 2892 [ D34F635FF28F2AABEDC95BFEB891864C ] C:\WINDOWS\System32\WS2_32.DLL
    15:56:54.0281 2892 C:\WINDOWS\System32\WS2_32.DLL - ok
    15:56:54.0281 2892 [ D041DBDB9192A8B6EA7C6EA379F11255 ] C:\WINDOWS\System32\WS2HELP.DLL
    15:56:54.0281 2892 C:\WINDOWS\System32\WS2HELP.DLL - ok
    15:56:54.0281 2892 [ 3F970150C170A38FCE423994341205B4 ] C:\WINDOWS\System32\IMM32.DLL
    15:56:54.0296 2892 C:\WINDOWS\System32\IMM32.DLL - ok
    15:56:54.0296 2892 [ 1C62DA8649D73B0DAE915740FE8CF712 ] C:\WINDOWS\System32\KBDIT.DLL
    15:56:54.0296 2892 C:\WINDOWS\System32\KBDIT.DLL - ok
    15:56:54.0296 2892 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\System32\KBDUS.DLL
    15:56:54.0296 2892 C:\WINDOWS\System32\KBDUS.DLL - ok
    15:56:54.0312 2892 [ 7D74F6545EDB2A928309966E30CCEC8C ] C:\WINDOWS\System32\MSGINA.DLL
    15:56:54.0312 2892 C:\WINDOWS\System32\MSGINA.DLL - ok
    15:56:54.0312 2892 [ 5DC6E15B3989AF66D09F39786FD7154E ] C:\WINDOWS\System32\COMCTL32.DLL
    15:56:54.0312 2892 C:\WINDOWS\System32\COMCTL32.DLL - ok
    15:56:54.0328 2892 [ F8998D6AC1C6940E4182D541AB8EF706 ] C:\WINDOWS\System32\ODBC32.DLL
    15:56:54.0328 2892 C:\WINDOWS\System32\ODBC32.DLL - ok
    15:56:54.0328 2892 [ 67C419CAA22F0F63C84CB162512D6ED1 ] C:\WINDOWS\System32\COMDLG32.DLL
    15:56:54.0328 2892 C:\WINDOWS\System32\COMDLG32.DLL - ok
    15:56:54.0343 2892 [ 480F826B18E4B6F2E96C6FA7C5FBCF35 ] C:\WINDOWS\System32\SHELL32.DLL
    15:56:54.0343 2892 C:\WINDOWS\System32\SHELL32.DLL - ok
    15:56:54.0343 2892 [ 31370A1353D2D248A8122CA8FB570B12 ] C:\WINDOWS\System32\SHLWAPI.DLL
    15:56:54.0343 2892 C:\WINDOWS\System32\SHLWAPI.DLL - ok
    15:56:54.0359 2892 [ F549732DE586F0B6054BBE22B3617230 ] C:\WINDOWS\System32\SXS.DLL
    15:56:54.0359 2892 C:\WINDOWS\System32\SXS.DLL - ok
    15:56:54.0359 2892 [ B01635393A2B490FE49B7F97A9E41071 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.DLL
    15:56:54.0359 2892 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.DLL - ok
    15:56:54.0375 2892 [ DE336BE9C1D5A3D1A5CCEFF735482A04 ] C:\WINDOWS\System32\ODBCINT.DLL
    15:56:54.0375 2892 C:\WINDOWS\System32\ODBCINT.DLL - ok
    15:56:54.0375 2892 [ DCCC606FC144F6E44E497F9A906F1C30 ] C:\WINDOWS\System32\SHSVCS.DLL
    15:56:54.0375 2892 C:\WINDOWS\System32\SHSVCS.DLL - ok
    15:56:54.0375 2892 [ DA19147BEED619CAB738FE191BA0CD7C ] C:\WINDOWS\System32\SFC.DLL
    15:56:54.0375 2892 C:\WINDOWS\System32\SFC.DLL - ok
    15:56:54.0390 2892 [ A37FB9F9BE51C6ED2C4F2891DBAB5ED2 ] C:\WINDOWS\System32\SFC_OS.DLL
    15:56:54.0390 2892 C:\WINDOWS\System32\SFC_OS.DLL - ok
    15:56:54.0390 2892 [ 084F6A2BCD2B5D4E461EA61760F625F7 ] C:\WINDOWS\System32\OLE32.DLL
    15:56:54.0390 2892 C:\WINDOWS\System32\OLE32.DLL - ok
    15:56:54.0406 2892 [ E6CA4FCD18167E2B43D61AAAE96C2FBD ] C:\WINDOWS\System32\APPHELP.DLL
    15:56:54.0406 2892 C:\WINDOWS\System32\APPHELP.DLL - ok
    15:56:54.0406 2892 [ 26845F272435302E0F3322E660A24F7D ] C:\WINDOWS\System32\SERVICES.EXE
    15:56:54.0406 2892 C:\WINDOWS\System32\SERVICES.EXE - ok
    15:56:54.0421 2892 [ 0FBA335727905DE8E4CB5A2CF438ABF5 ] C:\WINDOWS\System32\LSASS.EXE
    15:56:54.0421 2892 C:\WINDOWS\System32\LSASS.EXE - ok
    15:56:54.0421 2892 [ 071B459EDFD4FB36461527B98F435D97 ] C:\WINDOWS\System32\LSASRV.DLL
    15:56:54.0421 2892 C:\WINDOWS\System32\LSASRV.DLL - ok
    15:56:54.0421 2892 [ 99B65150899F28575A166C310E5C10E4 ] C:\WINDOWS\System32\NCOBJAPI.DLL
    15:56:54.0421 2892 C:\WINDOWS\System32\NCOBJAPI.DLL - ok
    15:56:54.0437 2892 [ 820615FADC412AEB81A9F23ED96B2617 ] C:\WINDOWS\System32\MSVCP60.DLL
    15:56:54.0437 2892 C:\WINDOWS\System32\MSVCP60.DLL - ok
    15:56:54.0437 2892 [ 5597C7750D657F76DAF36D022CEACA8E ] C:\WINDOWS\System32\SCESRV.DLL
    15:56:54.0437 2892 C:\WINDOWS\System32\SCESRV.DLL - ok
    15:56:54.0453 2892 [ B4B9617E7BA722C746C4B6C981306BC3 ] C:\WINDOWS\System32\UMPNPMGR.DLL
    15:56:54.0453 2892 C:\WINDOWS\System32\UMPNPMGR.DLL - ok
    15:56:54.0453 2892 [ 78C9F6321798340A9F0F71079620004A ] C:\WINDOWS\System32\MPR.DLL
    15:56:54.0453 2892 C:\WINDOWS\System32\MPR.DLL - ok
    15:56:54.0468 2892 [ 5FAC26325AC44C1946866947A064BF88 ] C:\WINDOWS\System32\NTDSAPI.DLL
    15:56:54.0468 2892 C:\WINDOWS\System32\NTDSAPI.DLL - ok
    15:56:54.0468 2892 [ 19AF7166BF48C5C1B241F0FA5FEFA993 ] C:\WINDOWS\System32\SHIMENG.DLL
    15:56:54.0468 2892 C:\WINDOWS\System32\SHIMENG.DLL - ok
    15:56:54.0484 2892 [ EC06BC70432C1312D307AD91686D3AAC ] C:\WINDOWS\AppPatch\ACADPROC.DLL
    15:56:54.0484 2892 C:\WINDOWS\AppPatch\ACADPROC.DLL - ok
    15:56:54.0484 2892 [ 277188B1584CDDF25ED3D211C5C3A611 ] C:\WINDOWS\System32\DNSAPI.DLL
    15:56:54.0484 2892 C:\WINDOWS\System32\DNSAPI.DLL - ok
    15:56:54.0484 2892 [ 0516EDA669A8C3AE4710DB2E61A0757C ] C:\WINDOWS\System32\WLDAP32.DLL
    15:56:54.0484 2892 C:\WINDOWS\System32\WLDAP32.DLL - ok
    15:56:54.0500 2892 [ 09AC1F584E9F85D3B7D4103C04881E43 ] C:\WINDOWS\System32\SAMLIB.DLL
    15:56:54.0500 2892 C:\WINDOWS\System32\SAMLIB.DLL - ok
    15:56:54.0500 2892 [ D540E9A0E9F7C733E92CC629FA83DF59 ] C:\WINDOWS\System32\SAMSRV.DLL
    15:56:54.0500 2892 C:\WINDOWS\System32\SAMSRV.DLL - ok
    15:56:54.0515 2892 [ B83FB6DEED714F75FAC674F1A7C4C573 ] C:\WINDOWS\System32\CRYPTDLL.DLL
    15:56:54.0515 2892 C:\WINDOWS\System32\CRYPTDLL.DLL - ok
    15:56:54.0515 2892 [ 687982BF4630B30A5EEDB611AEC4AC1C ] C:\WINDOWS\AppPatch\AcGenral.dll
    15:56:54.0515 2892 C:\WINDOWS\AppPatch\AcGenral.dll - ok
    15:56:54.0531 2892 [ 7F72E9B1ADDD3664AF49D0FCC01DA2D9 ] C:\WINDOWS\System32\WINMM.DLL
    15:56:54.0531 2892 C:\WINDOWS\System32\WINMM.DLL - ok
    15:56:54.0531 2892 [ D7D49291901AA70C45BBDDD6E133FCE2 ] C:\WINDOWS\System32\OLEAUT32.DLL
    15:56:54.0531 2892 C:\WINDOWS\System32\OLEAUT32.DLL - ok
    15:56:54.0546 2892 [ B880BDB2C1FA7E4EC356C2DE164D64DA ] C:\WINDOWS\System32\MSACM32.DLL
    15:56:54.0546 2892 C:\WINDOWS\System32\MSACM32.DLL - ok
    15:56:54.0546 2892 [ 3B0742C355EE996FE54A7F330CCF55FD ] C:\WINDOWS\System32\UXTHEME.DLL
    15:56:54.0546 2892 C:\WINDOWS\System32\UXTHEME.DLL - ok
    15:56:54.0546 2892 [ 7C11E84574D6EFC3BB359E8151A6B2FF ] C:\WINDOWS\System32\MSAPSSPC.DLL
    15:56:54.0562 2892 C:\WINDOWS\System32\MSAPSSPC.DLL - ok
    15:56:54.0562 2892 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\System32\MSVCRT40.DLL
    15:56:54.0562 2892 C:\WINDOWS\System32\MSVCRT40.DLL - ok
    15:56:54.0562 2892 [ B2960B6F7B81BB357545F4AABC0320E0 ] C:\WINDOWS\System32\SCHANNEL.DLL
    15:56:54.0562 2892 C:\WINDOWS\System32\SCHANNEL.DLL - ok
    15:56:54.0578 2892 [ A0F3EC988A3C39D33E75E23E34A4BAFE ] C:\WINDOWS\System32\DIGEST.DLL
    15:56:54.0578 2892 C:\WINDOWS\System32\DIGEST.DLL - ok
    15:56:54.0578 2892 [ 8EA6C2D273077FE99172178D3EA7D630 ] C:\WINDOWS\System32\MSNSSPC.DLL
    15:56:54.0578 2892 C:\WINDOWS\System32\MSNSSPC.DLL - ok
    15:56:54.0593 2892 [ 758781C3BC642400D5C4D2C94AFC5239 ] C:\WINDOWS\System32\MSCTFIME.IME
    15:56:54.0593 2892 C:\WINDOWS\System32\MSCTFIME.IME - ok
    15:56:54.0593 2892 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\System32\MSPRIVS.DLL
    15:56:54.0593 2892 C:\WINDOWS\System32\MSPRIVS.DLL - ok
    15:56:54.0609 2892 [ 46BF87232A84574883B5536B0F703CB1 ] C:\WINDOWS\System32\KERBEROS.DLL
    15:56:54.0609 2892 C:\WINDOWS\System32\KERBEROS.DLL - ok
    15:56:54.0609 2892 [ B6581E5EA0789E83F392DA4CA1FA6E83 ] C:\WINDOWS\System32\MSV1_0.DLL
    15:56:54.0609 2892 C:\WINDOWS\System32\MSV1_0.DLL - ok
    15:56:54.0625 2892 [ 67A102E7CFD88FE010D89C5C9F72FBEA ] C:\WINDOWS\System32\IPHLPAPI.DLL
    15:56:54.0625 2892 C:\WINDOWS\System32\IPHLPAPI.DLL - ok
    15:56:54.0625 2892 [ E1DACEE13CAF8E118416399ABD2A08D9 ] C:\WINDOWS\System32\NETLOGON.DLL
    15:56:54.0625 2892 C:\WINDOWS\System32\NETLOGON.DLL - ok
    15:56:54.0640 2892 [ 2969DD84B584A6BB541A5273103957A3 ] C:\WINDOWS\System32\W32TIME.DLL
    15:56:54.0640 2892 C:\WINDOWS\System32\W32TIME.DLL - ok
    15:56:54.0640 2892 [ 5CA03A44CA527586B202DE1EEDDBFA54 ] C:\WINDOWS\System32\WDIGEST.DLL
    15:56:54.0640 2892 C:\WINDOWS\System32\WDIGEST.DLL - ok
    15:56:54.0640 2892 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\System32\RSAENH.DLL
    15:56:54.0640 2892 C:\WINDOWS\System32\RSAENH.DLL - ok
    15:56:54.0656 2892 [ EE9D8D80A258C3ADC319470BCE2D2277 ] C:\WINDOWS\System32\WINSCARD.DLL
    15:56:54.0656 2892 C:\WINDOWS\System32\WINSCARD.DLL - ok
    15:56:54.0656 2892 [ EE59B3FDF4B4C81D3D109CF82DC3CB7C ] C:\WINDOWS\System32\WTSAPI32.DLL
    15:56:54.0656 2892 C:\WINDOWS\System32\WTSAPI32.DLL - ok
    15:56:54.0671 2892 [ 034B4B1E882563562B35E1FAB279DEDF ] C:\WINDOWS\System32\SCECLI.DLL
    15:56:54.0671 2892 C:\WINDOWS\System32\SCECLI.DLL - ok
    15:56:54.0671 2892 [ 629CABB0421668C9D3D402A3C3D77E14 ] C:\WINDOWS\System32\DRIVERS\MBAM.SYS
    15:56:54.0671 2892 C:\WINDOWS\System32\DRIVERS\MBAM.SYS - ok
    15:56:54.0687 2892 [ 91FA52A79C87D1CD141C59844506A02B ] C:\WINDOWS\System32\ATI2EVXX.EXE
    15:56:54.0687 2892 C:\WINDOWS\System32\ATI2EVXX.EXE - ok
    15:56:54.0687 2892 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\System32\ATMFD.DLL
    15:56:54.0687 2892 C:\WINDOWS\System32\ATMFD.DLL - ok
    15:56:54.0687 2892 [ BB8363ABEC09AA2F9B363484E282117C ] C:\WINDOWS\System32\SVCHOST.EXE
    15:56:54.0687 2892 C:\WINDOWS\System32\SVCHOST.EXE - ok
    15:56:54.0703 2892 [ 5E275C67D430F333A151C19F51330241 ] C:\WINDOWS\System32\NTMARTA.DLL
    15:56:54.0703 2892 C:\WINDOWS\System32\NTMARTA.DLL - ok
    15:56:54.0703 2892 [ BC4E0226341AAEC1222336B3AED86BAB ] C:\WINDOWS\System32\RPCSS.DLL
    15:56:54.0703 2892 C:\WINDOWS\System32\RPCSS.DLL - ok
    15:56:54.0718 2892 [ BD5FEE908FDD9CB09AA3E78111AB1119 ] C:\WINDOWS\System32\EVENTLOG.DLL
    15:56:54.0718 2892 C:\WINDOWS\System32\EVENTLOG.DLL - ok
    15:56:54.0718 2892 [ AEEFC351E18FAAFB2A8E32A9EADCA52D ] C:\WINDOWS\System32\XPSP2RES.DLL
    15:56:54.0718 2892 C:\WINDOWS\System32\XPSP2RES.DLL - ok
    15:56:54.0734 2892 [ 402C5072B5554441CCF47295F909612B ] C:\WINDOWS\System32\LOGONUI.EXE
    15:56:54.0734 2892 C:\WINDOWS\System32\LOGONUI.EXE - ok
    15:56:54.0734 2892 [ B4D7BDEDD75F73903986D6C2A138B38C ] C:\WINDOWS\System32\DUSER.DLL
    15:56:54.0734 2892 C:\WINDOWS\System32\DUSER.DLL - ok
    15:56:54.0734 2892 [ 023BC61379209F3428A8189933D75817 ] C:\WINDOWS\System32\MSIMG32.DLL
    15:56:54.0734 2892 C:\WINDOWS\System32\MSIMG32.DLL - ok
    15:56:54.0750 2892 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\System32\OLEACC.DLL
    15:56:54.0750 2892 C:\WINDOWS\System32\OLEACC.DLL - ok
    15:56:54.0750 2892 [ A42DF287F97B218F9CC5C96DEC945E59 ] C:\WINDOWS\System32\CLBCATQ.DLL
    15:56:54.0750 2892 C:\WINDOWS\System32\CLBCATQ.DLL - ok
    15:56:54.0765 2892 [ C43124F63818E65CAFA49D3957C3CA67 ] C:\WINDOWS\System32\COMRES.DLL
    15:56:54.0765 2892 C:\WINDOWS\System32\COMRES.DLL - ok
    15:56:54.0765 2892 [ C6B69A18D39744725FB73AC85E46032B ] C:\WINDOWS\System32\MSWSOCK.DLL
    15:56:54.0765 2892 C:\WINDOWS\System32\MSWSOCK.DLL - ok
    15:56:54.0781 2892 [ 03BC6F93EEE777D321F0BBFE05E23C99 ] C:\WINDOWS\System32\SHGINA.DLL
    15:56:54.0781 2892 C:\WINDOWS\System32\SHGINA.DLL - ok
    15:56:54.0781 2892 [ 705B64A073DFF1AF96F49B00B9D297A3 ] C:\WINDOWS\System32\HNETCFG.DLL
    15:56:54.0781 2892 C:\WINDOWS\System32\HNETCFG.DLL - ok
    15:56:54.0796 2892 [ 31A1534519C6FA95445F1CB750E425E5 ] C:\WINDOWS\System32\WSHTCPIP.DLL
    15:56:54.0796 2892 C:\WINDOWS\System32\WSHTCPIP.DLL - ok
    15:56:54.0796 2892 [ 56BF77A7F2E68EA9514FB4141C4F1E78 ] C:\WINDOWS\System32\WSHIP6.DLL
    15:56:54.0796 2892 C:\WINDOWS\System32\WSHIP6.DLL - ok
    15:56:54.0796 2892 [ 168155EC87076189A765D2FB6D7A7D61 ] C:\WINDOWS\System32\WSHISN.DLL
    15:56:54.0796 2892 C:\WINDOWS\System32\WSHISN.DLL - ok
    15:56:54.0812 2892 [ 9D06B8C7B07C2AE0FDD61790F8AB69DE ] C:\WINDOWS\System32\WSOCK32.DLL
    15:56:54.0812 2892 C:\WINDOWS\System32\WSOCK32.DLL - ok
    15:56:54.0812 2892 [ C74F0D0D1D80BAF613FF3A7524AFBAAF ] C:\WINDOWS\System32\WINRNR.DLL
    15:56:54.0812 2892 C:\WINDOWS\System32\WINRNR.DLL - ok
    15:56:54.0828 2892 [ 4E31240C4C96ADD76F6C5C63461156EE ] C:\WINDOWS\System32\RASADHLP.DLL
    15:56:54.0828 2892 C:\WINDOWS\System32\RASADHLP.DLL - ok
    15:56:54.0828 2892 [ 240EEBB08EEF54BF9B0056D3CF37B565 ] C:\WINDOWS\System32\ATI2EVXX.DLL
    15:56:54.0828 2892 C:\WINDOWS\System32\ATI2EVXX.DLL - ok
    15:56:54.0843 2892 [ AFBEABDC9E9827C5017A651343ADA62C ] C:\WINDOWS\System32\CSCDLL.DLL
    15:56:54.0843 2892 C:\WINDOWS\System32\CSCDLL.DLL - ok
    15:56:54.0843 2892 [ 7BCB82561979ABB75A46D75339CFA96B ] C:\WINDOWS\System32\DIMSNTFY.DLL
    15:56:54.0843 2892 C:\WINDOWS\System32\DIMSNTFY.DLL - ok
    15:56:54.0859 2892 [ 116CB8789C1AE1BE1AFF5A4CE5D9EC18 ] C:\WINDOWS\System32\WLNOTIFY.DLL
    15:56:54.0859 2892 C:\WINDOWS\System32\WLNOTIFY.DLL - ok
    15:56:54.0859 2892 [ 4CB4D5AB5E8AD8F407399CBCD69BCAA0 ] C:\WINDOWS\System32\WINSPOOL.DRV
    15:56:54.0859 2892 C:\WINDOWS\System32\WINSPOOL.DRV - ok
    15:56:54.0875 2892 [ 05231C04253C5BC30B26CBAAE680ED89 ] C:\WINDOWS\System32\WudfSvc.dll
    15:56:54.0875 2892 C:\WINDOWS\System32\WudfSvc.dll - ok
    15:56:54.0875 2892 [ 5CAF91E865FE0C85048A233E594544D2 ] C:\WINDOWS\System32\WudfPlatform.dll
    15:56:54.0875 2892 C:\WINDOWS\System32\WudfPlatform.dll - ok
    15:56:54.0875 2892 [ 12DAFD934641DCF61E446313BC261EC2 ] C:\WINDOWS\System32\DRIVERS\AegisP.sys
    15:56:54.0875 2892 C:\WINDOWS\System32\DRIVERS\AegisP.sys - ok
    15:56:54.0890 2892 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] C:\WINDOWS\System32\DRIVERS\NWLNKIPX.SYS
    15:56:54.0890 2892 C:\WINDOWS\System32\DRIVERS\NWLNKIPX.SYS - ok
    15:56:54.0890 2892 [ 56D34A67C05E94E16377C60609741FF8 ] C:\WINDOWS\System32\DRIVERS\NWLNKNB.SYS
    15:56:54.0890 2892 C:\WINDOWS\System32\DRIVERS\NWLNKNB.SYS - ok
    15:56:54.0906 2892 [ 662C9F09076A2E1224C8833DEF1F5CB0 ] C:\WINDOWS\System32\DRIVERS\S24TRANS.SYS
    15:56:54.0906 2892 C:\WINDOWS\System32\DRIVERS\S24TRANS.SYS - ok
    15:56:54.0906 2892 [ B5365CC6CC6FB8A1B00554C2D63796A2 ] C:\WINDOWS\System32\CSCUI.DLL
    15:56:54.0906 2892 C:\WINDOWS\System32\CSCUI.DLL - ok
    15:56:54.0921 2892 [ F8AF9BA55E23599FFF540E976194F546 ] C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    15:56:54.0921 2892 C:\Programmi\Intel\Wireless\Bin\EvtEng.exe - ok
    15:56:54.0921 2892 [ 2F331374433E3FE176BEE155D9BE83E1 ] C:\WINDOWS\System32\POWRPROF.DLL
    15:56:54.0921 2892 C:\WINDOWS\System32\POWRPROF.DLL - ok
    15:56:54.0921 2892 [ 258BB3ADF21FA9E369388FC8271516DF ] C:\WINDOWS\System32\DPCDLL.DLL
    15:56:54.0921 2892 C:\WINDOWS\System32\DPCDLL.DLL - ok
    15:56:54.0937 2892 [ 3E61F6788517D84C5E7BF4E13A89FCBE ] C:\Programmi\Intel\Wireless\Bin\PsRegApi.dll
    15:56:54.0937 2892 C:\Programmi\Intel\Wireless\Bin\PsRegApi.dll - ok
    15:56:54.0937 2892 [ DF69726907357C3ADD243F48902B0331 ] C:\WINDOWS\System32\USERINIT.EXE
    15:56:54.0937 2892 C:\WINDOWS\System32\USERINIT.EXE - ok
    15:56:54.0953 2892 [ 103CA71EC8628E949611A0AF8299D1E1 ] C:\Programmi\Intel\Wireless\Bin\TraceAPI.dll
    15:56:54.0953 2892 C:\Programmi\Intel\Wireless\Bin\TraceAPI.dll - ok
    15:56:54.0953 2892 [ 0A573E0A09491E06F197D6FB251B52DF ] C:\WINDOWS\System32\ATL.DLL
    15:56:54.0953 2892 C:\WINDOWS\System32\ATL.DLL - ok
    15:56:54.0968 2892 [ CC57F47FC6896B3318941719369EA133 ] C:\Programmi\File comuni\System\ADO\MSADO15.DLL
    15:56:54.0968 2892 C:\Programmi\File comuni\System\ADO\MSADO15.DLL - ok
    15:56:54.0968 2892 [ 44833553A6FBDAC1554F290F10018BA4 ] C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    15:56:54.0968 2892 C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe - ok
    15:56:54.0984 2892 [ 70D7F99D95615C3C278367756287DB71 ] C:\WINDOWS\EXPLORER.EXE
    15:56:54.0984 2892 C:\WINDOWS\EXPLORER.EXE - ok
    15:56:54.0984 2892 [ 80E1B8A18F5FACE426943E7366FA9EDF ] C:\WINDOWS\System32\MSDART.DLL
    15:56:54.0984 2892 C:\WINDOWS\System32\MSDART.DLL - ok
    15:56:54.0984 2892 [ 65915F90E15892A5470080286DB91A03 ] C:\Programmi\File comuni\System\Ole DB\OLEDB32.DLL
    15:56:54.0984 2892 C:\Programmi\File comuni\System\Ole DB\OLEDB32.DLL - ok
    15:56:55.0000 2892 [ AA2AF9301A75E74594505C432A774754 ] C:\WINDOWS\System32\BROWSEUI.DLL
    15:56:55.0000 2892 C:\WINDOWS\System32\BROWSEUI.DLL - ok
    15:56:55.0000 2892 [ 972F3C25C7E2B5454C4A03835294DE75 ] C:\Programmi\Intel\Wireless\Bin\Libeay32.dll
    15:56:55.0000 2892 C:\Programmi\Intel\Wireless\Bin\Libeay32.dll - ok
    15:56:55.0015 2892 [ 7D0D24FC33FCD25BB5D6C74C6766ED60 ] C:\Programmi\File comuni\System\Ole DB\OLEDB32R.DLL
    15:56:55.0015 2892 C:\Programmi\File comuni\System\Ole DB\OLEDB32R.DLL - ok
    15:56:55.0015 2892 [ 009E3FE029F4F9A4AE77ABC1EF6D62EE ] C:\Programmi\Intel\Wireless\Bin\IntStngs.dll
    15:56:55.0015 2892 C:\Programmi\Intel\Wireless\Bin\IntStngs.dll - ok
    15:56:55.0031 2892 [ CA329BC37662A6885BBDE3261C7838EC ] C:\Programmi\File comuni\System\Ole DB\MSDASQL.DLL
    15:56:55.0031 2892 C:\Programmi\File comuni\System\Ole DB\MSDASQL.DLL - ok
    15:56:55.0031 2892 [ EEA7D0EF1A3B580691AF38F297D456E3 ] C:\WINDOWS\System32\MFC42.DLL
    15:56:55.0031 2892 C:\WINDOWS\System32\MFC42.DLL - ok
    15:56:55.0031 2892 [ ACDD8DB3B08B582F533F3DE1F908E946 ] C:\WINDOWS\System32\SHDOCVW.DLL
    15:56:55.0031 2892 C:\WINDOWS\System32\SHDOCVW.DLL - ok
    15:56:55.0046 2892 [ 1CC60CE5E33C5133A4E6E482EF32B82F ] C:\Programmi\File comuni\System\Ole DB\MSDATL3.DLL
    15:56:55.0046 2892 C:\Programmi\File comuni\System\Ole DB\MSDATL3.DLL - ok
    15:56:55.0046 2892 [ D8B76A9FE0C1679CAD56C518C7F9285C ] C:\Programmi\File comuni\System\Ole DB\MSDASQLR.DLL
    15:56:55.0046 2892 C:\Programmi\File comuni\System\Ole DB\MSDASQLR.DLL - ok
    15:56:55.0062 2892 [ 7B243CAC0A9A86AAE246245D4FB4EE6B ] C:\WINDOWS\System32\MSWSTR10.DLL
    15:56:55.0062 2892 C:\WINDOWS\System32\MSWSTR10.DLL - ok
    15:56:55.0062 2892 [ A92383FB4982DAA1A9D7746E9755E75A ] C:\Programmi\Intel\Wireless\Bin\iWMSProv.dll
    15:56:55.0062 2892 C:\Programmi\Intel\Wireless\Bin\iWMSProv.dll - ok
    15:56:55.0078 2892 [ 9F01A3E421D96ECFAA08EBBB8436EACF ] C:\WINDOWS\System32\COMSVCS.DLL
    15:56:55.0078 2892 C:\WINDOWS\System32\COMSVCS.DLL - ok
    15:56:55.0078 2892 [ 3A7370A1FAD83BB7E86CA39239BEB706 ] C:\WINDOWS\System32\CRYPTUI.DLL
    15:56:55.0078 2892 C:\WINDOWS\System32\CRYPTUI.DLL - ok
    15:56:55.0093 2892 [ 4E03135C6B43689649293D6CA6C73DD0 ] C:\WINDOWS\System32\MFC42LOC.DLL
    15:56:55.0093 2892 C:\WINDOWS\System32\MFC42LOC.DLL - ok
    15:56:55.0093 2892 [ 332D734E3FE6014BFE8A6A041DA958E0 ] C:\WINDOWS\System32\NETCFGX.DLL
    15:56:55.0093 2892 C:\WINDOWS\System32\NETCFGX.DLL - ok
    15:56:55.0109 2892 [ F29947208F24ABC46C251D1CFDB02070 ] C:\WINDOWS\System32\WININET.DLL
    15:56:55.0109 2892 C:\WINDOWS\System32\WININET.DLL - ok
    15:56:55.0109 2892 [ 315F0DDD3EFC7FB737DFE13328B3C37C ] C:\WINDOWS\System32\COLBACT.DLL
    15:56:55.0109 2892 C:\WINDOWS\System32\COLBACT.DLL - ok
    15:56:55.0125 2892 [ 82142A607D6832DAEB1EE3E9F270207E ] C:\WINDOWS\System32\CLUSAPI.DLL
    15:56:55.0125 2892 C:\WINDOWS\System32\CLUSAPI.DLL - ok
    15:56:55.0125 2892 [ 1856ED7DAC1FEA37C31288610273FAAC ] C:\WINDOWS\System32\MTXCLU.DLL
    15:56:55.0125 2892 C:\WINDOWS\System32\MTXCLU.DLL - ok
    15:56:55.0125 2892 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\System32\NORMALIZ.DLL
    15:56:55.0125 2892 C:\WINDOWS\System32\NORMALIZ.DLL - ok
    15:56:55.0140 2892 [ DC11BF976C9E95F8CCE881C3832F6834 ] C:\WINDOWS\System32\URLMON.DLL
    15:56:55.0140 2892 C:\WINDOWS\System32\URLMON.DLL - ok
    15:56:55.0140 2892 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\System32\DRIVERS\NDISUIO.SYS
    15:56:55.0140 2892 C:\WINDOWS\System32\DRIVERS\NDISUIO.SYS - ok
    15:56:55.0156 2892 [ 84665BAA2B806E93F8CF1DC4F4324346 ] C:\WINDOWS\System32\RESUTILS.DLL
    15:56:55.0156 2892 C:\WINDOWS\System32\RESUTILS.DLL - ok
    15:56:55.0156 2892 [ 699EE7F752A25180AEB92C3A0EAEE440 ] C:\WINDOWS\System32\DHCPCSVC.DLL
    15:56:55.0156 2892 C:\WINDOWS\System32\DHCPCSVC.DLL - ok
    15:56:55.0171 2892 [ 83A6C9E2E04437FA6B31D754FB8F018C ] C:\WINDOWS\System32\ODBCJT32.DLL
    15:56:55.0171 2892 C:\WINDOWS\System32\ODBCJT32.DLL - ok
    15:56:55.0171 2892 [ B7A1162B1A26DF7B60D5D9500006096C ] C:\WINDOWS\System32\DNSRSLVR.DLL
    15:56:55.0171 2892 C:\WINDOWS\System32\DNSRSLVR.DLL - ok
    15:56:55.0171 2892 [ 23D98A45F67546612709DB11C8657E2D ] C:\WINDOWS\System32\IERTUTIL.DLL
    15:56:55.0171 2892 C:\WINDOWS\System32\IERTUTIL.DLL - ok
    15:56:55.0187 2892 [ 9E70016C950B1F8FDEAA6F067E2E25A8 ] C:\WINDOWS\System32\MSJET40.DLL
    15:56:55.0187 2892 C:\WINDOWS\System32\MSJET40.DLL - ok
    15:56:55.0187 2892 [ 053E0307A08CAC60793E27E921B46B3E ] C:\WINDOWS\System32\WZCSVC.DLL
    15:56:55.0187 2892 C:\WINDOWS\System32\WZCSVC.DLL - ok
    15:56:55.0203 2892 [ E01255727D0B158538D7C2B469B533A8 ] C:\WINDOWS\System32\LMHSVC.DLL
    15:56:55.0203 2892 C:\WINDOWS\System32\LMHSVC.DLL - ok
    15:56:55.0203 2892 [ 1D2C1582D88DB4FE585A8B59DCF907F5 ] C:\WINDOWS\System32\RTUTILS.DLL
    15:56:55.0203 2892 C:\WINDOWS\System32\RTUTILS.DLL - ok
    15:56:55.0218 2892 [ 162D3BAC885B120249E562B4A4979052 ] C:\WINDOWS\System32\WMI.DLL
    15:56:55.0218 2892 C:\WINDOWS\System32\WMI.DLL - ok
    15:56:55.0218 2892 [ BFEDF99BCE4ADA015FB15DD0A35FA0C9 ] C:\WINDOWS\System32\EAPOLQEC.DLL
    15:56:55.0218 2892 C:\WINDOWS\System32\EAPOLQEC.DLL - ok
    15:56:55.0234 2892 [ 8E5EDE8D0FDDD771BE4EB401F38F9556 ] C:\WINDOWS\System32\QUTIL.DLL
    15:56:55.0234 2892 C:\WINDOWS\System32\QUTIL.DLL - ok
    15:56:55.0234 2892 [ E85960E0EEFB9F7F90B859FADEF587FF ] C:\WINDOWS\System32\DOT3API.DLL
    15:56:55.0234 2892 C:\WINDOWS\System32\DOT3API.DLL - ok
    15:56:55.0234 2892 [ 9ABC0B2592FE1535474E675E0A5A3C67 ] C:\WINDOWS\System32\ESENT.DLL
    15:56:55.0234 2892 C:\WINDOWS\System32\ESENT.DLL - ok
    15:56:55.0250 2892 [ AD26D75E9496C64E87B307B04722B627 ] C:\WINDOWS\System32\ODBCJI32.DLL
    15:56:55.0250 2892 C:\WINDOWS\System32\ODBCJI32.DLL - ok
    15:56:55.0250 2892 [ 0D14F07B29FBF0D750AA2495DD72B968 ] C:\WINDOWS\System32\MSJTER40.DLL
    15:56:55.0250 2892 C:\WINDOWS\System32\MSJTER40.DLL - ok
    15:56:55.0265 2892 [ 2A0B356F2F6E846E8D67A86052725630 ] C:\WINDOWS\System32\MSJINT40.DLL
    15:56:55.0265 2892 C:\WINDOWS\System32\MSJINT40.DLL - ok
    15:56:55.0265 2892 [ 8B5EB7B07A44E86A623202F741F15E98 ] C:\WINDOWS\System32\RASTLS.DLL
    15:56:55.0265 2892 C:\WINDOWS\System32\RASTLS.DLL - ok
    15:56:55.0281 2892 [ AAB471BC3A877996E71A7E3708FCD4E4 ] C:\WINDOWS\System32\ODBCCP32.DLL
    15:56:55.0281 2892 C:\WINDOWS\System32\ODBCCP32.DLL - ok
    15:56:55.0281 2892 [ 55094E3E675E6D4195058C0921F88240 ] C:\WINDOWS\System32\MPRAPI.DLL
    15:56:55.0281 2892 C:\WINDOWS\System32\MPRAPI.DLL - ok
    15:56:55.0296 2892 [ 8D50AEF4223BD8ED8CF985011E05729E ] C:\WINDOWS\System32\ACTIVEDS.DLL
    15:56:55.0296 2892 C:\WINDOWS\System32\ACTIVEDS.DLL - ok
    15:56:55.0296 2892 [ EB9C62DFDA4CD100C6C721F94275A897 ] C:\WINDOWS\System32\RICHED20.DLL
    15:56:55.0296 2892 C:\WINDOWS\System32\RICHED20.DLL - ok
    15:56:55.0296 2892 [ CC3A0AB061C722945B29DE86E7392B9D ] C:\Programmi\File comuni\System\MSADC\MSADCE.DLL
    15:56:55.0296 2892 C:\Programmi\File comuni\System\MSADC\MSADCE.DLL - ok
    15:56:55.0312 2892 [ F1E08D3B1809526BDD78DB651928F69E ] C:\WINDOWS\System32\ADSLDPC.DLL
    15:56:55.0312 2892 C:\WINDOWS\System32\ADSLDPC.DLL - ok
    15:56:55.0312 2892 [ 6A29C7414336BD939F3FB0036D9819BE ] C:\Programmi\File comuni\System\MSADC\MSADCER.DLL
    15:56:55.0312 2892 C:\Programmi\File comuni\System\MSADC\MSADCER.DLL - ok
    15:56:55.0328 2892 [ 717507BFA164A23EF4E79F73C7DEBF79 ] C:\WINDOWS\System32\RASAPI32.DLL
    15:56:55.0328 2892 C:\WINDOWS\System32\RASAPI32.DLL - ok
    15:56:55.0328 2892 [ 80F6E389C54399673F8B7C40AC4837BD ] C:\WINDOWS\System32\RASMAN.DLL
    15:56:55.0328 2892 C:\WINDOWS\System32\RASMAN.DLL - ok
    15:56:55.0343 2892 [ 30DB64D316F502558DB2380F7343C9FD ] C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
    15:56:55.0343 2892 C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll - ok
    15:56:55.0343 2892 [ DF4314D8C94E455EAE153C2C750D767A ] C:\WINDOWS\System32\TAPI32.DLL
    15:56:55.0343 2892 C:\WINDOWS\System32\TAPI32.DLL - ok
    15:56:55.0359 2892 [ 207204AF80505AF51271FE164B56F662 ] C:\Programmi\Microsoft Office\Office12\GrooveUtil.dll
    15:56:55.0359 2892 C:\Programmi\Microsoft Office\Office12\GrooveUtil.dll - ok
    15:56:55.0359 2892 [ 815CC2B190907CF933696E6C491B06EB ] C:\WINDOWS\System32\MLANG.DLL
    15:56:55.0359 2892 C:\WINDOWS\System32\MLANG.DLL - ok
    15:56:55.0375 2892 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.DLL
    15:56:55.0375 2892 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.DLL - ok
    15:56:55.0375 2892 [ 30EFEBDC960A482E3E188B9960B286E2 ] C:\Programmi\Microsoft Office\Office12\GrooveNew.dll
    15:56:55.0375 2892 C:\Programmi\Microsoft Office\Office12\GrooveNew.dll - ok
    15:56:55.0390 2892 [ D5E459BED3DB9CF7FC6CC1455F177D2D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL
    15:56:55.0390 2892 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL - ok
    15:56:55.0390 2892 [ FC1886502BED1CE27B1B6C18DC83D6FE ] C:\WINDOWS\System32\DESK.CPL
    15:56:55.0390 2892 C:\WINDOWS\System32\DESK.CPL - ok
    15:56:55.0406 2892 [ E337D8ACC46D10CD19E86AE3E175FA6E ] C:\WINDOWS\System32\XMLPROVI.DLL
    15:56:55.0406 2892 C:\WINDOWS\System32\XMLPROVI.DLL - ok
    15:56:55.0406 2892 [ 88C8A711BBFF3C2B208F8F44C6AC0FCA ] C:\WINDOWS\System32\THEMEUI.DLL
    15:56:55.0406 2892 C:\WINDOWS\System32\THEMEUI.DLL - ok
    15:56:55.0421 2892 [ 40ACFE8087298C69C0C91C7B713495A1 ] C:\WINDOWS\System32\WZCSAPI.DLL
    15:56:55.0421 2892 C:\WINDOWS\System32\WZCSAPI.DLL - ok
    15:56:55.0421 2892 [ 4180B7506037481BF17339DA0F3960CD ] C:\WINDOWS\System32\RASCHAP.DLL
    15:56:55.0421 2892 C:\WINDOWS\System32\RASCHAP.DLL - ok
    15:56:55.0421 2892 [ 02815B70FC4CA8611A926176F1C39FC2 ] C:\WINDOWS\System32\NETMAN.DLL
    15:56:55.0421 2892 C:\WINDOWS\System32\NETMAN.DLL - ok
    15:56:55.0437 2892 [ 737E29B27859FF2BBA967A7351F3C6DE ] C:\WINDOWS\System32\NETSHELL.DLL
    15:56:55.0437 2892 C:\WINDOWS\System32\NETSHELL.DLL - ok
    15:56:55.0437 2892 [ D8C2B95BC2353E1F18850D6B8F5DBA13 ] C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
    15:56:55.0437 2892 C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll - ok
    15:56:55.0453 2892 [ 74440B20A4CC9B28E256315E0E44AE07 ] C:\WINDOWS\System32\MSXML3.DLL
    15:56:55.0453 2892 C:\WINDOWS\System32\MSXML3.DLL - ok
    15:56:55.0453 2892 [ 132EA5CDBA93EF9EDD0F11461591778A ] C:\WINDOWS\System32\CREDUI.DLL
    15:56:55.0453 2892 C:\WINDOWS\System32\CREDUI.DLL - ok
    15:56:55.0468 2892 [ FB99885879A7E74A19B9C289C2BE5569 ] C:\WINDOWS\System32\DOT3DLG.DLL
    15:56:55.0468 2892 C:\WINDOWS\System32\DOT3DLG.DLL - ok
    15:56:55.0468 2892 [ DC2B2346A588E4BC641267B568C71D5A ] C:\WINDOWS\System32\ONEX.DLL
    15:56:55.0468 2892 C:\WINDOWS\System32\ONEX.DLL - ok
    15:56:55.0468 2892 [ F3B027294B4CDE21E16103961BDD7160 ] C:\WINDOWS\System32\EAPPCFG.DLL
    15:56:55.0468 2892 C:\WINDOWS\System32\EAPPCFG.DLL - ok
    15:56:55.0484 2892 [ 3DC378A839058A689FD55D34FD58675B ] C:\WINDOWS\System32\cmd.exe
    15:56:55.0484 2892 C:\WINDOWS\System32\cmd.exe - ok
    15:56:55.0484 2892 [ 63574A97E5A93C2094CFAC9CFBB8C60F ] C:\WINDOWS\System32\EAPPPRXY.DLL
    15:56:55.0484 2892 C:\WINDOWS\System32\EAPPPRXY.DLL - ok
    15:56:55.0500 2892 [ BF81C0D60103270D48E538352AC5F077 ] C:\WINDOWS\System32\IEFRAME.DLL
    15:56:55.0500 2892 C:\WINDOWS\System32\IEFRAME.DLL - ok
    15:56:55.0500 2892 [ 511886E5BD060046CCE8373E92E62EDF ] C:\WINDOWS\System32\SCHEDSVC.DLL
    15:56:55.0500 2892 C:\WINDOWS\System32\SCHEDSVC.DLL - ok
    15:56:55.0515 2892 [ 8631D7150FABE2F11F896EF7153F811F ] C:\WINDOWS\System32\MSIDLE.DLL
    15:56:55.0515 2892 C:\WINDOWS\System32\MSIDLE.DLL - ok
    15:56:55.0515 2892 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\System32\SPOOLSV.EXE
    15:56:55.0515 2892 C:\WINDOWS\System32\SPOOLSV.EXE - ok
    15:56:55.0531 2892 [ 1B58D118049304E88464BE614C6D0014 ] C:\WINDOWS\System32\AUDIOSRV.DLL
    15:56:55.0531 2892 C:\WINDOWS\System32\AUDIOSRV.DLL - ok
    15:56:55.0531 2892 [ E13B0181DDA60B93E3253EFF52A79CBE ] C:\WINDOWS\System32\WKSSVC.DLL
    15:56:55.0531 2892 C:\WINDOWS\System32\WKSSVC.DLL - ok
    15:56:55.0531 2892 [ 423ACF9016973BF955E94893AF2C19A0 ] C:\WINDOWS\System32\WDMAUD.DRV
    15:56:55.0531 2892 C:\WINDOWS\System32\WDMAUD.DRV - ok
    15:56:55.0546 2892 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\System32\DRIVERS\WDMAUD.SYS
    15:56:55.0546 2892 C:\WINDOWS\System32\DRIVERS\WDMAUD.SYS - ok
    15:56:55.0546 2892 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\System32\DRIVERS\SYSAUDIO.SYS
    15:56:55.0546 2892 C:\WINDOWS\System32\DRIVERS\SYSAUDIO.SYS - ok
    15:56:55.0562 2892 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\System32\DRIVERS\SPLITTER.SYS
    15:56:55.0562 2892 C:\WINDOWS\System32\DRIVERS\SPLITTER.SYS - ok
    15:56:55.0562 2892 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\System32\DRIVERS\AEC.SYS
    15:56:55.0562 2892 C:\WINDOWS\System32\DRIVERS\AEC.SYS - ok
    15:56:55.0578 2892 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\System32\DRIVERS\SWMIDI.SYS
    15:56:55.0578 2892 C:\WINDOWS\System32\DRIVERS\SWMIDI.SYS - ok
    15:56:55.0578 2892 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\System32\DRIVERS\DMusic.sys
    15:56:55.0578 2892 C:\WINDOWS\System32\DRIVERS\DMusic.sys - ok
    15:56:55.0578 2892 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\System32\DRIVERS\KMIXER.SYS
    15:56:55.0593 2892 C:\WINDOWS\System32\DRIVERS\KMIXER.SYS - ok
    15:56:55.0593 2892 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\System32\DRIVERS\DRMKAUD.SYS
    15:56:55.0593 2892 C:\WINDOWS\System32\DRIVERS\DRMKAUD.SYS - ok
    15:56:55.0593 2892 [ 05E84EEAD6B27C958621A4E6D33859D1 ] C:\WINDOWS\System32\MSACM32.DRV
    15:56:55.0593 2892 C:\WINDOWS\System32\MSACM32.DRV - ok
    15:56:55.0609 2892 [ 900D7BBEFCCC50A73B38E342B68D346A ] C:\WINDOWS\System32\MIDIMAP.DLL
    15:56:55.0609 2892 C:\WINDOWS\System32\MIDIMAP.DLL - ok
    15:56:55.0625 2892 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\76625B4C-850F-4AAB-9078-DF9DBA7247EF.exe
    15:56:55.0625 2892 C:\Documents and Settings\Giuseppe\Impostazioni locali\Temp\76625B4C-850F-4AAB-9078-DF9DBA7247EF.exe - ok
    15:56:55.0625 2892 [ 4435246092FA82DC8FB3F18BC5DFE9A7 ] C:\WINDOWS\System32\WINHTTP.dll
    15:56:55.0625 2892 C:\WINDOWS\System32\WINHTTP.dll - ok
    15:56:55.0625 2892 [ 21C044A1A4CAD5636FCED583879EE92F ] C:\WINDOWS\System32\actxprxy.dll
    15:56:55.0625 2892 C:\WINDOWS\System32\actxprxy.dll - ok
    15:56:55.0640 2892 [ 5D895D0FD4456E22B20268ABFA1CC3C4 ] C:\WINDOWS\System32\MSCTF.DLL
    15:56:55.0640 2892 C:\WINDOWS\System32\MSCTF.DLL - ok
    15:56:55.0640 2892 [ 7FE30595ED2A154BCB666089464C0308 ] C:\WINDOWS\System32\msutb.dll
    15:56:55.0640 2892 C:\WINDOWS\System32\msutb.dll - ok
    15:56:55.0640 2892 [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Programmi\Google\Update\GoogleUpdate.exe
    15:56:55.0640 2892 C:\Programmi\Google\Update\GoogleUpdate.exe - ok
    15:56:55.0656 2892 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Programmi\Google\Update\1.3.21.123\GOOPDATE.DLL
    15:56:55.0656 2892 C:\Programmi\Google\Update\1.3.21.123\GOOPDATE.DLL - ok
    15:56:55.0656 2892 [ 8C22083ED515DC94D575438662F0BE6A ] C:\WINDOWS\System32\MSI.DLL
    15:56:55.0656 2892 C:\WINDOWS\System32\MSI.DLL - ok
    15:56:55.0671 2892 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] C:\WINDOWS\System32\DRIVERS\NWLNKSPX.SYS
    15:56:55.0671 2892 C:\WINDOWS\System32\DRIVERS\NWLNKSPX.SYS - ok
    15:56:55.0671 2892 [ 357064BBB64EDA4A6A113773653A303D ] C:\WINDOWS\System32\DBGHELP.DLL
    15:56:55.0671 2892 C:\WINDOWS\System32\DBGHELP.DLL - ok
    15:56:55.0671 2892 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Programmi\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    15:56:55.0671 2892 C:\Programmi\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
    15:56:55.0687 2892 [ 9B57F2721D594568F62857F5A31D6634 ] C:\WINDOWS\System32\MSTASK.DLL
    15:56:55.0687 2892 C:\WINDOWS\System32\MSTASK.DLL - ok
    15:56:55.0687 2892 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\System32\DRIVERS\15015215.sys
    15:56:55.0687 2892 C:\WINDOWS\System32\DRIVERS\15015215.sys - ok
    15:56:55.0703 2892 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\System32\DRIVERS\MRXDAV.SYS
    15:56:55.0703 2892 C:\WINDOWS\System32\DRIVERS\MRXDAV.SYS - ok
    15:56:55.0703 2892 [ 9ADBA22EC86D6C64FB51CF5281935F87 ] C:\WINDOWS\System32\SPOOLSS.DLL
    15:56:55.0703 2892 C:\WINDOWS\System32\SPOOLSS.DLL - ok
    15:56:55.0718 2892 [ 44767F6167E2C39A38B19969C30D2178 ] C:\WINDOWS\System32\LOCALSPL.DLL
    15:56:55.0718 2892 C:\WINDOWS\System32\LOCALSPL.DLL - ok
    15:56:55.0718 2892 [ CA8C4185B9947F0BB1D2D3EF97CFC384 ] C:\WINDOWS\System32\CNBJMON.DLL
    15:56:55.0718 2892 C:\WINDOWS\System32\CNBJMON.DLL - ok
    15:56:55.0718 2892 [ 8360CB9756E598A5C6214EACFB3677C3 ] C:\WINDOWS\System32\ES.DLL
    15:56:55.0718 2892 C:\WINDOWS\System32\ES.DLL - ok
    15:56:55.0734 2892 [ 2EC50EE79B65F60C8E8B4A03BBB3A42F ] C:\WINDOWS\System32\WEBCLNT.DLL
    15:56:55.0734 2892 C:\WINDOWS\System32\WEBCLNT.DLL - ok
    15:56:55.0734 2892 [ 95647F820CBC025676D7B407E2BCFBE6 ] C:\WINDOWS\System32\MDIMON.DLL
    15:56:55.0734 2892 C:\WINDOWS\System32\MDIMON.DLL - ok
    15:56:55.0750 2892 [ 5722B18D85EC5853F47E9AA08CAB53A2 ] C:\WINDOWS\System32\FXSMON.DLL
    15:56:55.0750 2892 C:\WINDOWS\System32\FXSMON.DLL - ok
    15:56:55.0750 2892 [ 95665E964B5FEE93DD6B9A0FC508EF77 ] C:\WINDOWS\System32\FXSEVENT.DLL
    15:56:55.0750 2892 C:\WINDOWS\System32\FXSEVENT.DLL - ok
    15:56:55.0750 2892 [ AF238673651EFC0226EA74239B502A6F ] C:\WINDOWS\System32\pdf995mon.dll
    15:56:55.0750 2892 C:\WINDOWS\System32\pdf995mon.dll - ok
    15:56:55.0765 2892 [ FDBD9D64E2E03270021D424F0DCCF79D ] C:\WINDOWS\System32\DRIVERS\SERIAL.SYS
    15:56:55.0765 2892 C:\WINDOWS\System32\DRIVERS\SERIAL.SYS - ok
    15:56:55.0765 2892 [ 20CC5F031100F9DBA44A87DB3ECB868C ] C:\WINDOWS\System32\ntshrui.dll
    15:56:55.0765 2892 C:\WINDOWS\System32\ntshrui.dll - ok
    15:56:55.0781 2892 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] C:\Programmi\AVG\AVG2013\avgidsagent.exe
    15:56:55.0781 2892 C:\Programmi\AVG\AVG2013\avgidsagent.exe - ok
    15:56:55.0781 2892 [ 279FE99A49A1F9CAA72C0054B505B64A ] C:\WINDOWS\System32\verclsid.exe
    15:56:55.0781 2892 C:\WINDOWS\System32\verclsid.exe - ok
    15:56:55.0781 2892 [ 99B69A5697F622A192B2C1E0D55B48AB ] C:\WINDOWS\System32\LINKINFO.dll
    15:56:55.0781 2892 C:\WINDOWS\System32\LINKINFO.dll - ok
    15:56:55.0796 2892 [ 5D999BF519415D1C8EE0B97FF6A254DB ] C:\Programmi\Microsoft Office\Office12\MSOHEVI.DLL
    15:56:55.0796 2892 C:\Programmi\Microsoft Office\Office12\MSOHEVI.DLL - ok
    15:56:55.0796 2892 [ 1574DD9D409F2DC45CF82C22B99164A4 ] C:\WINDOWS\System32\PDFCMNNT.DLL
    15:56:55.0796 2892 C:\WINDOWS\System32\PDFCMNNT.DLL - ok
    15:56:55.0812 2892 [ E88074B11C9A8424708C7CF41E034106 ] C:\WINDOWS\System32\PJLMON.DLL
    15:56:55.0812 2892 C:\WINDOWS\System32\PJLMON.DLL - ok
    15:56:55.0812 2892 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\WINDOWS\System32\MSONPMON.DLL
    15:56:55.0812 2892 C:\WINDOWS\System32\MSONPMON.DLL - ok
    15:56:55.0812 2892 [ 31B94E0B6B5914BA7F55C1238A19BE0F ] C:\WINDOWS\System32\TCPMON.DLL
    15:56:55.0812 2892 C:\WINDOWS\System32\TCPMON.DLL - ok
    15:56:55.0828 2892 [ A5E96F028B598479FC9BAD6FB67EEE3C ] C:\WINDOWS\System32\USBMON.DLL
    15:56:55.0828 2892 C:\WINDOWS\System32\USBMON.DLL - ok
    15:56:55.0828 2892 [ C7F4958A99983E2E4B435BE798081DD8 ] C:\WINDOWS\Alaunch.exe
    15:56:55.0828 2892 C:\WINDOWS\Alaunch.exe - ok
    15:56:55.0843 2892 [ 4424AE65F7AF8181AC99FE46BC2700C9 ] C:\WINDOWS\System32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL
    15:56:55.0843 2892 C:\WINDOWS\System32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL - ok
    15:56:55.0843 2892 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\System32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
    15:56:55.0843 2892 C:\WINDOWS\System32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll - ok
    15:56:55.0843 2892 [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\System32\SPOOL\PRTPROCS\W32X86\MSONPPPR.DLL
    15:56:55.0843 2892 C:\WINDOWS\System32\SPOOL\PRTPROCS\W32X86\MSONPPPR.DLL - ok
    15:56:55.0859 2892 [ BC83108B18756547013ED443B8CDB31B ] C:\WINDOWS\System32\MSVCP100.DLL
    15:56:55.0859 2892 C:\WINDOWS\System32\MSVCP100.DLL - ok
    15:56:55.0859 2892 [ 2826256E0B04A1473A0A89A066FA3775 ] C:\WINDOWS\System32\WIN32SPL.DLL
    15:56:55.0859 2892 C:\WINDOWS\System32\WIN32SPL.DLL - ok
    15:56:55.0875 2892 [ 16A78C1594DD4870460FD6EF4876A8AB ] C:\WINDOWS\System32\oledlg.dll
    15:56:55.0875 2892 C:\WINDOWS\System32\oledlg.dll - ok
    15:56:55.0875 2892 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\WINDOWS\System32\MSVCR100.DLL
    15:56:55.0875 2892 C:\WINDOWS\System32\MSVCR100.DLL - ok
    15:56:55.0875 2892 [ 913858CD930012CC51EA25477299B7C2 ] C:\WINDOWS\System32\NETRAP.DLL
    15:56:55.0875 2892 C:\WINDOWS\System32\NETRAP.DLL - ok
    15:56:55.0890 2892 [ 846750D84852A6B5210FCC88F39590FC ] C:\WINDOWS\System32\INETPP.DLL
    15:56:55.0890 2892 C:\WINDOWS\System32\INETPP.DLL - ok
    15:56:55.0890 2892 [ F036DB9CF05B3C21405403FF074A78D9 ] C:\Programmi\AVG\AVG2013\avgopensslx.dll
    15:56:55.0890 2892 C:\Programmi\AVG\AVG2013\avgopensslx.dll - ok
    15:56:55.0906 2892 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\System32\webcheck.dll
    15:56:55.0906 2892 C:\WINDOWS\System32\webcheck.dll - ok
    15:56:55.0906 2892 [ B40F5DCD59ED2A46EED8AE340CC167FB ] C:\Programmi\AVG\AVG2013\AVGCFGX.DLL
    15:56:55.0906 2892 C:\Programmi\AVG\AVG2013\AVGCFGX.DLL - ok
    15:56:55.0906 2892 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] C:\Programmi\AVG\AVG2013\AVGWDSVC.EXE
    15:56:55.0906 2892 C:\Programmi\AVG\AVG2013\AVGWDSVC.EXE - ok
    15:56:55.0921 2892 [ 8B071DAE78DDE69E4B7B02A193A30D94 ] C:\WINDOWS\System32\stobject.dll
    15:56:55.0921 2892 C:\WINDOWS\System32\stobject.dll - ok
    15:56:55.0921 2892 [ 54A01A18829C95EE0F1FDFABB832CE0B ] C:\WINDOWS\System32\BatMeter.dll
    15:56:55.0921 2892 C:\WINDOWS\System32\BatMeter.dll - ok
    15:56:55.0937 2892 [ E1EC228D87915050BDF59F6331AD7247 ] C:\Acer\Empowering Technology\admServ.exe
    15:56:55.0937 2892 C:\Acer\Empowering Technology\admServ.exe - ok
    15:56:55.0937 2892 [ 57616A5583E6406F88BC71A5A5E0C165 ] C:\Programmi\AVG\AVG2013\AVGWD.DLL
    15:56:55.0937 2892 C:\Programmi\AVG\AVG2013\AVGWD.DLL - ok
    15:56:55.0937 2892 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\System32\WPDShServiceObj.dll
    15:56:55.0937 2892 C:\WINDOWS\System32\WPDShServiceObj.dll - ok
    15:56:55.0953 2892 [ 033CEF7F1E4FE3F2CE7B737B847DBC90 ] C:\WINDOWS\System32\SENSAPI.DLL
    15:56:55.0953 2892 C:\WINDOWS\System32\SENSAPI.DLL - ok
    15:56:55.0953 2892 [ 915E16D548435E9A27E1BF5CC233E6A6 ] C:\WINDOWS\System32\mydocs.dll
    15:56:55.0953 2892 C:\WINDOWS\System32\mydocs.dll - ok
    15:56:55.0968 2892 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\System32\PortableDeviceTypes.dll
    15:56:55.0968 2892 C:\WINDOWS\System32\PortableDeviceTypes.dll - ok
    15:56:55.0968 2892 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\System32\PortableDeviceApi.dll
    15:56:55.0968 2892 C:\WINDOWS\System32\PortableDeviceApi.dll - ok
    15:56:55.0968 2892 [ 9E30B21B14FB24C383AC255BDFA47E0E ] C:\Programmi\AVG\AVG2013\avgsecapix.dll
    15:56:55.0968 2892 C:\Programmi\AVG\AVG2013\avgsecapix.dll - ok
    15:56:55.0984 2892 [ EEA7DDED2F11300B4B00C81D93A14898 ] C:\WINDOWS\System32\OLEPRO32.DLL
    15:56:55.0984 2892 C:\WINDOWS\System32\OLEPRO32.DLL - ok
    15:56:55.0984 2892 [ CD3EBDF2CC1B753C697D619AF09F77C2 ] C:\WINDOWS\RTHDCPL.EXE
    15:56:55.0984 2892 C:\WINDOWS\RTHDCPL.EXE - ok
    15:56:56.0000 2892 [ 680A40E23A111842A5D240040D806817 ] C:\Acer\Empowering Technology\IpmiTrans.dll
    15:56:56.0000 2892 C:\Acer\Empowering Technology\IpmiTrans.dll - ok
    15:56:56.0000 2892 [ C53E7E28BBF491D3D0346539BFDEDF64 ] C:\Acer\Empowering Technology\OsaFsLoc.dll
    15:56:56.0000 2892 C:\Acer\Empowering Technology\OsaFsLoc.dll - ok
    15:56:56.0000 2892 [ 0BAD334E0EB3D3A9BC62A63EF73279E2 ] C:\Acer\Empowering Technology\OSAIODLL.DLL
    15:56:56.0000 2892 C:\Acer\Empowering Technology\OSAIODLL.DLL - ok
    15:56:56.0015 2892 [ 2CBD8B58E0616A6626BB25DF9707D8E7 ] C:\Acer\Empowering Technology\cpuid_dll.dll
    15:56:56.0015 2892 C:\Acer\Empowering Technology\cpuid_dll.dll - ok
    15:56:56.0015 2892 [ 7BCB7A1A982FBE839083D06CAC9E0CD3 ] C:\Acer\Empowering Technology\smbiosapi.dll
    15:56:56.0015 2892 C:\Acer\Empowering Technology\smbiosapi.dll - ok
    15:56:56.0031 2892 [ 6CD95BEBC1275515E22AC36ED6F5B4A6 ] C:\Acer\Empowering Technology\SYSAPI.DLL
    15:56:56.0031 2892 C:\Acer\Empowering Technology\SYSAPI.DLL - ok
    15:56:56.0031 2892 [ 0D3C225272E5F8192110711DA9F1D227 ] C:\Acer\Empowering Technology\NBAPI.DLL
    15:56:56.0031 2892 C:\Acer\Empowering Technology\NBAPI.DLL - ok
    15:56:56.0031 2892 [ E87A43A7B6BAB1F94063CB4CB76C80CC ] C:\Acer\Empowering Technology\NetMonitor.dll
    15:56:56.0031 2892 C:\Acer\Empowering Technology\NetMonitor.dll - ok
    15:56:56.0046 2892 [ 8B4CBBA1EA526830C7F97E7822E2493A ] C:\WINDOWS\Alcmtr.exe
    15:56:56.0046 2892 C:\WINDOWS\Alcmtr.exe - ok
    15:56:56.0046 2892 [ D1308031093AE0FBCB903422E8E6C55E ] C:\WINDOWS\System32\dsound.dll
    15:56:56.0046 2892 C:\WINDOWS\System32\dsound.dll - ok
    15:56:56.0046 2892 [ 7BBE4CF421AECC7F0226EDD75F12079F ] C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE
    15:56:56.0046 2892 C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE - ok
    15:56:56.0062 2892 [ 1B17E09C1223F6D17336D2DD7A1AF4F4 ] C:\WINDOWS\System32\ime\pintlgnt\ImScInst.exe
    15:56:56.0062 2892 C:\WINDOWS\System32\ime\pintlgnt\ImScInst.exe - ok
    15:56:56.0062 2892 [ 491918E4C46ED4CEB6E7A90F7B73924D ] C:\Programmi\AVG\AVG2013\AVGXPL.DLL
    15:56:56.0062 2892 C:\Programmi\AVG\AVG2013\AVGXPL.DLL - ok
    15:56:56.0078 2892 [ 024DC0F68DF5FD6AE9DD82DFBAF479D6 ] C:\WINDOWS\System32\ime\tintlgnt\TINTSETP.EXE
    15:56:56.0078 2892 C:\WINDOWS\System32\ime\tintlgnt\TINTSETP.EXE - ok
    15:56:56.0078 2892 [ 8FB740D758B14B1BC950CC347C21E461 ] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    15:56:56.0078 2892 C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe - ok
    15:56:56.0093 2892 [ F67480EE1AC3CB32C63AF86B0AE57AC9 ] C:\Programmi\AVG\AVG2013\AVGWDWSC.DLL
    15:56:56.0093 2892 C:\Programmi\AVG\AVG2013\AVGWDWSC.DLL - ok
    15:56:56.0093 2892 [ 6E5A178E359EE42F748186A14449D848 ] C:\WINDOWS\System32\igfxtray.exe
    15:56:56.0093 2892 C:\WINDOWS\System32\igfxtray.exe - ok
    15:56:56.0093 2892 [ 510E4AFE5E5871309A1F2FE90914857D ] C:\WINDOWS\System32\WBEM\WBEMPROX.DLL
    15:56:56.0093 2892 C:\WINDOWS\System32\WBEM\WBEMPROX.DLL - ok
    15:56:56.0109 2892 [ 42344DDF30337979216EA6AFA58BB42A ] C:\WINDOWS\System32\hkcmd.exe
    15:56:56.0109 2892 C:\WINDOWS\System32\hkcmd.exe - ok
    15:56:56.0109 2892 [ 8678F7D9D5D2687B9B6CA47CB7C8572C ] C:\WINDOWS\System32\WBEM\WBEMCOMN.DLL
    15:56:56.0109 2892 C:\WINDOWS\System32\WBEM\WBEMCOMN.DLL - ok
    15:56:56.0125 2892 [ 3EA40C03BB20A68F5F49798296112EF9 ] C:\WINDOWS\System32\hccutils.dll
    15:56:56.0125 2892 C:\WINDOWS\System32\hccutils.dll - ok
    15:56:56.0125 2892 [ 535203DEA5820F3B5F3FAACE0D51252C ] C:\Programmi\CyberLink\PowerDVD\CLRCEngine2.dll
    15:56:56.0125 2892 C:\Programmi\CyberLink\PowerDVD\CLRCEngine2.dll - ok
    15:56:56.0125 2892 [ B84EF1DBE346D8ECE82F1C1E94B7A18C ] C:\WINDOWS\System32\hhctrl.ocx
    15:56:56.0125 2892 C:\WINDOWS\System32\hhctrl.ocx - ok
    15:56:56.0140 2892 [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\WINDOWS\System32\MSXML4.DLL
    15:56:56.0140 2892 C:\WINDOWS\System32\MSXML4.DLL - ok
    15:56:56.0140 2892 [ 1CA7C04957F8419E426E334B5FF2D0FA ] C:\Programmi\AVG\AVG2013\AVGNSX.EXE
    15:56:56.0140 2892 C:\Programmi\AVG\AVG2013\AVGNSX.EXE - ok
    15:56:56.0140 2892 [ 4B10675852FE8862521024778E264D5F ] C:\WINDOWS\System32\igfxpers.exe
    15:56:56.0140 2892 C:\WINDOWS\System32\igfxpers.exe - ok
    15:56:56.0156 2892 [ A4932026499FFE9A493E3E9BBFDAA682 ] C:\Programmi\AVG\AVG2013\AVGEMCX.EXE
    15:56:56.0156 2892 C:\Programmi\AVG\AVG2013\AVGEMCX.EXE - ok
    15:56:56.0156 2892 [ 8622AE563E2AC2F8BF9FAFEE726FC7B8 ] C:\Programmi\AVG\AVG2013\AVGSCHED.DLL
    15:56:56.0156 2892 C:\Programmi\AVG\AVG2013\AVGSCHED.DLL - ok
    15:56:56.0171 2892 [ 126A1B4A38BDEEB1CDF0E06E5A547669 ] C:\WINDOWS\System32\mui\0010\hhctrlui.dll
    15:56:56.0171 2892 C:\WINDOWS\System32\mui\0010\hhctrlui.dll - ok
    15:56:56.0171 2892 [ 476A0876C16D2CC3F5A46697CF37BEE7 ] C:\WINDOWS\System32\igfxsrvc.exe
    15:56:56.0171 2892 C:\WINDOWS\System32\igfxsrvc.exe - ok
    15:56:56.0171 2892 [ E5E34AB0B5B4214480F6E5D9B45F049F ] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    15:56:56.0171 2892 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe - ok
    15:56:56.0187 2892 [ 4C753B25E4B220546F19BAB79EF5D0FA ] C:\Acer\Empowering Technology\ePower\epm-dm.exe
    15:56:56.0187 2892 C:\Acer\Empowering Technology\ePower\epm-dm.exe - ok
    15:56:56.0203 2892 [ FF9AFBD2864BBEA6A9E7F90F8C94F6B7 ] C:\Programmi\AVG\AVG2013\avgidpsdkx.dll
    15:56:56.0203 2892 C:\Programmi\AVG\AVG2013\avgidpsdkx.dll - ok
    15:56:56.0203 2892 [ E9296800685ED622132C0E1FA9241F92 ] C:\Programmi\AVG\AVG2013\avgkrnlapix.dll
    15:56:56.0203 2892 C:\Programmi\AVG\AVG2013\avgkrnlapix.dll - ok
    15:56:56.0203 2892 [ 6C513EF3DAC738AEA18D0364DA73ED9B ] C:\WINDOWS\System32\CABINET.DLL
    15:56:56.0203 2892 C:\WINDOWS\System32\CABINET.DLL - ok
    15:56:56.0218 2892 [ 137D04B9D869486B0510D117650375E2 ] C:\WINDOWS\System32\MSNChatHook.dll
    15:56:56.0218 2892 C:\WINDOWS\System32\MSNChatHook.dll - ok
    15:56:56.0218 2892 [ 1981BBDF2BED9620916C8667509763E8 ] C:\WINDOWS\System32\sysenv.dll
    15:56:56.0218 2892 C:\WINDOWS\System32\sysenv.dll - ok
    15:56:56.0234 2892 [ 841A401331B3EC5C5662517FFFD3EA12 ] C:\WINDOWS\System32\igfxsrvc.dll
    15:56:56.0234 2892 C:\WINDOWS\System32\igfxsrvc.dll - ok
    15:56:56.0234 2892 [ BFC2A40FE739C453F5D02B7EEF41CA28 ] C:\WINDOWS\System32\igfxdev.dll
    15:56:56.0234 2892 C:\WINDOWS\System32\igfxdev.dll - ok
    15:56:56.0234 2892 [ 6C49E09F14A190AA0B98D776E2314569 ] C:\WINDOWS\System32\igfxres.dll
    15:56:56.0234 2892 C:\WINDOWS\System32\igfxres.dll - ok
    15:56:56.0250 2892 [ 7B93C623333F121DC9E689CCB1B7A733 ] C:\WINDOWS\System32\MFC71u.dll
    15:56:56.0250 2892 C:\WINDOWS\System32\MFC71u.dll - ok
    15:56:56.0250 2892 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\System32\msvcr71.dll
    15:56:56.0250 2892 C:\WINDOWS\System32\msvcr71.dll - ok
    15:56:56.0265 2892 [ E841E9B4D2F063C04427D1DF87E946A4 ] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe
    15:56:56.0265 2892 C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe - ok
    15:56:56.0265 2892 [ D5A33465209C6C07F4AEC31611F1AE5A ] C:\WINDOWS\System32\RegService.exe
    15:56:56.0265 2892 C:\WINDOWS\System32\RegService.exe - ok
    15:56:56.0265 2892 [ D68564FCFBDFC04280CDBBB37CF7EF7F ] C:\WINDOWS\System32\DRIVERS\EPM-PSD.SYS
    15:56:56.0265 2892 C:\WINDOWS\System32\DRIVERS\EPM-PSD.SYS - ok
    15:56:56.0281 2892 [ B6FCBB157E9C8ABDCA4134C535535A8B ] C:\WINDOWS\System32\CRYPTSVC.DLL
    15:56:56.0281 2892 C:\WINDOWS\System32\CRYPTSVC.DLL - ok
    15:56:56.0281 2892 [ 5CF15FF3825B893A54EA04DB54D305A6 ] C:\WINDOWS\System32\CERTCLI.DLL
    15:56:56.0281 2892 C:\WINDOWS\System32\CERTCLI.DLL - ok
    15:56:56.0296 2892 [ 2D0C4A7077F6C68449479F5444C580A7 ] C:\WINDOWS\System32\DRIVERS\EPM-SHD.SYS
    15:56:56.0296 2892 C:\WINDOWS\System32\DRIVERS\EPM-SHD.SYS - ok
    15:56:56.0296 2892 [ 0AEDEEE81CCE0FA63650DCB3CDAC11EE ] C:\Programmi\Launch Manager\QtZgAcer.EXE
    15:56:56.0296 2892 C:\Programmi\Launch Manager\QtZgAcer.EXE - ok
    15:56:56.0296 2892 [ B6599EDA9F3EBEF064504EE35BBECA1C ] C:\WINDOWS\System32\ERSVC.DLL
    15:56:56.0296 2892 C:\WINDOWS\System32\ERSVC.DLL - ok
    15:56:56.0312 2892 [ 0A5709543986843D37A92290B7838340 ] C:\Programmi\Java\JRE6\BIN\JQS.EXE
    15:56:56.0312 2892 C:\Programmi\Java\JRE6\BIN\JQS.EXE - ok
    15:56:56.0312 2892 [ 6CE66B51B4EB23D9D073F92698C55C8D ] C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\PCHSVC.DLL
    15:56:56.0312 2892 C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\PCHSVC.DLL - ok
    15:56:56.0328 2892 [ 43D985A9A51E0295091B6EBE84C96B78 ] C:\WINDOWS\System32\HIDSERV.DLL
    15:56:56.0328 2892 C:\WINDOWS\System32\HIDSERV.DLL - ok
    15:56:56.0328 2892 [ 0E53A5D31199A7587EE9F86B574FBB9F ] C:\WINDOWS\System32\HID.DLL
    15:56:56.0328 2892 C:\WINDOWS\System32\HID.DLL - ok
    15:56:56.0328 2892 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Programmi\Java\JRE6\BIN\MSVCR71.DLL
    15:56:56.0328 2892 C:\Programmi\Java\JRE6\BIN\MSVCR71.DLL - ok
    15:56:56.0343 2892 [ 8FC5C9AC20C29EF8DBCD4CCE6ACF8F31 ] C:\WINDOWS\System32\PDH.DLL
    15:56:56.0343 2892 C:\WINDOWS\System32\PDH.DLL - ok
    15:56:56.0343 2892 [ 1C3473B18F156B971E5EFDA1D8B4CE46 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
    15:56:56.0343 2892 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
    15:56:56.0359 2892 [ 3211CAA2B94BA366FDBAF63B02D2D861 ] C:\WINDOWS\System32\ODBCBCP.DLL
    15:56:56.0359 2892 C:\WINDOWS\System32\ODBCBCP.DLL - ok
    15:56:56.0359 2892 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
    15:56:56.0359 2892 C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
    15:56:56.0359 2892 [ 19244E7273811F13F6CD5B82E229E561 ] C:\WINDOWS\System32\regsvr32.exe
    15:56:56.0375 2892 C:\WINDOWS\System32\regsvr32.exe - ok
    15:56:56.0375 2892 [ 0F726D49C0B19E5A506A1CDFCE0EE42F ] C:\WINDOWS\System32\SRVSVC.DLL
    15:56:56.0375 2892 C:\WINDOWS\System32\SRVSVC.DLL - ok
    15:56:56.0375 2892 [ 0AB23B85BF9E4EFFDB203199BC907552 ] C:\WINDOWS\System32\KsUser.dll
    15:56:56.0375 2892 C:\WINDOWS\System32\KsUser.dll - ok
    15:56:56.0390 2892 [ 2294755FF578876B6C1BA274C5FABD73 ] C:\WINDOWS\System32\NETMSG.DLL
    15:56:56.0390 2892 C:\WINDOWS\System32\NETMSG.DLL - ok
    15:56:56.0390 2892 [ 8624E0E2418413614EE1FECDB7B76B88 ] C:\Programmi\Malwarebytes' Anti-Malware\MBAM.DLL
    15:56:56.0390 2892 C:\Programmi\Malwarebytes' Anti-Malware\MBAM.DLL - ok
    15:56:56.0390 2892 [ 1D45A7FF7949628D466E0E884EECAA85 ] C:\Programmi\Launch Manager\CDRomUtl.dll
    15:56:56.0390 2892 C:\Programmi\Launch Manager\CDRomUtl.dll - ok
    15:56:56.0406 2892 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\System32\DRIVERS\SRV.SYS
    15:56:56.0406 2892 C:\WINDOWS\System32\DRIVERS\SRV.SYS - ok
    15:56:56.0406 2892 [ D235C8EFA37FB2CEE1811315F82DB9E2 ] C:\Programmi\Launch Manager\ComFnUtl.dll
    15:56:56.0406 2892 C:\Programmi\Launch Manager\ComFnUtl.dll - ok
    15:56:56.0421 2892 [ 8E3122A02C3981A9681C814E2AE102F1 ] C:\Programmi\Launch Manager\MixerUtl.dll
    15:56:56.0421 2892 C:\Programmi\Launch Manager\MixerUtl.dll - ok
    15:56:56.0421 2892 [ D4467A285C91752018F67CDBA8680BAB ] C:\Programmi\Malwarebytes' Anti-Malware\MBAMNET.DLL
    15:56:56.0421 2892 C:\Programmi\Malwarebytes' Anti-Malware\MBAMNET.DLL - ok
    15:56:56.0421 2892 [ 1D8FCB6541E74894224296DCDAD6BEDF ] C:\Acer\Empowering Technology\admtray.exe
    15:56:56.0421 2892 C:\Acer\Empowering Technology\admtray.exe - ok
    15:56:56.0437 2892 [ 53EFAD61C380253E82FDBB03B9B90AF3 ] C:\Programmi\Launch Manager\OSDUtl.dll
    15:56:56.0437 2892 C:\Programmi\Launch Manager\OSDUtl.dll - ok
    15:56:56.0437 2892 [ DE1D9EC6289B93723E4EA3FB42F5B445 ] C:\WINDOWS\System32\Outlook Addin.dll
    15:56:56.0437 2892 C:\WINDOWS\System32\Outlook Addin.dll - ok
    15:56:56.0453 2892 [ 92ED2F5F4D72BFD5099BE4DD31F76422 ] C:\Programmi\Garzanti Linguistica\Italiano Clic\vb\ItaTray.exe
    15:56:56.0453 2892 C:\Programmi\Garzanti Linguistica\Italiano Clic\vb\ItaTray.exe - ok
    15:56:56.0453 2892 [ 7C9F2BDB1B6C5B3FDCFFE146E2B1CFEA ] C:\WINDOWS\System32\ActiveToolBand.dll
    15:56:56.0453 2892 C:\WINDOWS\System32\ActiveToolBand.dll - ok
    15:56:56.0453 2892 [ 5A1822B18FEE8807EB7EB33BA8CF9B0F ] C:\Programmi\Launch Manager\RgnMaker.dll
    15:56:56.0453 2892 C:\Programmi\Launch Manager\RgnMaker.dll - ok
    15:56:56.0468 2892 [ 0E34B7BB1FCF22BCC1E394D16F9E992B ] C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
    15:56:56.0468 2892 C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe - ok
    15:56:56.0468 2892 [ 02C6E6FFBB5A0DB4351A1D91F15C57EF ] C:\WINDOWS\System32\msvbvm60.dll
    15:56:56.0468 2892 C:\WINDOWS\System32\msvbvm60.dll - ok
    15:56:56.0484 2892 [ F6393B1B1F6F617F189DFA78112F5B24 ] C:\Acer\Empowering Technology\InstallNdis.dll
    15:56:56.0484 2892 C:\Acer\Empowering Technology\InstallNdis.dll - ok
    15:56:56.0484 2892 [ 3B144CFA6DB8A53946504F25C112A7DD ] C:\Acer\Empowering Technology\ServiceControl.dll
    15:56:56.0484 2892 C:\Acer\Empowering Technology\ServiceControl.dll - ok
    15:56:56.0500 2892 [ 8F2097E8B174F38178570C611464935F ] C:\WINDOWS\System32\ATL71.DLL
    15:56:56.0500 2892 C:\WINDOWS\System32\ATL71.DLL - ok
    15:56:56.0500 2892 [ D9EEC253D386CD47529A3826E5499478 ] C:\WINDOWS\System32\keyManager.dll
    15:56:56.0500 2892 C:\WINDOWS\System32\keyManager.dll - ok
    15:56:56.0500 2892 [ 35EAFA4F987A2B05F110C54173836066 ] C:\Programmi\Launch Manager\SzUPFUtl.dll
    15:56:56.0500 2892 C:\Programmi\Launch Manager\SzUPFUtl.dll - ok
    15:56:56.0515 2892 [ 07B26677483740E9DBB0EDEE7C575E20 ] C:\WINDOWS\System32\browselc.dll
    15:56:56.0515 2892 C:\WINDOWS\System32\browselc.dll - ok
    15:56:56.0515 2892 [ C92D20A6E35E232004D83DC10A78878A ] C:\Programmi\Microsoft Office\Office12\USP10.dll
    15:56:56.0515 2892 C:\Programmi\Microsoft Office\Office12\USP10.dll - ok
    15:56:56.0531 2892 [ 3E4C03CEFAD8DE135263236B61A49C90 ] C:\WINDOWS\System32\NeroCheck.exe
    15:56:56.0531 2892 C:\WINDOWS\System32\NeroCheck.exe - ok
    15:56:56.0531 2892 [ C9A8F1D76F468EB1C6E05949F5485B0D ] C:\Programmi\Launch Manager\Wnd2File.dll
    15:56:56.0531 2892 C:\Programmi\Launch Manager\Wnd2File.dll - ok
    15:56:56.0546 2892 [ E66532FD491AD5604C36916715FBA092 ] C:\Programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
    15:56:56.0546 2892 C:\Programmi\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
    15:56:56.0546 2892 [ 5D7989BA01090E76B5CC3296BAA0275C ] C:\Programmi\Launch Manager\MMDUtl.dll
    15:56:56.0546 2892 C:\Programmi\Launch Manager\MMDUtl.dll - ok
    15:56:56.0546 2892 [ AB3B99FD3C2DDFAC33D614FAEDACCF19 ] C:\WINDOWS\System32\CryptoAPI.dll
    15:56:56.0546 2892 C:\WINDOWS\System32\CryptoAPI.dll - ok
    15:56:56.0562 2892 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
    15:56:56.0562 2892 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
    15:56:56.0562 2892 [ 6A5B1C929BC83BA6F81A61543682B001 ] C:\WINDOWS\System32\VB6IT.DLL
    15:56:56.0562 2892 C:\WINDOWS\System32\VB6IT.DLL - ok
    15:56:56.0578 2892 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
    15:56:56.0578 2892 C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe - ok
    15:56:56.0578 2892 [ 21571843F5BD3B80D28E5B10AADD1394 ] C:\WINDOWS\System32\ShowErrMsg.dll
    15:56:56.0578 2892 C:\WINDOWS\System32\ShowErrMsg.dll - ok
    15:56:56.0593 2892 [ D51A4B912A90554B580A2401DFAB02A5 ] C:\WINDOWS\System32\rundll32.exe
    15:56:56.0593 2892 C:\WINDOWS\System32\rundll32.exe - ok
    15:56:56.0593 2892 [ 0EDF40E039D92EA5EB26BF01BE9ECC50 ] C:\Programmi\Launch Manager\LgKCUtl.Dll
    15:56:56.0593 2892 C:\Programmi\Launch Manager\LgKCUtl.Dll - ok
    15:56:56.0609 2892 [ 98A078F838A70F84E1BD490D7C7675F4 ] C:\Programmi\File comuni\Java\Java Update\jusched.exe
    15:56:56.0609 2892 C:\Programmi\File comuni\Java\Java Update\jusched.exe - ok
    15:56:56.0609 2892 [ 9DADF1A809ECEC86F04BDE35190D59FE ] C:\Programmi\AVG\AVG2013\avgui.exe
    15:56:56.0609 2892 C:\Programmi\AVG\AVG2013\avgui.exe - ok
    15:56:56.0609 2892 [ B940BCA9CDD77E1103B50A86564DAE63 ] C:\Programmi\Launch Manager\USBKCUtl.dll
    15:56:56.0609 2892 C:\Programmi\Launch Manager\USBKCUtl.dll - ok
    15:56:56.0625 2892 [ F53CDDEF33A4C41336A782BE3D170158 ] C:\WINDOWS\System32\ctfmon.exe
    15:56:56.0625 2892 C:\WINDOWS\System32\ctfmon.exe - ok
    15:56:56.0625 2892 [ E65739C8338665D8768AF12FCB8D8276 ] C:\Programmi\Launch Manager\HokHIDKC.dll
    15:56:56.0625 2892 C:\Programmi\Launch Manager\HokHIDKC.dll - ok
    15:56:56.0625 2892 [ FF4208EF4A06F45C245B1A76D95121F8 ] C:\WINDOWS\ime\sptip.dll
    15:56:56.0625 2892 C:\WINDOWS\ime\sptip.dll - ok
    15:56:56.0640 2892 [ 83D14F5FDB2366E93364A22DFE3E8C37 ] C:\Programmi\Launch Manager\DialCnt.dll
    15:56:56.0640 2892 C:\Programmi\Launch Manager\DialCnt.dll - ok
    15:56:56.0640 2892 [ 7043D485AEAE435312659FF1461F1491 ] C:\Programmi\File comuni\Microsoft Shared\OFFICE12\mso.dll
    15:56:56.0640 2892 C:\Programmi\File comuni\Microsoft Shared\OFFICE12\mso.dll - ok
    15:56:56.0656 2892 [ 0616984D75338427BBE68D30D20E8FA3 ] C:\Programmi\Messenger\msmsgs.exe
    15:56:56.0656 2892 C:\Programmi\Messenger\msmsgs.exe - ok
    15:56:56.0656 2892 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
    15:56:56.0656 2892 C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe - ok
    15:56:56.0656 2892 [ A1146BD3E8BC10614D41DCADBE449AE8 ] C:\WINDOWS\System32\xpob2res.dll
    15:56:56.0656 2892 C:\WINDOWS\System32\xpob2res.dll - ok
    15:56:56.0671 2892 [ 4BE1DCAD76BE96D1EC887A41E570C404 ] C:\Programmi\Malwarebytes' Anti-Malware\mbamcore.dll
    15:56:56.0671 2892 C:\Programmi\Malwarebytes' Anti-Malware\mbamcore.dll - ok
    15:56:56.0671 2892 [ 533AECD1B5356870AE2D905B4D3B42B7 ] C:\Programmi\Microsoft Office\Office12\GrooveMisc.dll
    15:56:56.0671 2892 C:\Programmi\Microsoft Office\Office12\GrooveMisc.dll - ok
    15:56:56.0687 2892 [ F3DE10AABD5C7A1A186C9966F037D0C0 ] C:\WINDOWS\System32\mfc100u.dll
    15:56:56.0687 2892 C:\WINDOWS\System32\mfc100u.dll - ok
    15:56:56.0687 2892 [ 7CF1B716372B89568AE4C0FE769F5869 ] C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    15:56:56.0687 2892 C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE - ok
    15:56:56.0687 2892 [ 87B216B2485104CE05AE07E0CAE49347 ] C:\WINDOWS\System32\igfxext.exe
    15:56:56.0687 2892 C:\WINDOWS\System32\igfxext.exe - ok
    15:56:56.0703 2892 [ 51258D45A148247A775166808C228653 ] C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\1040\MDMUI.DLL
    15:56:56.0703 2892 C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\1040\MDMUI.DLL - ok
    15:56:56.0703 2892 [ 7853D2AB445C10F97610B2B05FA4CF0A ] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
    15:56:56.0703 2892 C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe - ok
    15:56:56.0718 2892 [ E246A32C445056996074A397DA56E815 ] C:\WINDOWS\System32\DRIVERS\MDMXSDK.SYS
    15:56:56.0718 2892 C:\WINDOWS\System32\DRIVERS\MDMXSDK.SYS - ok
    15:56:56.0718 2892 [ B7DB526AAB135F13F8DF16B786ADD8A6 ] C:\WINDOWS\System32\igfxexps.dll
    15:56:56.0718 2892 C:\WINDOWS\System32\igfxexps.dll - ok
    15:56:56.0734 2892 [ 9D1177C2A8DE936B33D85FF75E8CBF1A ] C:\WINDOWS\System32\DRIVERS\OSAIO.SYS
    15:56:56.0734 2892 C:\WINDOWS\System32\DRIVERS\OSAIO.SYS - ok
    15:56:56.0734 2892 [ 3245BEE5176697FAF0744A2E1288DC77 ] C:\WINDOWS\System32\DRIVERS\OSANBM.SYS
    15:56:56.0734 2892 C:\WINDOWS\System32\DRIVERS\OSANBM.SYS - ok
    15:56:56.0734 2892 [ C7D010BD8BCEF2EB3FCA8F7CD3C08D9F ] C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSORES.DLL
    15:56:56.0734 2892 C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSORES.DLL - ok
    15:56:56.0750 2892 [ 5BA846C7A92EE87DFA53F3B8F939A7FE ] C:\WINDOWS\System32\ipsecsvc.dll
    15:56:56.0750 2892 C:\WINDOWS\System32\ipsecsvc.dll - ok
    15:56:56.0750 2892 [ 317C54DCAB9EE29CD4B9F55D197A90D1 ] C:\WINDOWS\System32\MSISIP.DLL
    15:56:56.0750 2892 C:\WINDOWS\System32\MSISIP.DLL - ok
    15:56:56.0765 2892 [ E299DC00E2953097C62D124F06DD637D ] C:\WINDOWS\System32\upnp.dll
    15:56:56.0765 2892 C:\WINDOWS\System32\upnp.dll - ok
    15:56:56.0765 2892 [ 68A4629A901CFB5B6628AF55AE0D0808 ] C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    15:56:56.0765 2892 C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe - ok
    15:56:56.0765 2892 [ 977C9B2DAA5DD4503CA2B9A426746BA7 ] C:\WINDOWS\System32\wshext.dll
    15:56:56.0765 2892 C:\WINDOWS\System32\wshext.dll - ok
    15:56:56.0781 2892 [ 46645A81C9673DB68D846DFD3DE4297A ] C:\WINDOWS\System32\SSDPAPI.dll
    15:56:56.0781 2892 C:\WINDOWS\System32\SSDPAPI.dll - ok
    15:56:56.0781 2892 [ 9D85CE8B74780AD62FD22A5605D40B4A ] C:\WINDOWS\System32\oakley.DLL
    15:56:56.0781 2892 C:\WINDOWS\System32\oakley.DLL - ok
    15:56:56.0796 2892 [ E9AF8B12CFFC04C0F4399ED8E4D3826E ] C:\Programmi\Microsoft Silverlight\xapauthenticodesip.dll
    15:56:56.0796 2892 C:\Programmi\Microsoft Silverlight\xapauthenticodesip.dll - ok
    15:56:56.0796 2892 [ 63A82BBFF9EC21282EDE2DCEE21A26CE ] C:\WINDOWS\System32\WINIPSEC.DLL
    15:56:56.0796 2892 C:\WINDOWS\System32\WINIPSEC.DLL - ok
    15:56:56.0796 2892 [ 3B9263E137896E4D303494F116E00608 ] C:\WINDOWS\System32\wiaservc.dll
    15:56:56.0796 2892 C:\WINDOWS\System32\wiaservc.dll - ok
    15:56:56.0812 2892 [ B3E3DA70A7A76E69B872DE3D06D32C19 ] C:\WINDOWS\System32\srsvc.dll
    15:56:56.0812 2892 C:\WINDOWS\System32\srsvc.dll - ok
    15:56:56.0812 2892 [ FBCB6A7B45A57965B624DAA9978B7FBA ] C:\WINDOWS\System32\cfgmgr32.dll
    15:56:56.0812 2892 C:\WINDOWS\System32\cfgmgr32.dll - ok
    15:56:56.0828 2892 [ 45D5ABF76B71129865882D95A91E66E6 ] C:\WINDOWS\System32\mscms.dll
    15:56:56.0828 2892 C:\WINDOWS\System32\mscms.dll - ok
    15:56:56.0828 2892 [ 62C26D6040C8A2303ADE2F18A414DE7A ] C:\WINDOWS\System32\pstorsvc.dll
    15:56:56.0828 2892 C:\WINDOWS\System32\pstorsvc.dll - ok
    15:56:56.0843 2892 [ C2FF17734176CD15221C10044EF0BA1A ] C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    15:56:56.0843 2892 C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe - ok
    15:56:56.0843 2892 [ 3A70B88E0ABE9A53B808385C23F308FB ] C:\WINDOWS\System32\psbase.dll
    15:56:56.0843 2892 C:\WINDOWS\System32\psbase.dll - ok
    15:56:56.0843 2892 [ A0ECA1CE0FCCB29C5E4E1F416E95E73E ] C:\WINDOWS\System32\sens.dll
    15:56:56.0843 2892 C:\WINDOWS\System32\sens.dll - ok
    15:56:56.0859 2892 [ 17C6354CA08E7C7972E12C67478AE134 ] C:\WINDOWS\System32\seclogon.dll
    15:56:56.0859 2892 C:\WINDOWS\System32\seclogon.dll - ok
    15:56:56.0859 2892 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\System32\dssenh.dll
    15:56:56.0859 2892 C:\WINDOWS\System32\dssenh.dll - ok
    15:56:56.0875 2892 [ 1F754592AFA0F41ACD99909E422A33FC ] C:\Programmi\File comuni\Microsoft Shared\OFFICE12\1040\MSOINTL.DLL
    15:56:56.0875 2892 C:\Programmi\File comuni\Microsoft Shared\OFFICE12\1040\MSOINTL.DLL - ok
    15:56:56.0875 2892 [ 076D11B52F066ED33E3A80F8070A3E2E ] C:\WINDOWS\System32\browser.dll
    15:56:56.0875 2892 C:\WINDOWS\System32\browser.dll - ok
    15:56:56.0875 2892 [ CC48415E6C7CBAA441A3D6A6DCCBCFA6 ] C:\WINDOWS\System32\wuauserv.dll
    15:56:56.0875 2892 C:\WINDOWS\System32\wuauserv.dll - ok
    15:56:56.0890 2892 [ A99884AEAC9C704600C6F5A44B3F7694 ] C:\WINDOWS\System32\mfc100ita.dll
    15:56:56.0890 2892 C:\WINDOWS\System32\mfc100ita.dll - ok
    15:56:56.0890 2892 [ 9D6DBE249EE42FC82FCB5C016EAD7B6E ] C:\WINDOWS\System32\sti.dll
    15:56:56.0890 2892 C:\WINDOWS\System32\sti.dll - ok
    15:56:56.0906 2892 [ 40911E98D0F1CBB1015F2101982F1DDF ] C:\WINDOWS\System32\WBEM\wmisvc.dll
    15:56:56.0906 2892 C:\WINDOWS\System32\WBEM\wmisvc.dll - ok
    15:56:56.0906 2892 [ A02F896D20134D7A5F609A368CECBBA1 ] C:\WINDOWS\System32\VSSAPI.DLL
    15:56:56.0906 2892 C:\WINDOWS\System32\VSSAPI.DLL - ok
    15:56:56.0906 2892 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\System32\wuaueng.dll
    15:56:56.0906 2892 C:\WINDOWS\System32\wuaueng.dll - ok
    15:56:56.0921 2892 [ 542D0B7FD3FCFF89C563612A78B9735A ] C:\WINDOWS\System32\drprov.dll
    15:56:56.0921 2892 C:\WINDOWS\System32\drprov.dll - ok
    15:56:56.0921 2892 [ 22A381A946C17D078A2544CCB8A36EBA ] C:\WINDOWS\System32\ntlanman.dll
    15:56:56.0921 2892 C:\WINDOWS\System32\ntlanman.dll - ok
    15:56:56.0937 2892 [ 376732B64D458251F38247FB885F3C44 ] C:\WINDOWS\System32\mspatcha.dll
    15:56:56.0937 2892 C:\WINDOWS\System32\mspatcha.dll - ok
    15:56:56.0937 2892 [ DFCF73F96D2DCD4B1959DDEEC55CDD57 ] C:\WINDOWS\System32\NETUI0.dll
    15:56:56.0937 2892 C:\WINDOWS\System32\NETUI0.dll - ok
    15:56:56.0937 2892 [ C15DBEA67C9CE16867718642AFE1963B ] C:\WINDOWS\System32\NETUI1.dll
    15:56:56.0937 2892 C:\WINDOWS\System32\NETUI1.dll - ok
    15:56:56.0953 2892 [ 8482A1F5D0C5D4C18375E3E1FC72DC13 ] C:\WINDOWS\System32\davclnt.dll
    15:56:56.0953 2892 C:\WINDOWS\System32\davclnt.dll - ok
    15:56:56.0953 2892 [ 690294999DF1248FAF85D95B31955D0C ] C:\WINDOWS\System32\trkwks.dll
    15:56:56.0953 2892 C:\WINDOWS\System32\trkwks.dll - ok
    15:56:56.0968 2892 [ 6B85F1A9DCE45D45BFFAD3222C21F297 ] C:\WINDOWS\System32\tapisrv.dll
    15:56:56.0968 2892 C:\WINDOWS\System32\tapisrv.dll - ok
    15:56:56.0968 2892 [ 09D1E91F31A048238BA26E9E86AF8259 ] C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
    15:56:56.0968 2892 C:\Programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll - ok
    15:56:56.0968 2892 [ 926D921C93CFF1E19EF4DE3E4C8368CA ] C:\WINDOWS\System32\wscsvc.dll
    15:56:56.0968 2892 C:\WINDOWS\System32\wscsvc.dll - ok
    15:56:56.0984 2892 [ 152C0555925DFE028E3148FD215146BB ] C:\WINDOWS\System32\ipnathlp.dll
    15:56:56.0984 2892 C:\WINDOWS\System32\ipnathlp.dll - ok
    15:56:56.0984 2892 [ C8BD698B9DCF8C4C048F3CEF6BD1851E ] C:\WINDOWS\System32\WBEM\wbemcore.dll
    15:56:56.0984 2892 C:\WINDOWS\System32\WBEM\wbemcore.dll - ok
    15:56:57.0000 2892 [ E9477D55E2DE0D0AAC535EE80D077C64 ] C:\WINDOWS\System32\WBEM\esscli.dll
    15:56:57.0000 2892 C:\WINDOWS\System32\WBEM\esscli.dll - ok
    15:56:57.0000 2892 [ 9730643AB698D3B7F19D9192E4D3E4B0 ] C:\Programmi\AVG\AVG2013\avgidpmx.dll
    15:56:57.0000 2892 C:\Programmi\AVG\AVG2013\avgidpmx.dll - ok
    15:56:57.0000 2892 [ B35FCD73317D0B73AF3E8E9050835BD6 ] C:\WINDOWS\System32\WBEM\FastProx.dll
    15:56:57.0000 2892 C:\WINDOWS\System32\WBEM\FastProx.dll - ok
    15:56:57.0015 2892 [ 2557F6987A4F933878CC459EC7A20632 ] C:\WINDOWS\System32\MSFTEDIT.DLL
    15:56:57.0015 2892 C:\WINDOWS\System32\MSFTEDIT.DLL - ok
    15:56:57.0015 2892 [ 203D5ECB5CCDA683053CDA42DFF03573 ] C:\WINDOWS\System32\netfxperf.dll
    15:56:57.0015 2892 C:\WINDOWS\System32\netfxperf.dll - ok
    15:56:57.0031 2892 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\System32\mscoree.dll
    15:56:57.0031 2892 C:\WINDOWS\System32\mscoree.dll - ok
    15:56:57.0031 2892 [ 2F0386C44AEEBDF02E477F0A932A9FD0 ] C:\WINDOWS\System32\6to4svc.dll
    15:56:57.0031 2892 C:\WINDOWS\System32\6to4svc.dll - ok
    15:56:57.0031 2892 [ F0DD5CEA69EFD6C28772FF409A362CDC ] C:\WINDOWS\System32\WBEM\wbemsvc.dll
    15:56:57.0031 2892 C:\WINDOWS\System32\WBEM\wbemsvc.dll - ok
    15:56:57.0046 2892 [ F8FB4ADE197638AF6F0AF0DF0D199742 ] C:\WINDOWS\System32\fxssvc.exe
    15:56:57.0046 2892 C:\WINDOWS\System32\fxssvc.exe - ok
    15:56:57.0046 2892 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\System32\wups.dll
    15:56:57.0046 2892 C:\WINDOWS\System32\wups.dll - ok
    15:56:57.0062 2892 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\System32\wups2.dll
    15:56:57.0062 2892 C:\WINDOWS\System32\wups2.dll - ok
    15:56:57.0062 2892 [ DE35D659575C700BA4E8E912671EA4BA ] C:\Programmi\AVG\AVG2013\avgdiagex.exe
    15:56:57.0062 2892 C:\Programmi\AVG\AVG2013\avgdiagex.exe - ok
    15:56:57.0062 2892 [ A1DAF324EE74EB4AF15BD2D0EF29D682 ] C:\WINDOWS\System32\WBEM\wmiutils.dll
    15:56:57.0062 2892 C:\WINDOWS\System32\WBEM\wmiutils.dll - ok
    15:56:57.0078 2892 [ C5A9554406507AB2AB341B221D97519D ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
    15:56:57.0078 2892 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll - ok
    15:56:57.0078 2892 [ 95312C435CF16B344CF5FB331C13B983 ] C:\WINDOWS\System32\WBEM\repdrvfs.dll
    15:56:57.0078 2892 C:\WINDOWS\System32\WBEM\repdrvfs.dll - ok
    15:56:57.0093 2892 [ 751EEDB874FD17A6F26B9E2CC5E19170 ] C:\Programmi\AVG\AVG2013\avglngx.dll
    15:56:57.0093 2892 C:\Programmi\AVG\AVG2013\avglngx.dll - ok
    15:56:57.0093 2892 [ 7C008A49062981795B40EAA7565AB05F ] C:\WINDOWS\System32\WBEM\wmiprvsd.dll
    15:56:57.0093 2892 C:\WINDOWS\System32\WBEM\wmiprvsd.dll - ok
    15:56:57.0109 2892 [ 112BFE25063987C6637E00DF4F55E326 ] C:\WINDOWS\System32\shdoclc.dll
    15:56:57.0109 2892 C:\WINDOWS\System32\shdoclc.dll - ok
    15:56:57.0109 2892 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\System32\wuauclt.exe
    15:56:57.0109 2892 C:\WINDOWS\System32\wuauclt.exe - ok
    15:56:57.0109 2892 [ 8BD5F71489EC369B386C65B3916E87F2 ] C:\WINDOWS\System32\WBEM\wbemess.dll
    15:56:57.0109 2892 C:\WINDOWS\System32\WBEM\wbemess.dll - ok
    15:56:57.0125 2892 [ EB74C861075ECFA1B51B396615387657 ] C:\Programmi\AVG\AVG2013\avguires.dll
    15:56:57.0125 2892 C:\Programmi\AVG\AVG2013\avguires.dll - ok
    15:56:57.0125 2892 [ E125E64CF005D0DF4E378287B9EB0148 ] C:\WINDOWS\System32\fxstiff.dll
    15:56:57.0125 2892 C:\WINDOWS\System32\fxstiff.dll - ok
    15:56:57.0125 2892 [ 5643DDFB9530F29D9B99A90AEB095EEB ] C:\WINDOWS\System32\fxsapi.dll
    15:56:57.0125 2892 C:\WINDOWS\System32\fxsapi.dll - ok
    15:56:57.0140 2892 [ A0D9E43450BF83B5B5B7A839667B21F3 ] C:\WINDOWS\System32\shfolder.dll
    15:56:57.0140 2892 C:\WINDOWS\System32\shfolder.dll - ok
    15:56:57.0140 2892 [ CE561A170B2D0940DEEB5BDD29AB1163 ] C:\WINDOWS\System32\fxst30.dll
    15:56:57.0140 2892 C:\WINDOWS\System32\fxst30.dll - ok
    15:56:57.0156 2892 [ 55F24E9EEB160A8A2C2E0CF2A25A4A39 ] C:\WINDOWS\System32\fxsroute.dll
    15:56:57.0156 2892 C:\WINDOWS\System32\fxsroute.dll - ok
    15:56:57.0156 2892 [ FB53A700132D9A97D1E10E9F80BD6174 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    15:56:57.0156 2892 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
    15:56:57.0156 2892 [ 4BA02FE4E2F2B908D71C2FE6806761AE ] C:\WINDOWS\System32\unimdm.tsp
    15:56:57.0156 2892 C:\WINDOWS\System32\unimdm.tsp - ok
    15:56:57.0171 2892 [ 92F7F6A0C50AA071CED285886FC863E4 ] C:\WINDOWS\System32\uniplat.dll
    15:56:57.0171 2892 C:\WINDOWS\System32\uniplat.dll - ok
    15:56:57.0171 2892 [ B15B70D31190862AD9CB2AB5F633E178 ] C:\WINDOWS\System32\unimdmat.dll
    15:56:57.0171 2892 C:\WINDOWS\System32\unimdmat.dll - ok
    15:56:57.0187 2892 [ 49C1DFACBCFB12EC4113D40C230378E3 ] C:\WINDOWS\System32\modemui.dll
    15:56:57.0187 2892 C:\WINDOWS\System32\modemui.dll - ok
    15:56:57.0187 2892 [ D2BD3E96C0D0E71A93E4F07D1F970013 ] C:\WINDOWS\System32\kmddsp.tsp
    15:56:57.0187 2892 C:\WINDOWS\System32\kmddsp.tsp - ok
    15:56:57.0203 2892 [ B12C1BA06AA2343F2CE0B27A189083CA ] C:\WINDOWS\System32\ndptsp.tsp
    15:56:57.0203 2892 C:\WINDOWS\System32\ndptsp.tsp - ok
    15:56:57.0203 2892 [ 2E61C409474416CC78D66300F1BCB722 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
    15:56:57.0203 2892 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll - ok
    15:56:57.0218 2892 [ 72082948BBA4294F1D1B2D955E14281D ] C:\WINDOWS\System32\ipconf.tsp
    15:56:57.0218 2892 C:\WINDOWS\System32\ipconf.tsp - ok
    15:56:57.0218 2892 [ F7E915FA38C119101873AE5E0E7C8B66 ] C:\Programmi\AVG\AVG2013\avgapps.dll
    15:56:57.0218 2892 C:\Programmi\AVG\AVG2013\avgapps.dll - ok
    15:56:57.0218 2892 [ 73186E0E4AA65CAD2C68B417AFF9494F ] C:\WINDOWS\System32\h323.tsp
    15:56:57.0218 2892 C:\WINDOWS\System32\h323.tsp - ok
    15:56:57.0234 2892 [ F1430F5D20F4BB71A003209C3DB3ADDF ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
    15:56:57.0234 2892 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll - ok
    15:56:57.0234 2892 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\System32\wuapi.dll
    15:56:57.0234 2892 C:\WINDOWS\System32\wuapi.dll - ok
    15:56:57.0250 2892 [ 0645AAAD99C516182EA6CBAD0D3238EC ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    15:56:57.0250 2892 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - ok
    15:56:57.0250 2892 [ EFC7E8B8B2825A1DC7CEAE82526A71DB ] C:\WINDOWS\System32\hidphone.tsp
    15:56:57.0250 2892 C:\WINDOWS\System32\hidphone.tsp - ok
    15:56:57.0265 2892 [ 73BE88DF9B642D232F27B4D0BB23C55E ] C:\WINDOWS\System32\WBEM\ncprov.dll
    15:56:57.0265 2892 C:\WINDOWS\System32\WBEM\ncprov.dll - ok
    15:56:57.0265 2892 [ 62AD41548E720DB4763B86F95E44F3FA ] C:\WINDOWS\System32\rasmans.dll
    15:56:57.0265 2892 C:\WINDOWS\System32\rasmans.dll - ok
    15:56:57.0265 2892 [ 7152C3BABE5F5F438CAE0866D5D97D94 ] C:\WINDOWS\System32\query.dll
    15:56:57.0265 2892 C:\WINDOWS\System32\query.dll - ok
    15:56:57.0281 2892 [ 4BFF19449E6E422BB0A314BE61BAFE13 ] C:\WINDOWS\System32\WBEM\wbemcons.dll
    15:56:57.0281 2892 C:\WINDOWS\System32\WBEM\wbemcons.dll - ok
    15:56:57.0281 2892 [ 6798618B8308C47FAF3FE127645CD561 ] C:\WINDOWS\System32\fxsperf.dll
    15:56:57.0281 2892 C:\WINDOWS\System32\fxsperf.dll - ok
    15:56:57.0296 2892 [ 3B90A7B999B837AB74C1669CE94F11E3 ] C:\WINDOWS\System32\perfctrs.dll
    15:56:57.0296 2892 C:\WINDOWS\System32\perfctrs.dll - ok
    15:56:57.0296 2892 [ FE5A5329CCFC33D645C33077FF04F052 ] C:\WINDOWS\System32\termsrv.dll
    15:56:57.0296 2892 C:\WINDOWS\System32\termsrv.dll - ok
    15:56:57.0296 2892 [ 02DC62D00B92C4F7332E0C8EB37B697B ] C:\WINDOWS\System32\ICAAPI.dll
    15:56:57.0296 2892 C:\WINDOWS\System32\ICAAPI.dll - ok
    15:56:57.0312 2892 [ 3294AF37E37AF48FFECE1063EFEC8AD8 ] C:\WINDOWS\System32\mstlsapi.dll
    15:56:57.0312 2892 C:\WINDOWS\System32\mstlsapi.dll - ok
    15:56:57.0312 2892 [ DB491237445F172FDDDF00541DE1A51D ] C:\WINDOWS\System32\imapi.exe
    15:56:57.0312 2892 C:\WINDOWS\System32\imapi.exe - ok
    15:56:57.0328 2892 [ 2C88B7A18EE8FDB4135B64C603CCBD16 ] C:\Programmi\Microsoft Office\Office12\OLMAPI32.DLL
    15:56:57.0328 2892 C:\Programmi\Microsoft Office\Office12\OLMAPI32.DLL - ok
    15:56:57.0328 2892 [ 1B086DD0B2E545520EE08796C272B7D9 ] C:\WINDOWS\System32\perfdisk.dll
    15:56:57.0328 2892 C:\WINDOWS\System32\perfdisk.dll - ok
    15:56:57.0328 2892 [ 713B5C1876CFC66B078CB24EDD7360EB ] C:\WINDOWS\System32\perfnet.dll
    15:56:57.0328 2892 C:\WINDOWS\System32\perfnet.dll - ok
    15:56:57.0343 2892 [ 4947ABE477BE2882F64802583C6A71F7 ] C:\WINDOWS\System32\perfos.dll
    15:56:57.0343 2892 C:\WINDOWS\System32\perfos.dll - ok
    15:56:57.0343 2892 [ 2EAAD12DD46433170AD1A288890CF54D ] C:\WINDOWS\System32\perfproc.dll
    15:56:57.0343 2892 C:\WINDOWS\System32\perfproc.dll - ok
    15:56:57.0359 2892 [ C3F00DF9FEC67EFE0D698AC432261FC3 ] C:\WINDOWS\System32\pschdprf.dll
    15:56:57.0359 2892 C:\WINDOWS\System32\pschdprf.dll - ok
    15:56:57.0375 2892 [ 204C86E44404A965DB178D9A769FD002 ] C:\WINDOWS\System32\TRAFFIC.dll
    15:56:57.0375 2892 C:\WINDOWS\System32\TRAFFIC.dll - ok
    15:56:57.0375 2892 [ B1F16DFD4116AB0D8C2444CB277F103B ] C:\WINDOWS\System32\rasctrs.dll
    15:56:57.0375 2892 C:\WINDOWS\System32\rasctrs.dll - ok
    15:56:57.0390 2892 [ A78EE88512361BC1B9BDF9985E3A8EF4 ] C:\WINDOWS\System32\rsvpperf.dll
    15:56:57.0390 2892 C:\WINDOWS\System32\rsvpperf.dll - ok
    15:56:57.0390 2892 [ B5D91042119372579F52237AFBA5AE7F ] C:\WINDOWS\System32\tapiperf.dll
    15:56:57.0390 2892 C:\WINDOWS\System32\tapiperf.dll - ok
    15:56:57.0390 2892 [ 690161A7B211C5D8B237E1B6E49401AB ] C:\WINDOWS\System32\perfts.dll
    15:56:57.0390 2892 C:\WINDOWS\System32\perfts.dll - ok
    15:56:57.0406 2892 [ C42C6C2166DE8248CE38E7FE76AA373E ] C:\WINDOWS\System32\UTILDLL.dll
    15:56:57.0406 2892 C:\WINDOWS\System32\UTILDLL.dll - ok
    15:56:57.0406 2892 [ 9FC50A59A11A7B0FA9A949DA82E3EE64 ] C:\WINDOWS\System32\WBEM\wmiaprpl.dll
    15:56:57.0406 2892 C:\WINDOWS\System32\WBEM\wmiaprpl.dll - ok
    15:56:57.0406 2892 [ 9AD52F10C0BCC960BE4478571D37EC01 ] C:\WINDOWS\System32\loadperf.dll
    15:56:57.0406 2892 C:\WINDOWS\System32\loadperf.dll - ok
    15:56:57.0421 2892 ============================================================
    15:56:57.0421 2892 Scan finished
    15:56:57.0421 2892 ============================================================
    15:56:57.0546 2896 Detected object count: 17
    15:56:57.0546 2896 Actual detected object count: 17
    16:03:25.0281 2896 C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe - copied to quarantine
    16:03:25.0281 2896 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:25.0359 2896 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine
    16:03:25.0359 2896 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:25.0468 2896 C:\WINDOWS\system32\RegService.exe - copied to quarantine
    16:03:25.0484 2896 Communication Modem Device Manager II ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:25.0593 2896 C:\WINDOWS\system32\drivers\epm-psd.sys - copied to quarantine
    16:03:25.0593 2896 EpmPsd ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:25.0640 2896 C:\WINDOWS\system32\drivers\epm-shd.sys - copied to quarantine
    16:03:25.0640 2896 EpmShd ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:25.0843 2896 C:\Programmi\Intel\Wireless\Bin\EvtEng.exe - copied to quarantine
    16:03:25.0859 2896 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:26.0015 2896 C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe - copied to quarantine
    16:03:26.0015 2896 MDM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:26.0125 2896 C:\WINDOWS\system32\Drivers\NdisFilt.sys - copied to quarantine
    16:03:26.0140 2896 NdisFilt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:26.0203 2896 C:\WINDOWS\system32\DRIVERS\NETMNT.sys - copied to quarantine
    16:03:26.0203 2896 NETMNT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:26.0312 2896 C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys - copied to quarantine
    16:03:26.0312 2896 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:26.0375 2896 C:\WINDOWS\system32\drivers\OsaFsLoc.sys - copied to quarantine
    16:03:26.0375 2896 OsaFsLoc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:26.0468 2896 C:\WINDOWS\system32\drivers\osaio.sys - copied to quarantine
    16:03:26.0484 2896 osaio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:26.0593 2896 C:\WINDOWS\system32\drivers\osanbm.sys - copied to quarantine
    16:03:26.0593 2896 osanbm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:26.0687 2896 C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe - copied to quarantine
    16:03:26.0687 2896 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:26.0843 2896 C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe - copied to quarantine
    16:03:26.0843 2896 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:26.0921 2896 C:\WINDOWS\system32\DRIVERS\s24trans.sys - copied to quarantine
    16:03:26.0921 2896 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:03:27.0156 2896 C:\Programmi\PC Connectivity Solution\ServiceLayer.exe - copied to quarantine
    16:03:27.0156 2896 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    16:04:25.0750 1708 Deinitialize success
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    It is never a good idea to quarantine files just because they are unsigned, any unsigned file is classed as suspicious just for that very reason.
    Trouble is, suspicious does not always mean malicious. What has happened since that action was taken, how is the system responding?
    When TDSSKiller flags an unsigned file it also lists the MD5 for the file in the log, we can easily check that MD5 and make a decision on that. Unfortunately you have already made the decision.
    I`ll have to list a fix to get those files back, will post this later......
     
  13. Tecnico Italiano

    Tecnico Italiano Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    34
    Sorry! The options in the program did not seem to correspond exactly to what you wrote, so I felt I had to improvise. And the option they give is named "Copy to quarantine" -- not "Move to quarantine" -- so I assumed that it would be something easy to undo. But I have opened TDSSKiller, and I don't see any option for undoing this. Nevertheless I have checked at random a couple of the original directories, and the original files are still there, so it seems they were merely copied rather than moved.

    As for the computer's present condition, it is unchanged:

    1. It boots into normal XP just fine, no RUNDLL popups. [Incidentally, in addition to the two RUNDLL popups and their error sound, there has been since the beginning, whenever I boot into normal XP, a tone of two piano keys, the second one higher than the first. I don't know which file *.wmv this corresponds to. It is heard after all of the desktop icons and most of the taskbar icons have appeared. One of the last taskbar icons to appear, for Windows Messenger, happens to be crossed out, and hovering over it gives the message, "Windows Messenger - Not connected".] The only other symptom that was apparent in XP's normal mode was ComboFix hanging when it reached the point where it started deleting folders. Because the 17 files copied to quarantine are apparently still in their original folders, I haven't tried running ComboFix again, but I could try that.

    2. All three of the safe modes end in blue screen 7B. The screen vanishes quickly, but I believe that the digits following "7B" are the following: "(0xF7B8F528)". The only other difference is this: because ComboFix downloaded and installed the recovery console, there are now three options at the first level when I press F8 during booting:

    Microsoft Windows Recovery Console
    do not select this [debugger attivato]
    Microsoft Windows XP Home Edition

    Thank you very much for your help.
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,377
    First Name:
    Kevin
    Apologies regarding TDSSKiller and copy to quarantine debacle, it was always understood the problem file would be deleted and a copy held in Quarantine, there is even an application available to put the files back from Quarantine to applicable system folder....

    Can you run the following:

    Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.

    • Quit all running programs
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • Wait until Prescan has finished...
    • The following EULA will appear, please select accept

      [​IMG]
    • Ensure MBR scan, Check faked and AntiRootkit are checked
    • Select Scan

      [​IMG]
    • When the scan completes select Report, copy and paste that to your reply.

      [​IMG]
    • The log should be found in RKreport[?].txt on your Desktop
    • Exit/Close RogueKiller

    Let me see that log, also when you mention Safemode issue, do you mean the the system crashes to a Blue Screen of Death BSOD when you try to run Safemode
     
  15. Tecnico Italiano

    Tecnico Italiano Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    34
    When I double-clicked on RogueKiller.exe it did not carry out any prescan. When I opened it the status was "Waiting...", and this remained unchanged for as long as I waited. And there was no prompt to accept an EULA. But after waiting a few minutes I carried out the scan as per your instructions, and the log is below.

    Yes, ever since the beginning I have received a blue screen (BSOD) 7B any time I try to boot into either Safe Mode, Safe Mode with Networking, or Safe Mode with DOS Prompt. It vanishes after a split second, and unless I press F8 again the computer goes ahead and boots into XP normally.

    I checked the availability of the safe modes on this computer because a couple of weeks earlier I had seen a computer with the "Il vostro computer è stato bloccato" ransomware rootkit at full strength: when one booted up XP normally, within a few seconds after the appearance of the desktop icons the fake-police splash page appeared, and disabled anything (including Ctrl+Alt+Del to open task manager and Alt+Tab to cycle between open windows) except the mouse and keyboard to move to the payment section and pay money via Ukash. If I acted quickly at startup I was able to open task manager and begin looking at open processes, but within a second or two the splash screen would appear and it was impossible to return to task manager using Alt+Tab. There was nothing that could be done in normal mode, so I looked at the safe modes, and they all worked. In fact the various instructions one finds online for removing this virus all say to boot into safe mode with networking, that is IF the virus has not disabled the safe modes, as some variants of it are able to do. (The person who had the virus at full strength apparently decided not to go ahead and remove the virus, probably because he feared that the computer tech doing the removal might see some dirty stuff he had on his computer -- he called his lawyer even before he called me -- so he may have taken his computer to have it reformatted instead.)


    RogueKiller V8.4.3 [Jan 26 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Giuseppe [Admin rights]
    Mode : Scan -- Date : 01/26/2013 20:11:42
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\Documents and Settings\All Users\Dati applicazioni\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ SMENU] HKLM\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [Faked.Drv][FILE] wmilib.sys : C:\WINDOWS\system32\drivers\wmilib.sys --> CANNOT FIX
    [Faked.Drv][FILE] dmload.sys : C:\WINDOWS\system32\drivers\dmload.sys --> CANNOT FIX
    [Faked.Drv][FILE] ipnat.sys : C:\WINDOWS\system32\drivers\ipnat.sys --> CANNOT FIX
    [Faked.Drv][FILE] ipinip.sys : C:\WINDOWS\system32\drivers\ipinip.sys --> CANNOT FIX
    [Faked.Drv][FILE] intelide.sys : C:\WINDOWS\system32\drivers\intelide.sys --> CANNOT FIX
    [Faked.Drv][FILE] ptilink.sys : C:\WINDOWS\system32\drivers\ptilink.sys --> CANNOT FIX
    [Faked.Drv][FILE] raspti.sys : C:\WINDOWS\system32\drivers\raspti.sys --> CANNOT FIX
    [Faked.Drv][FILE] imapi.sys : C:\WINDOWS\system32\drivers\imapi.sys --> CANNOT FIX
    [Faked.Drv][FILE] cdaudio.sys : C:\WINDOWS\system32\drivers\cdaudio.sys --> CANNOT FIX
    [Faked.Drv][FILE] fs_rec.sys : C:\WINDOWS\system32\drivers\fs_rec.sys --> CANNOT FIX
    [Faked.Drv][FILE] null.sys : C:\WINDOWS\system32\drivers\null.sys --> CANNOT FIX
    [Faked.Drv][FILE] beep.sys : C:\WINDOWS\system32\drivers\beep.sys --> CANNOT FIX
    [Faked.Drv][FILE] rdpcdd.sys : C:\WINDOWS\system32\drivers\rdpcdd.sys --> CANNOT FIX
    [Faked.Drv][FILE] rasacd.sys : C:\WINDOWS\system32\drivers\rasacd.sys --> CANNOT FIX
    [Faked.Drv][FILE] fdc.sys : C:\WINDOWS\system32\drivers\fdc.sys --> CANNOT FIX
    [Faked.Drv][FILE] dxgthk.sys : C:\WINDOWS\system32\drivers\dxgthk.sys --> CANNOT FIX
    [Faked.Drv][FILE] parvdm.sys : C:\WINDOWS\system32\drivers\parvdm.sys --> CANNOT FIX
    [Faked.Drv][FILE] atmepvc.sys : C:\WINDOWS\system32\drivers\atmepvc.sys --> CANNOT FIX
    [Faked.Drv][FILE] atmuni.sys : C:\WINDOWS\system32\drivers\atmuni.sys --> CANNOT FIX
    [Faked.Drv][FILE] cbidf2k.sys : C:\WINDOWS\system32\drivers\cbidf2k.sys --> CANNOT FIX
    [Faked.Drv][FILE] cinemst2.sys : C:\WINDOWS\system32\drivers\cinemst2.sys --> CANNOT FIX
    [Faked.Drv][FILE] cpqdap01.sys : C:\WINDOWS\system32\drivers\cpqdap01.sys --> CANNOT FIX
    [Faked.Drv][FILE] dxapi.sys : C:\WINDOWS\system32\drivers\dxapi.sys --> CANNOT FIX
    [Faked.Drv][FILE] ipfltdrv.sys : C:\WINDOWS\system32\drivers\ipfltdrv.sys --> CANNOT FIX
    [Faked.Drv][FILE] mcd.sys : C:\WINDOWS\system32\drivers\mcd.sys --> CANNOT FIX
    [Faked.Drv][FILE] nikedrv.sys : C:\WINDOWS\system32\drivers\nikedrv.sys --> CANNOT FIX
    [Faked.Drv][FILE] nwlnkflt.sys : C:\WINDOWS\system32\drivers\nwlnkflt.sys --> CANNOT FIX
    [Faked.Drv][FILE] nwlnkfwd.sys : C:\WINDOWS\system32\drivers\nwlnkfwd.sys --> CANNOT FIX
    [Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys --> CANNOT FIX
    [Faked.Drv][FILE] nwlnkspx.sys : C:\WINDOWS\system32\drivers\nwlnkspx.sys --> CANNOT FIX
    [Faked.Drv][FILE] rawwan.sys : C:\WINDOWS\system32\drivers\rawwan.sys --> CANNOT FIX
    [Faked.Drv][FILE] rio8drv.sys : C:\WINDOWS\system32\drivers\rio8drv.sys --> CANNOT FIX
    [Faked.Drv][FILE] riodrv.sys : C:\WINDOWS\system32\drivers\riodrv.sys --> CANNOT FIX
    [Faked.Drv][FILE] HSFHWAZL.sys : C:\WINDOWS\system32\drivers\HSFHWAZL.sys --> CANNOT FIX
    [Faked.Drv][FILE] i8042prt.sys : C:\WINDOWS\system32\drivers\i8042prt.sys --> CANNOT FIX
    [Faked.Drv][FILE] i2omp.sys : C:\WINDOWS\system32\drivers\i2omp.sys --> CANNOT FIX
    [Faked.Drv][FILE] rootmdm.sys : C:\WINDOWS\system32\drivers\rootmdm.sys --> CANNOT FIX
    [Faked.Drv][FILE] smclib.sys : C:\WINDOWS\system32\drivers\smclib.sys --> CANNOT FIX
    [Faked.Drv][FILE] tosdvd.sys : C:\WINDOWS\system32\drivers\tosdvd.sys --> CANNOT FIX
    [Faked.Drv][FILE] tsbvcap.sys : C:\WINDOWS\system32\drivers\tsbvcap.sys --> CANNOT FIX
    [Faked.Drv][FILE] i2omgmt.sys : C:\WINDOWS\system32\drivers\i2omgmt.sys --> CANNOT FIX
    [Faked.Drv][FILE] hidusb.sys : C:\WINDOWS\system32\drivers\hidusb.sys --> CANNOT FIX
    [Faked.Drv][FILE] vdmindvd.sys : C:\WINDOWS\system32\drivers\vdmindvd.sys --> CANNOT FIX
    [Faked.Drv][FILE] ws2ifsl.sys : C:\WINDOWS\system32\drivers\ws2ifsl.sys --> CANNOT FIX
    [Faked.Drv][FILE] mnmdd.sys : C:\WINDOWS\system32\drivers\mnmdd.sys --> CANNOT FIX
    [Faked.Drv][FILE] fsvga.sys : C:\WINDOWS\system32\drivers\fsvga.sys --> CANNOT FIX
    [Faked.Drv][FILE] hidparse.sys : C:\WINDOWS\system32\drivers\hidparse.sys --> CANNOT FIX
    [Faked.Drv][FILE] acpiec.sys : C:\WINDOWS\system32\drivers\acpiec.sys --> CANNOT FIX
    [Faked.Drv][FILE] oprghdlr.sys : C:\WINDOWS\system32\drivers\oprghdlr.sys --> CANNOT FIX
    [Faked.Drv][FILE] ftdisk.sys : C:\WINDOWS\system32\drivers\ftdisk.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbd.sys : C:\WINDOWS\system32\drivers\usbd.sys --> CANNOT FIX
    [Faked.Drv][FILE] crusoe.sys : C:\WINDOWS\system32\drivers\crusoe.sys --> CANNOT FIX
    [Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys --> CANNOT FIX
    [Faked.Drv][FILE] dmboot.sys : C:\WINDOWS\system32\drivers\dmboot.sys --> CANNOT FIX
    [Faked.Drv][FILE] HSF_CNXT.sys : C:\WINDOWS\system32\drivers\HSF_CNXT.sys --> CANNOT FIX
    [Faked.Drv][FILE] hidclass.sys : C:\WINDOWS\system32\drivers\hidclass.sys --> CANNOT FIX
    [Faked.Drv][FILE] flpydisk.sys : C:\WINDOWS\system32\drivers\flpydisk.sys --> CANNOT FIX
    [Faked.Drv][FILE] fips.sys : C:\WINDOWS\system32\drivers\fips.sys --> CANNOT FIX
    [Faked.Drv][FILE] fastfat.sys : C:\WINDOWS\system32\drivers\fastfat.sys --> CANNOT FIX
    [Faked.Drv][FILE] dxg.sys : C:\WINDOWS\system32\drivers\dxg.sys --> CANNOT FIX
    [Faked.Drv][FILE] ndproxy.sys : C:\WINDOWS\system32\drivers\ndproxy.sys --> CANNOT FIX
    [Faked.Drv][FILE] afd.sys : C:\WINDOWS\system32\drivers\afd.sys --> CANNOT FIX
    [Faked.Drv][FILE] drmkaud.sys : C:\WINDOWS\system32\drivers\drmkaud.sys --> CANNOT FIX
    [Faked.Drv][FILE] drmk.sys : C:\WINDOWS\system32\drivers\drmk.sys --> CANNOT FIX
    [Faked.Drv][FILE] dmio.sys : C:\WINDOWS\system32\drivers\dmio.sys --> CANNOT FIX
    [Faked.Drv][FILE] DMusic.sys : C:\WINDOWS\system32\drivers\DMusic.sys --> CANNOT FIX
    [Faked.Drv][FILE] diskdump.sys : C:\WINDOWS\system32\drivers\diskdump.sys --> CANNOT FIX
    [Faked.Drv][FILE] disk.sys : C:\WINDOWS\system32\drivers\disk.sys --> CANNOT FIX
    [Faked.Drv][FILE] compbatt.sys : C:\WINDOWS\system32\drivers\compbatt.sys --> CANNOT FIX
    [Faked.Drv][FILE] classpnp.sys : C:\WINDOWS\system32\drivers\classpnp.sys --> CANNOT FIX
    [Faked.Drv][FILE] CmBatt.sys : C:\WINDOWS\system32\drivers\CmBatt.sys --> CANNOT FIX
    [Faked.Drv][FILE] cdfs.sys : C:\WINDOWS\system32\drivers\cdfs.sys --> CANNOT FIX
    [Faked.Drv][FILE] ccdecode.sys : C:\WINDOWS\system32\drivers\ccdecode.sys --> CANNOT FIX
    [Faked.Drv][FILE] bridge.sys : C:\WINDOWS\system32\drivers\bridge.sys --> CANNOT FIX
    [Faked.Drv][FILE] battc.sys : C:\WINDOWS\system32\drivers\battc.sys --> CANNOT FIX
    [Faked.Drv][FILE] atmlane.sys : C:\WINDOWS\system32\drivers\atmlane.sys --> CANNOT FIX
    [Faked.Drv][FILE] atmarpc.sys : C:\WINDOWS\system32\drivers\atmarpc.sys --> CANNOT FIX
    [Faked.Drv][FILE] atapi.sys : C:\WINDOWS\system32\drivers\atapi.sys --> CANNOT FIX
    [Faked.Drv][FILE] asyncmac.sys : C:\WINDOWS\system32\drivers\asyncmac.sys --> CANNOT FIX
    [Faked.Drv][FILE] ip6fw.sys : C:\WINDOWS\system32\drivers\ip6fw.sys --> CANNOT FIX
    [Faked.Drv][FILE] arp1394.sys : C:\WINDOWS\system32\drivers\arp1394.sys --> CANNOT FIX
    [Faked.Drv][FILE] amdk6.sys : C:\WINDOWS\system32\drivers\amdk6.sys --> CANNOT FIX
    [Faked.Drv][FILE] tcpip6.sys : C:\WINDOWS\system32\drivers\tcpip6.sys --> CANNOT FIX
    [Faked.Drv][FILE] aec.sys : C:\WINDOWS\system32\drivers\aec.sys --> CANNOT FIX
    [Faked.Drv][FILE] acpi.sys : C:\WINDOWS\system32\drivers\acpi.sys --> CANNOT FIX
    [Faked.Drv][FILE] watv10nt.sys : C:\WINDOWS\system32\drivers\watv10nt.sys --> CANNOT FIX
    [Faked.Drv][FILE] watv06nt.sys : C:\WINDOWS\system32\drivers\watv06nt.sys --> CANNOT FIX
    [Faked.Drv][FILE] wadv11nt.sys : C:\WINDOWS\system32\drivers\wadv11nt.sys --> CANNOT FIX
    [Faked.Drv][FILE] wadv09nt.sys : C:\WINDOWS\system32\drivers\wadv09nt.sys --> CANNOT FIX
    [Faked.Drv][FILE] wadv08nt.sys : C:\WINDOWS\system32\drivers\wadv08nt.sys --> CANNOT FIX
    [Faked.Drv][FILE] wadv07nt.sys : C:\WINDOWS\system32\drivers\wadv07nt.sys --> CANNOT FIX
    [Faked.Drv][FILE] wacompen.sys : C:\WINDOWS\system32\drivers\wacompen.sys --> CANNOT FIX
    [Faked.Drv][FILE] viaagp.sys : C:\WINDOWS\system32\drivers\viaagp.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbvideo.sys : C:\WINDOWS\system32\drivers\usbvideo.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbehci.sys : C:\WINDOWS\system32\drivers\usbehci.sys --> CANNOT FIX
    [Faked.Drv][FILE] amdagp.sys : C:\WINDOWS\system32\drivers\amdagp.sys --> CANNOT FIX
    [Faked.Drv][FILE] usb8023x.sys : C:\WINDOWS\system32\drivers\usb8023x.sys --> CANNOT FIX
    [Faked.Drv][FILE] update.sys : C:\WINDOWS\system32\drivers\update.sys --> CANNOT FIX
    [Faked.Drv][FILE] uagp35.sys : C:\WINDOWS\system32\drivers\uagp35.sys --> CANNOT FIX
    [Faked.Drv][FILE] tunmp.sys : C:\WINDOWS\system32\drivers\tunmp.sys --> CANNOT FIX
    [Faked.Drv][FILE] smbali.sys : C:\WINDOWS\system32\drivers\smbali.sys --> CANNOT FIX
    [Faked.Drv][FILE] slwdmsup.sys : C:\WINDOWS\system32\drivers\slwdmsup.sys --> CANNOT FIX
    [Faked.Drv][FILE] slnthal.sys : C:\WINDOWS\system32\drivers\slnthal.sys --> CANNOT FIX
    [Faked.Drv][FILE] slntamr.sys : C:\WINDOWS\system32\drivers\slntamr.sys --> CANNOT FIX
    [Faked.Drv][FILE] slnt7554.sys : C:\WINDOWS\system32\drivers\slnt7554.sys --> CANNOT FIX
    [Faked.Drv][FILE] wpdusb.sys : C:\WINDOWS\system32\drivers\wpdusb.sys --> CANNOT FIX
    [Faked.Drv][FILE] intelppm.sys : C:\WINDOWS\system32\drivers\intelppm.sys --> CANNOT FIX
    [Faked.Drv][FILE] sisagp.sys : C:\WINDOWS\system32\drivers\sisagp.sys --> CANNOT FIX
    [Faked.Drv][FILE] sffp_sd.sys : C:\WINDOWS\system32\drivers\sffp_sd.sys --> CANNOT FIX
    [Faked.Drv][FILE] sffp_mmc.sys : C:\WINDOWS\system32\drivers\sffp_mmc.sys --> CANNOT FIX
    [Faked.Drv][FILE] sffdisk.sys : C:\WINDOWS\system32\drivers\sffdisk.sys --> CANNOT FIX
    [Faked.Drv][FILE] sdbus.sys : C:\WINDOWS\system32\drivers\sdbus.sys --> CANNOT FIX
    [Faked.Drv][FILE] s3gnbm.sys : C:\WINDOWS\system32\drivers\s3gnbm.sys --> CANNOT FIX
    [Faked.Drv][FILE] rndismpx.sys : C:\WINDOWS\system32\drivers\rndismpx.sys --> CANNOT FIX
    [Faked.Drv][FILE] rfcomm.sys : C:\WINDOWS\system32\drivers\rfcomm.sys --> CANNOT FIX
    [Faked.Drv][FILE] recagent.sys : C:\WINDOWS\system32\drivers\recagent.sys --> CANNOT FIX
    [Faked.Drv][FILE] nv4_mini.sys : C:\WINDOWS\system32\drivers\nv4_mini.sys --> CANNOT FIX
    [Faked.Drv][FILE] ntmtlfax.sys : C:\WINDOWS\system32\drivers\ntmtlfax.sys --> CANNOT FIX
    [Faked.Drv][FILE] mutohpen.sys : C:\WINDOWS\system32\drivers\mutohpen.sys --> CANNOT FIX
    [Faked.Drv][FILE] mtxparhm.sys : C:\WINDOWS\system32\drivers\mtxparhm.sys --> CANNOT FIX
    [Faked.Drv][FILE] mtlstrm.sys : C:\WINDOWS\system32\drivers\mtlstrm.sys --> CANNOT FIX
    [Faked.Drv][FILE] mtlmnt5.sys : C:\WINDOWS\system32\drivers\mtlmnt5.sys --> CANNOT FIX
    [Faked.Drv][FILE] mssmbios.sys : C:\WINDOWS\system32\drivers\mssmbios.sys --> CANNOT FIX
    [Faked.Drv][FILE] hsfdpsp2.sys : C:\WINDOWS\system32\drivers\hsfdpsp2.sys --> CANNOT FIX
    [Faked.Drv][FILE] hsfcxts2.sys : C:\WINDOWS\system32\drivers\hsfcxts2.sys --> CANNOT FIX
    [Faked.Drv][FILE] hsfbs2s2.sys : C:\WINDOWS\system32\drivers\hsfbs2s2.sys --> CANNOT FIX
    [Faked.Drv][FILE] hidir.sys : C:\WINDOWS\system32\drivers\hidir.sys --> CANNOT FIX
    [Faked.Drv][FILE] hidbth.sys : C:\WINDOWS\system32\drivers\hidbth.sys --> CANNOT FIX
    [Faked.Drv][FILE] gagp30kx.sys : C:\WINDOWS\system32\drivers\gagp30kx.sys --> CANNOT FIX
    [Faked.Drv][FILE] Hdaudbus.sys : C:\WINDOWS\system32\drivers\Hdaudbus.sys --> CANNOT FIX
    [Faked.Drv][FILE] fltMgr.sys : C:\WINDOWS\system32\drivers\fltMgr.sys --> CANNOT FIX
    [Faked.Drv][FILE] bthusb.sys : C:\WINDOWS\system32\drivers\bthusb.sys --> CANNOT FIX
    [Faked.Drv][FILE] bthprint.sys : C:\WINDOWS\system32\drivers\bthprint.sys --> CANNOT FIX
    [Faked.Drv][FILE] sparrow.sys : C:\WINDOWS\system32\drivers\sparrow.sys --> CANNOT FIX
    [Faked.Drv][FILE] hxxp.sys : C:\WINDOWS\system32\drivers\hxxp.sys --> CANNOT FIX
    [Faked.Drv][FILE] HSF_DPV.sys : C:\WINDOWS\system32\drivers\HSF_DPV.sys --> CANNOT FIX
    [Faked.Drv][FILE] bthpan.sys : C:\WINDOWS\system32\drivers\bthpan.sys --> CANNOT FIX
    [Faked.Drv][FILE] bthmodem.sys : C:\WINDOWS\system32\drivers\bthmodem.sys --> CANNOT FIX
    [Faked.Drv][FILE] bthenum.sys : C:\WINDOWS\system32\drivers\bthenum.sys --> CANNOT FIX
    [Faked.Drv][FILE] mdmxsdk.sys : C:\WINDOWS\system32\drivers\mdmxsdk.sys --> CANNOT FIX
    [Faked.Drv][FILE] Hdaudio.sys : C:\WINDOWS\system32\drivers\Hdaudio.sys --> CANNOT FIX
    [Faked.Drv][FILE] aliide.sys : C:\WINDOWS\system32\drivers\aliide.sys --> CANNOT FIX
    [Faked.Drv][FILE] w29n51.sys : C:\WINDOWS\system32\drivers\w29n51.sys --> CANNOT FIX
    [Faked.Drv][FILE] atinxsxx.sys : C:\WINDOWS\system32\drivers\atinxsxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati2mtag.sys : C:\WINDOWS\system32\drivers\ati2mtag.sys --> CANNOT FIX
    [Faked.Drv][FILE] atinxbxx.sys : C:\WINDOWS\system32\drivers\atinxbxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] atintuxx.sys : C:\WINDOWS\system32\drivers\atintuxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] atinttxx.sys : C:\WINDOWS\system32\drivers\atinttxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] atinsnxx.sys : C:\WINDOWS\system32\drivers\atinsnxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] atinrvxx.sys : C:\WINDOWS\system32\drivers\atinrvxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ndistapi.sys : C:\WINDOWS\system32\drivers\ndistapi.sys --> CANNOT FIX
    [Faked.Drv][FILE] mup.sys : C:\WINDOWS\system32\drivers\mup.sys --> CANNOT FIX
    [Faked.Drv][FILE] Rtnicxp.sys : C:\WINDOWS\system32\drivers\Rtnicxp.sys --> CANNOT FIX
    [Faked.Drv][FILE] atinraxx.sys : C:\WINDOWS\system32\drivers\atinraxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] atinpdxx.sys : C:\WINDOWS\system32\drivers\atinpdxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] atinmdxx.sys : C:\WINDOWS\system32\drivers\atinmdxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] atinbtxx.sys : C:\WINDOWS\system32\drivers\atinbtxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati2mtaa.sys : C:\WINDOWS\system32\drivers\ati2mtaa.sys --> CANNOT FIX
    [Faked.Drv][FILE] audstub.sys : C:\WINDOWS\system32\drivers\audstub.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati1xsxx.sys : C:\WINDOWS\system32\drivers\ati1xsxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati1xbxx.sys : C:\WINDOWS\system32\drivers\ati1xbxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati1tuxx.sys : C:\WINDOWS\system32\drivers\ati1tuxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] RtkHDAud.Sys : C:\WINDOWS\system32\drivers\RtkHDAud.Sys --> CANNOT FIX
    [Faked.Drv][FILE] alim1541.sys : C:\WINDOWS\system32\drivers\alim1541.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati1ttxx.sys : C:\WINDOWS\system32\drivers\ati1ttxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati1snxx.sys : C:\WINDOWS\system32\drivers\ati1snxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati1rvxx.sys : C:\WINDOWS\system32\drivers\ati1rvxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati1raxx.sys : C:\WINDOWS\system32\drivers\ati1raxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati1pdxx.sys : C:\WINDOWS\system32\drivers\ati1pdxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati1mdxx.sys : C:\WINDOWS\system32\drivers\ati1mdxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] agpcpq.sys : C:\WINDOWS\system32\drivers\agpcpq.sys --> CANNOT FIX
    [Faked.Drv][FILE] ati1btxx.sys : C:\WINDOWS\system32\drivers\ati1btxx.sys --> CANNOT FIX
    [Faked.Drv][FILE] USBSTOR.SYS : C:\WINDOWS\system32\drivers\USBSTOR.SYS --> CANNOT FIX
    [Faked.Drv][FILE] rdpwd.sys : C:\WINDOWS\system32\drivers\rdpwd.sys --> CANNOT FIX
    [Faked.Drv][FILE] amdk7.sys : C:\WINDOWS\system32\drivers\amdk7.sys --> CANNOT FIX
    [Faked.Drv][FILE] agp440.sys : C:\WINDOWS\system32\drivers\agp440.sys --> CANNOT FIX
    [Faked.Drv][FILE] NTIDrvr.sys : C:\WINDOWS\system32\drivers\NTIDrvr.sys --> CANNOT FIX
    [Faked.Drv][FILE] adpu160m.sys : C:\WINDOWS\system32\drivers\adpu160m.sys --> CANNOT FIX
    [Faked.Drv][FILE] perc2hib.sys : C:\WINDOWS\system32\drivers\perc2hib.sys --> CANNOT FIX
    [Faked.Drv][FILE] aic78u2.sys : C:\WINDOWS\system32\drivers\aic78u2.sys --> CANNOT FIX
    [Faked.Drv][FILE] dpti2o.sys : C:\WINDOWS\system32\drivers\dpti2o.sys --> CANNOT FIX
    [Faked.Drv][FILE] aic78xx.sys : C:\WINDOWS\system32\drivers\aic78xx.sys --> CANNOT FIX
    [Faked.Drv][FILE] aha154x.sys : C:\WINDOWS\system32\drivers\aha154x.sys --> CANNOT FIX
    [Faked.Drv][FILE] cpqarray.sys : C:\WINDOWS\system32\drivers\cpqarray.sys --> CANNOT FIX
    [Faked.Drv][FILE] symc810.sys : C:\WINDOWS\system32\drivers\symc810.sys --> CANNOT FIX
    [Faked.Drv][FILE] cd20xrnt.sys : C:\WINDOWS\system32\drivers\cd20xrnt.sys --> CANNOT FIX
    [Faked.Drv][FILE] hpn.sys : C:\WINDOWS\system32\drivers\hpn.sys --> CANNOT FIX
    [Faked.Drv][FILE] perc2.sys : C:\WINDOWS\system32\drivers\perc2.sys --> CANNOT FIX
    [Faked.Drv][FILE] sym_hi.sys : C:\WINDOWS\system32\drivers\sym_hi.sys --> CANNOT FIX
    [Faked.Drv][FILE] symc8xx.sys : C:\WINDOWS\system32\drivers\symc8xx.sys --> CANNOT FIX
    [Faked.Drv][FILE] sym_u3.sys : C:\WINDOWS\system32\drivers\sym_u3.sys --> CANNOT FIX
    [Faked.Drv][FILE] ql10wnt.sys : C:\WINDOWS\system32\drivers\ql10wnt.sys --> CANNOT FIX
    [Faked.Drv][FILE] ql1080.sys : C:\WINDOWS\system32\drivers\ql1080.sys --> CANNOT FIX
    [Faked.Drv][FILE] ql1240.sys : C:\WINDOWS\system32\drivers\ql1240.sys --> CANNOT FIX
    [Faked.Drv][FILE] ql1280.sys : C:\WINDOWS\system32\drivers\ql1280.sys --> CANNOT FIX
    [Faked.Drv][FILE] ql12160.sys : C:\WINDOWS\system32\drivers\ql12160.sys --> CANNOT FIX
    [Faked.Drv][FILE] mraid35x.sys : C:\WINDOWS\system32\drivers\mraid35x.sys --> CANNOT FIX
    [Faked.Drv][FILE] dac2w2k.sys : C:\WINDOWS\system32\drivers\dac2w2k.sys --> CANNOT FIX
    [Faked.Drv][FILE] dac960nt.sys : C:\WINDOWS\system32\drivers\dac960nt.sys --> CANNOT FIX
    [Faked.Drv][FILE] asc3550.sys : C:\WINDOWS\system32\drivers\asc3550.sys --> CANNOT FIX
    [Faked.Drv][FILE] asc.sys : C:\WINDOWS\system32\drivers\asc.sys --> CANNOT FIX
    [Faked.Drv][FILE] asc3350p.sys : C:\WINDOWS\system32\drivers\asc3350p.sys --> CANNOT FIX
    [Faked.Drv][FILE] ABP480N5.SYS : C:\WINDOWS\system32\drivers\ABP480N5.SYS --> CANNOT FIX
    [Faked.Drv][FILE] amsint.sys : C:\WINDOWS\system32\drivers\amsint.sys --> CANNOT FIX
    [Faked.Drv][FILE] ini910u.sys : C:\WINDOWS\system32\drivers\ini910u.sys --> CANNOT FIX
    [Faked.Drv][FILE] ksecdd.sys : C:\WINDOWS\system32\drivers\ksecdd.sys --> CANNOT FIX
    [Faked.Drv][FILE] ultra.sys : C:\WINDOWS\system32\drivers\ultra.sys --> CANNOT FIX
    [Faked.Drv][FILE] cmdide.sys : C:\WINDOWS\system32\drivers\cmdide.sys --> CANNOT FIX
    [Faked.Drv][FILE] srv.sys : C:\WINDOWS\system32\drivers\srv.sys --> CANNOT FIX
    [Faked.Drv][FILE] pciide.sys : C:\WINDOWS\system32\drivers\pciide.sys --> CANNOT FIX
    [Faked.Drv][FILE] tcpip.sys : C:\WINDOWS\system32\drivers\tcpip.sys --> CANNOT FIX
    [Faked.Drv][FILE] bthport.sys : C:\WINDOWS\system32\drivers\bthport.sys --> CANNOT FIX
    [Faked.Drv][FILE] toside.sys : C:\WINDOWS\system32\drivers\toside.sys --> CANNOT FIX
    [Faked.Drv][FILE] RMCast.sys : C:\WINDOWS\system32\drivers\RMCast.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbscan.sys : C:\WINDOWS\system32\drivers\usbscan.sys --> CANNOT FIX
    [Faked.Drv][FILE] pccsmcfd.sys : C:\WINDOWS\system32\drivers\pccsmcfd.sys --> CANNOT FIX
    [Faked.Drv][FILE] mouhid.sys : C:\WINDOWS\system32\drivers\mouhid.sys --> CANNOT FIX
    [Faked.Drv][FILE] WudfPf.sys : C:\WINDOWS\system32\drivers\WudfPf.sys --> CANNOT FIX
    [Faked.Drv][FILE] avglogx.sys : C:\WINDOWS\system32\drivers\avglogx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ialmnt5.sys : C:\WINDOWS\system32\drivers\ialmnt5.sys --> CANNOT FIX
    [Faked.Drv][FILE] epm-psd.sys : C:\WINDOWS\system32\drivers\epm-psd.sys --> CANNOT FIX
    [Faked.Drv][FILE] epm-shd.sys : C:\WINDOWS\system32\drivers\epm-shd.sys --> CANNOT FIX
    [Faked.Drv][FILE] WudfRd.sys : C:\WINDOWS\system32\drivers\WudfRd.sys --> CANNOT FIX
    [Faked.Drv][FILE] DKbFltr.SYS : C:\WINDOWS\system32\drivers\DKbFltr.SYS --> CANNOT FIX
    [Faked.Drv][FILE] s24trans.sys : C:\WINDOWS\system32\drivers\s24trans.sys --> CANNOT FIX
    [Faked.Drv][FILE] AegisP.sys : C:\WINDOWS\system32\drivers\AegisP.sys --> CANNOT FIX
    [Faked.Drv][FILE] npf.sys : C:\WINDOWS\system32\drivers\npf.sys --> CANNOT FIX
    [Faked.Drv][FILE] osaio.sys : C:\WINDOWS\system32\drivers\osaio.sys --> CANNOT FIX
    [Faked.Drv][FILE] osanbm.sys : C:\WINDOWS\system32\drivers\osanbm.sys --> CANNOT FIX
    [Faked.Drv][FILE] OsaFsLoc.sys : C:\WINDOWS\system32\drivers\OsaFsLoc.sys --> CANNOT FIX
    [Faked.Drv][FILE] NdisFilt.sys : C:\WINDOWS\system32\drivers\NdisFilt.sys --> CANNOT FIX
    [Faked.Drv][FILE] mrxsmb.sys : C:\WINDOWS\system32\drivers\mrxsmb.sys --> CANNOT FIX
    [Faked.Drv][FILE] NETMNT.sys : C:\WINDOWS\system32\drivers\NETMNT.sys --> CANNOT FIX
    [Faked.Drv][FILE] vodafone_K3805-z_dc_enum.sys : C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys --> CANNOT FIX
    [Faked.Drv][FILE] wdfldr.sys : C:\WINDOWS\system32\drivers\wdfldr.sys --> CANNOT FIX
    [Faked.Drv][FILE] wdf01000.sys : C:\WINDOWS\system32\drivers\wdf01000.sys --> CANNOT FIX
    [Faked.Drv][FILE] avgrkx86.sys : C:\WINDOWS\system32\drivers\avgrkx86.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbser.sys : C:\WINDOWS\system32\drivers\usbser.sys --> CANNOT FIX
    [Faked.Drv][FILE] vodafone_K3805-z_cpo.sys : C:\WINDOWS\system32\drivers\vodafone_K3805-z_cpo.sys --> CANNOT FIX
    [Faked.Drv][FILE] vodafone_K3805-z_cdc_acm.sys : C:\WINDOWS\system32\drivers\vodafone_K3805-z_cdc_acm.sys --> CANNOT FIX
    [Faked.Drv][FILE] vodafone_K3805-z_cdc_ecm.sys : C:\WINDOWS\system32\drivers\vodafone_K3805-z_cdc_ecm.sys --> CANNOT FIX
    [Faked.Drv][FILE] avgldx86.sys : C:\WINDOWS\system32\drivers\avgldx86.sys --> CANNOT FIX
    [Faked.Drv][FILE] avgmfx86.sys : C:\WINDOWS\system32\drivers\avgmfx86.sys --> CANNOT FIX
    [Faked.Drv][FILE] avgtdix.sys : C:\WINDOWS\system32\drivers\avgtdix.sys --> CANNOT FIX
    [Faked.Drv][FILE] avgidshx.sys : C:\WINDOWS\system32\drivers\avgidshx.sys --> CANNOT FIX
    [Faked.Drv][FILE] avgidsshimx.sys : C:\WINDOWS\system32\drivers\avgidsshimx.sys --> CANNOT FIX
    [Faked.Drv][FILE] mbam.sys : C:\WINDOWS\system32\drivers\mbam.sys --> CANNOT FIX
    [Faked.Drv][FILE] avgidsdriverx.sys : C:\WINDOWS\system32\drivers\avgidsdriverx.sys --> CANNOT FIX
    [Faked.Drv][FILE] cmusbser.sys : C:\WINDOWS\system32\drivers\cmusbser.sys --> CANNOT FIX
    [Faked.Drv][FILE] BrScnUsb.sys : C:\WINDOWS\system32\drivers\BrScnUsb.sys --> CANNOT FIX
    [Faked.Drv][FILE] wstcodec.sys : C:\WINDOWS\system32\drivers\wstcodec.sys --> CANNOT FIX
    [Faked.Drv][FILE] wdmaud.sys : C:\WINDOWS\system32\drivers\wdmaud.sys --> CANNOT FIX
    [Faked.Drv][FILE] wanarp.sys : C:\WINDOWS\system32\drivers\wanarp.sys --> CANNOT FIX
    [Faked.Drv][FILE] volsnap.sys : C:\WINDOWS\system32\drivers\volsnap.sys --> CANNOT FIX
    [Faked.Drv][FILE] videoprt.sys : C:\WINDOWS\system32\drivers\videoprt.sys --> CANNOT FIX
    [Faked.Drv][FILE] viaide.sys : C:\WINDOWS\system32\drivers\viaide.sys --> CANNOT FIX
    [Faked.Drv][FILE] vga.sys : C:\WINDOWS\system32\drivers\vga.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbuhci.sys : C:\WINDOWS\system32\drivers\usbuhci.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbprint.sys : C:\WINDOWS\system32\drivers\usbprint.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbport.sys : C:\WINDOWS\system32\drivers\usbport.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbintel.sys : C:\WINDOWS\system32\drivers\usbintel.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbhub.sys : C:\WINDOWS\system32\drivers\usbhub.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbccgp.sys : C:\WINDOWS\system32\drivers\usbccgp.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbcamd2.sys : C:\WINDOWS\system32\drivers\usbcamd2.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbcamd.sys : C:\WINDOWS\system32\drivers\usbcamd.sys --> CANNOT FIX
    [Faked.Drv][FILE] usbaudio.sys : C:\WINDOWS\system32\drivers\usbaudio.sys --> CANNOT FIX
    [Faked.Drv][FILE] usb8023.sys : C:\WINDOWS\system32\drivers\usb8023.sys --> CANNOT FIX
    [Faked.Drv][FILE] udfs.sys : C:\WINDOWS\system32\drivers\udfs.sys --> CANNOT FIX
    [Faked.Drv][FILE] termdd.sys : C:\WINDOWS\system32\drivers\termdd.sys --> CANNOT FIX
    [Faked.Drv][FILE] tdtcp.sys : C:\WINDOWS\system32\drivers\tdtcp.sys --> CANNOT FIX
    [Faked.Drv][FILE] tdpipe.sys : C:\WINDOWS\system32\drivers\tdpipe.sys --> CANNOT FIX
    [Faked.Drv][FILE] tdi.sys : C:\WINDOWS\system32\drivers\tdi.sys --> CANNOT FIX
    [Faked.Drv][FILE] tape.sys : C:\WINDOWS\system32\drivers\tape.sys --> CANNOT FIX
    [Faked.Drv][FILE] sysaudio.sys : C:\WINDOWS\system32\drivers\sysaudio.sys --> CANNOT FIX
    [Faked.Drv][FILE] swmidi.sys : C:\WINDOWS\system32\drivers\swmidi.sys --> CANNOT FIX
    [Faked.Drv][FILE] swenum.sys : C:\WINDOWS\system32\drivers\swenum.sys --> CANNOT FIX
    [Faked.Drv][FILE] StreamIP.sys : C:\WINDOWS\system32\drivers\StreamIP.sys --> CANNOT FIX
    [Faked.Drv][FILE] stream.sys : C:\WINDOWS\system32\drivers\stream.sys --> CANNOT FIX
    [Faked.Drv][FILE] sr.sys : C:\WINDOWS\system32\drivers\sr.sys --> CANNOT FIX
    [Faked.Drv][FILE] splitter.sys : C:\WINDOWS\system32\drivers\splitter.sys --> CANNOT FIX
    [Faked.Drv][FILE] sonydcam.sys : C:\WINDOWS\system32\drivers\sonydcam.sys --> CANNOT FIX
    [Faked.Drv][FILE] slip.sys : C:\WINDOWS\system32\drivers\slip.sys --> CANNOT FIX
    [Faked.Drv][FILE] sfloppy.sys : C:\WINDOWS\system32\drivers\sfloppy.sys --> CANNOT FIX
    [Faked.Drv][FILE] serial.sys : C:\WINDOWS\system32\drivers\serial.sys --> CANNOT FIX
    [Faked.Drv][FILE] serenum.sys : C:\WINDOWS\system32\drivers\serenum.sys --> CANNOT FIX
    [Faked.Drv][FILE] secdrv.sys : C:\WINDOWS\system32\drivers\secdrv.sys --> CANNOT FIX
    [Faked.Drv][FILE] scsiport.sys : C:\WINDOWS\system32\drivers\scsiport.sys --> CANNOT FIX
    [Faked.Drv][FILE] rndismp.sys : C:\WINDOWS\system32\drivers\rndismp.sys --> CANNOT FIX
    [Faked.Drv][FILE] redbook.sys : C:\WINDOWS\system32\drivers\redbook.sys --> CANNOT FIX
    [Faked.Drv][FILE] rdpdr.sys : C:\WINDOWS\system32\drivers\rdpdr.sys --> CANNOT FIX
    [Faked.Drv][FILE] rdbss.sys : C:\WINDOWS\system32\drivers\rdbss.sys --> CANNOT FIX
    [Faked.Drv][FILE] raspptp.sys : C:\WINDOWS\system32\drivers\raspptp.sys --> CANNOT FIX
    [Faked.Drv][FILE] raspppoe.sys : C:\WINDOWS\system32\drivers\raspppoe.sys --> CANNOT FIX
    [Faked.Drv][FILE] rasl2tp.sys : C:\WINDOWS\system32\drivers\rasl2tp.sys --> CANNOT FIX
    [Faked.Drv][FILE] psched.sys : C:\WINDOWS\system32\drivers\psched.sys --> CANNOT FIX
    [Faked.Drv][FILE] processr.sys : C:\WINDOWS\system32\drivers\processr.sys --> CANNOT FIX
    [Faked.Drv][FILE] portcls.sys : C:\WINDOWS\system32\drivers\portcls.sys --> CANNOT FIX
    [Faked.Drv][FILE] pcmcia.sys : C:\WINDOWS\system32\drivers\pcmcia.sys --> CANNOT FIX
    [Faked.Drv][FILE] pciidex.sys : C:\WINDOWS\system32\drivers\pciidex.sys --> CANNOT FIX
    [Faked.Drv][FILE] pci.sys : C:\WINDOWS\system32\drivers\pci.sys --> CANNOT FIX
    [Faked.Drv][FILE] partmgr.sys : C:\WINDOWS\system32\drivers\partmgr.sys --> CANNOT FIX
    [Faked.Drv][FILE] parport.sys : C:\WINDOWS\system32\drivers\parport.sys --> CANNOT FIX
    [Faked.Drv][FILE] p3.sys : C:\WINDOWS\system32\drivers\p3.sys --> CANNOT FIX
    [Faked.Drv][FILE] nwlnkipx.sys : C:\WINDOWS\system32\drivers\nwlnkipx.sys --> CANNOT FIX
    [Faked.Drv][FILE] ntfs.sys : C:\WINDOWS\system32\drivers\ntfs.sys --> CANNOT FIX
    [Faked.Drv][FILE] npfs.sys : C:\WINDOWS\system32\drivers\npfs.sys --> CANNOT FIX
    [Faked.Drv][FILE] nmnt.sys : C:\WINDOWS\system32\drivers\nmnt.sys --> CANNOT FIX
    [Faked.Drv][FILE] nic1394.sys : C:\WINDOWS\system32\drivers\nic1394.sys --> CANNOT FIX
    [Faked.Drv][FILE] netbt.sys : C:\WINDOWS\system32\drivers\netbt.sys --> CANNOT FIX
    [Faked.Drv][FILE] netbios.sys : C:\WINDOWS\system32\drivers\netbios.sys --> CANNOT FIX
    [Faked.Drv][FILE] ndiswan.sys : C:\WINDOWS\system32\drivers\ndiswan.sys --> CANNOT FIX
    [Faked.Drv][FILE] ndisuio.sys : C:\WINDOWS\system32\drivers\ndisuio.sys --> CANNOT FIX
    [Faked.Drv][FILE] NdisIP.sys : C:\WINDOWS\system32\drivers\NdisIP.sys --> CANNOT FIX
    [Faked.Drv][FILE] ndis.sys : C:\WINDOWS\system32\drivers\ndis.sys --> CANNOT FIX
    [Faked.Drv][FILE] nabtsfec.sys : C:\WINDOWS\system32\drivers\nabtsfec.sys --> CANNOT FIX
    [Faked.Drv][FILE] mstee.sys : C:\WINDOWS\system32\drivers\mstee.sys --> CANNOT FIX
    [Faked.Drv][FILE] mspqm.sys : C:\WINDOWS\system32\drivers\mspqm.sys --> CANNOT FIX
    [Faked.Drv][FILE] mspclock.sys : C:\WINDOWS\system32\drivers\mspclock.sys --> CANNOT FIX
    [Faked.Drv][FILE] mskssrv.sys : C:\WINDOWS\system32\drivers\mskssrv.sys --> CANNOT FIX
    [Faked.Drv][FILE] msgpc.sys : C:\WINDOWS\system32\drivers\msgpc.sys --> CANNOT FIX
    [Faked.Drv][FILE] msfs.sys : C:\WINDOWS\system32\drivers\msfs.sys --> CANNOT FIX
    [Faked.Drv][FILE] mrxdav.sys : C:\WINDOWS\system32\drivers\mrxdav.sys --> CANNOT FIX
    [Faked.Drv][FILE] mountmgr.sys : C:\WINDOWS\system32\drivers\mountmgr.sys --> CANNOT FIX
    [Faked.Drv][FILE] mouclass.sys : C:\WINDOWS\system32\drivers\mouclass.sys --> CANNOT FIX
    [Faked.Drv][FILE] modem.sys : C:\WINDOWS\system32\drivers\modem.sys --> CANNOT FIX
    [Faked.Drv][FILE] mf.sys : C:\WINDOWS\system32\drivers\mf.sys --> CANNOT FIX
    [Faked.Drv][FILE] ks.sys : C:\WINDOWS\system32\drivers\ks.sys --> CANNOT FIX
    [Faked.Drv][FILE] kmixer.sys : C:\WINDOWS\system32\drivers\kmixer.sys --> CANNOT FIX
    [Faked.Drv][FILE] kbdclass.sys : C:\WINDOWS\system32\drivers\kbdclass.sys --> CANNOT FIX
    [Faked.Drv][FILE] isapnp.sys : C:\WINDOWS\system32\drivers\isapnp.sys --> CANNOT FIX
    [Faked.Drv][FILE] irenum.sys : C:\WINDOWS\system32\drivers\irenum.sys --> CANNOT FIX
    [Faked.Drv][FILE] ipsec.sys : C:\WINDOWS\system32\drivers\ipsec.sys --> CANNOT FIX

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: HTS421280H9AT00 +++++
    --- User ---
    [MBR] f3fbae5336ec5eb4199e706b47efa7be
    [BSP] 1feebaeadf27aeaee658ea7a2f4665d3 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 35000 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 71682030 | Size: 41307 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01262013_02d2011.txt >>
    RKreport[1]_S_01262013_02d2011.txt
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086713

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice