Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix


  • This topic is locked This topic is locked
23 replies to this topic

#1 tbozo

tbozo

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 27 September 2014 - 08:08 AM

infection found with combofix.

has the malware been completly removed ?

if yes should i remove combofix?

thanx

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 01 October 2014 - 08:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 tbozo

tbozo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 02 October 2014 - 12:36 PM

Hello nasdaq, first of all thanks for your help.

Hope i've done each step the right way

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01/10/2014
Scan Time: 21.52.39
Logfile: Malwarebytes Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.01.09
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Rodolfo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277994
Time Elapsed: 52 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

# AdwCleaner v3.311 - Rapporto creato 01/10/2014 in 23:22:33
# Aggiornato 30/09/2014 di Xplode
# Sistema operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Nome utente : Rodolfo - RODOLFO-9C47E61
# In esecuzione da : C:\Documents and Settings\Rodolfo\Documenti\Download\adwcleaner_3.311.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

File Eliminato : C:\Documents and Settings\Rodolfo\Dati applicazioni\Mozilla\Firefox\Profiles\n5hnbtnd.default\searchplugins\search.xml

***** [ Compiti ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKCU\Software\Softonic

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.3 (x86 it)

[ File : C:\Documents and Settings\Rodolfo\Dati applicazioni\Mozilla\Firefox\Profiles\n5hnbtnd.default\prefs.js ]


[ File : C:\Documents and Settings\Rodolfo\Dati applicazioni\Mozilla\Firefox\Profiles\rs0uieeq.default-1411751848609\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R6].txt - [1351 octets] - [01/10/2014 23:18:57]
AdwCleaner[S5].txt - [1273 octets] - [01/10/2014 23:22:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1333 octets] ##########
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-10-2014 01
Ran by Rodolfo (administrator) on RODOLFO-9C47E61 on 01-10-2014 23:41:50
Running from C:\Documents and Settings\Rodolfo\Documenti\Download
Loaded Profile: Rodolfo (Available profiles: Rodolfo)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Italiano (Italia)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Programmi\Avira\AntiVir Desktop\sched.exe
(Safer-Networking Ltd.) C:\Programmi\Spybot - Search & Destroy 2\SDUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Programmi\Avira\AntiVir Desktop\avguard.exe
(Alcatel-Lucent) C:\Programmi\Common Files\Motive\McciCMService.exe
(Sun Microsystems, Inc.) C:\Programmi\File comuni\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Safer-Networking Ltd.) C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Programmi\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Programmi\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Programmi\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Programmi\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Programmi\Internet Explorer\iexplore.exe
(Safer-Networking Ltd.) C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Programmi\File comuni\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM\...\Run: [SDTray] => C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [avgnt] => C:\Programmi\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\ciwbiec: C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\ciwbiec.dll ()
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\Run: [DAEMON Tools Lite] => C:\Programmi\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\Run: [AZworks] => C:\WINDOWS\system32\regsvr32.exe "C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\IWsoft\Smilib.dll"
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\Run: [Ojics Update] => regsvr32.exe "C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\Ojics\regTraceInterval.dll"
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\Run: [ciwbiec] => rundll32 "C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\ciwbiec.dll",ciwbiec
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\RunOnce: [93cE9a] => C:\Documents and Settings\Rodolfo\Dati applicazioni\93cE9a.exe [724992 2014-10-01] ()
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\Command Processor: "C:\Documents and Settings\Rodolfo\Dati applicazioni\Microsoft\Windows\IEUpdate\netdde.exe" <===== ATTENTION!
Startup: C:\Documents and Settings\Rodolfo\Menu Avvio\Programmi\Esecuzione automatica\netdde.lnk
ShortcutTarget: netdde.lnk -> C:\Documents and Settings\Rodolfo\Dati applicazioni\Microsoft\Windows\IEUpdate\netdde.exe (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - URL http://www.bing.com/search?q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
Toolbar: HKCU - &Indirizzo - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - Co&llegamenti - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365607658703
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1365608860171
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
ShellExecuteHooks: Hook per l'esecuzione degli URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8492032 2012-06-08] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0CF2D76F-16F7-4BA9-86CC-7D5F2E885AAB}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Rodolfo\Dati applicazioni\Mozilla\Firefox\Profiles\n5hnbtnd.default
FF DefaultSearchEngine: search
FF Homepage: https://www.google.it/search?q=google&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:it:official&client=firefox-a
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Programmi\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: PSFactoryBuffer - C:\Documents and Settings\Rodolfo\Dati applicazioni\Mozilla\Firefox\Profiles\n5hnbtnd.default\Extensions\{16BD370F-2D4D-C683-A63B-6C8310A94A29} [2014-09-23]
FF Extension: DownloadHelper - C:\Documents and Settings\Rodolfo\Dati applicazioni\Mozilla\Firefox\Profiles\n5hnbtnd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Web2PDF converter - C:\Documents and Settings\Rodolfo\Dati applicazioni\Mozilla\Firefox\Profiles\n5hnbtnd.default\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2014-06-08]
FF Extension: PSFactoryBuffer - C:\Documents and Settings\Rodolfo\Dati applicazioni\Mozilla\Firefox\Profiles\rs0uieeq.default-1411751848609\Extensions\{16BD370F-2D4D-C683-A63B-6C8310A94A29} [2014-09-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://www.google.com/"
CHR CustomProfile: C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Programmi\Avira\AntiVir Desktop\sched.exe [430160 2014-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Programmi\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-20] (Avira Operations GmbH & Co. KG)
R2 McciCMService; C:\Programmi\Common Files\Motive\McciCMService.exe [319488 2009-12-09] (Alcatel-Lucent) [File not signed]
S3 MozillaMaintenance; C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-25] (Mozilla Foundation) [File not signed]
R2 SDScannerService; C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 WMPNetworkSvc; C:\Programmi\Windows Media Player\WMPNetwk.exe [918528 2006-11-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-14] (DT Soft Ltd)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-04] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-04] (Conexant Systems, Inc.)
S3 MREMP50; C:\Programmi\Common Files\Motive\MREMP50.sys [21248 2008-03-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Programmi\Common Files\Motive\MRESP50.sys [20096 2008-03-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-03-07] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-03-07] ()
R3 RDID1021; C:\WINDOWS\System32\Drivers\rdwm1021.sys [105036 2002-05-08] (Roland Corporation) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-04-11] (Avira GmbH)
S3 UKS11LDR; C:\WINDOWS\System32\drivers\uks11ldr.sys [15708 2001-09-14] (MIDIMAN) [File not signed]
S3 USBKS1X1; C:\WINDOWS\System32\drivers\usbks1x1.sys [29168 2001-09-14] (Doug Fetter Software Wizardry) [File not signed]
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-04] (Conexant Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\Rodolfo\IMPOST~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 23:41 - 2014-10-01 23:42 - 00000000 ____D () C:\FRST
2014-10-01 23:27 - 2014-10-01 23:27 - 00001413 _____ () C:\Documents and Settings\Rodolfo\Desktop\AdwCleaner[S5].txt
2014-10-01 23:27 - 2014-10-01 23:09 - 00724992 _____ () C:\Documents and Settings\Rodolfo\Dati applicazioni\93cE9a.exe
2014-10-01 23:19 - 2014-10-01 23:19 - 00023552 _____ () C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\ciwbiec.dll
2014-10-01 23:15 - 2014-10-01 23:22 - 00000000 ____D () C:\AdwCleaner
2014-10-01 23:09 - 2014-10-01 23:09 - 00000275 _____ () C:\mb2.txt
2014-10-01 23:08 - 2014-10-01 23:08 - 00000275 _____ () C:\mb.txt
2014-10-01 22:06 - 2014-10-01 22:43 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-10-01 21:49 - 2014-10-01 23:02 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 21:46 - 2014-10-01 21:46 - 00000749 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-01 21:46 - 2014-10-01 21:46 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware
2014-10-01 21:44 - 2014-10-01 21:45 - 00000000 ____D () C:\Programmi\Malwarebytes Anti-Malware
2014-10-01 21:44 - 2014-10-01 21:44 - 00000000 ____D () C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2014-10-01 21:44 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-01 21:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-01 21:26 - 2014-10-01 22:53 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Dati applicazioni\Yxefyvs
2014-09-30 22:26 - 2014-09-30 22:26 - 00043440 _____ () C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2014-09-29 13:29 - 2014-10-01 22:53 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Dati applicazioni\Osacip
2014-09-29 13:25 - 2014-10-01 23:43 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp
2014-09-28 18:18 - 2014-09-28 18:18 - 00005414 _____ () C:\WINDOWS\setupapi.log
2014-09-28 18:15 - 2014-09-28 18:15 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-09-28 18:15 - 2014-09-28 18:15 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-27 14:55 - 2014-09-27 14:55 - 00009196 _____ () C:\Documents and Settings\Rodolfo\Documenti\dds.txt
2014-09-27 14:55 - 2014-09-27 14:55 - 00003707 _____ () C:\Documents and Settings\Rodolfo\Documenti\attach.txt
2014-09-27 14:54 - 2014-09-27 14:54 - 00009196 _____ () C:\Documents and Settings\Rodolfo\Desktop\dds.txt
2014-09-27 14:54 - 2014-09-27 14:54 - 00003707 _____ () C:\Documents and Settings\Rodolfo\Desktop\attach.txt
2014-09-27 14:49 - 2014-09-27 14:49 - 00688992 ____R (Swearware) C:\Documents and Settings\Rodolfo\Desktop\dds.com
2014-09-27 11:20 - 2014-09-27 16:07 - 00000000 ____D () C:\Documents and Settings\LocalService\Impostazioni locali\temp
2014-09-27 11:20 - 2014-09-27 11:20 - 00010327 _____ () C:\ComboFix.txt
2014-09-27 11:20 - 2014-09-27 11:20 - 00000000 ____D () C:\Documents and Settings\NetworkService\Impostazioni locali\temp
2014-09-27 11:20 - 2014-09-27 11:20 - 00000000 ____D () C:\Documents and Settings\Default User\Impostazioni locali\temp
2014-09-27 10:47 - 2014-09-27 11:06 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Dati applicazioni\Ummudaw
2014-09-26 23:14 - 2014-09-26 23:14 - 00178648 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-26 22:24 - 2014-09-26 22:24 - 00000000 _RSHD () C:\cmdcons
2014-09-26 22:24 - 2014-07-21 22:20 - 00000245 _____ () C:\Boot.bak
2014-09-26 22:24 - 2004-08-03 23:00 - 00261312 __RSH () C:\cmldr
2014-09-26 22:18 - 2014-09-27 11:20 - 00000000 ____D () C:\Qoobox
2014-09-26 22:18 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-09-26 22:18 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-09-26 22:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-09-26 22:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-09-26 22:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-09-26 22:18 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-09-26 22:18 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-09-26 22:18 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-09-26 22:18 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-09-26 22:17 - 2014-09-26 22:50 - 00000000 ____D () C:\WINDOWS\erdnt
2014-09-26 22:13 - 2014-09-26 22:14 - 05580995 ____R (Swearware) C:\Documents and Settings\Rodolfo\Desktop\ComboFix.exe
2014-09-25 21:28 - 2014-09-25 21:31 - 00000000 ____D () C:\Programmi\Mozilla Firefox
2014-09-23 23:41 - 2014-10-01 22:58 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\Ojics
2014-09-23 23:39 - 2014-09-28 22:36 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\IWsoft
2014-09-21 10:28 - 2014-09-21 10:28 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\proDAD_GmbH
2014-09-21 10:28 - 2014-09-21 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Dati applicazioni\proDAD
2014-09-21 10:27 - 2014-09-21 10:27 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Dati applicazioni\proDAD
2014-09-16 20:54 - 2014-09-16 20:54 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Dati applicazioni\No Company Name
2014-09-14 19:19 - 2014-09-14 19:26 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Dati applicazioni\Spotify
2014-09-14 17:34 - 2014-09-14 18:57 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-09-09 00:40 - 2014-10-01 23:40 - 00000455 _____ () C:\Documents and Settings\Rodolfo\Dati applicazioni\Safer-Networking.log
2014-09-01 14:51 - 2014-09-01 14:52 - 00000000 ____D () C:\Programmi\Defraggler
2014-09-01 14:51 - 2014-09-01 14:51 - 00001544 _____ () C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
2014-09-01 14:51 - 2014-09-01 14:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Avvio\Programmi\Defraggler
2014-09-01 12:49 - 2014-09-01 12:49 - 00000000 ____D () C:\Programmi\Image-Line
2014-09-01 12:49 - 2014-09-01 12:49 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Menu Avvio\Programmi\Image-Line PoiZone v2.1

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 23:41 - 2013-04-11 21:47 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Documenti\Download
2014-10-01 23:40 - 2013-04-11 20:10 - 00000978 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-01 23:29 - 2013-04-10 15:08 - 02040066 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-01 23:27 - 2013-04-10 15:34 - 00000000 __RHD () C:\Documents and Settings\Rodolfo\Dati applicazioni
2014-10-01 23:26 - 2013-04-11 21:58 - 00000612 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-10-01 23:26 - 2013-04-10 15:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-01 23:23 - 2013-04-11 21:58 - 00524288 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-10-01 23:23 - 2013-04-10 15:34 - 00000194 ___SH () C:\Documents and Settings\Rodolfo\ntuser.ini
2014-10-01 23:23 - 2013-04-10 15:34 - 00000000 ____D () C:\Documents and Settings\Rodolfo
2014-10-01 23:23 - 2013-04-10 15:23 - 00030964 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-01 23:19 - 2013-04-10 15:34 - 00000000 ___HD () C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni
2014-10-01 22:53 - 2013-04-10 13:51 - 00000000 ____D () C:\WINDOWS\Resources
2014-10-01 22:45 - 2014-04-21 22:56 - 00001744 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-01 21:46 - 2013-04-10 14:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Avvio\Programmi
2014-10-01 21:44 - 2013-04-10 14:39 - 00000000 ___RD () C:\Programmi
2014-10-01 21:44 - 2013-04-10 14:37 - 00000000 __RHD () C:\Documents and Settings\All Users\Dati applicazioni
2014-09-29 18:40 - 2013-04-11 20:10 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-29 18:40 - 2013-04-11 20:10 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-29 13:25 - 2013-04-10 15:34 - 00000000 ___HD () C:\Documents and Settings\Rodolfo\Impostazioni locali
2014-09-28 23:11 - 2013-04-10 15:34 - 00000000 ___RD () C:\Documents and Settings\Rodolfo\Menu Avvio\Programmi\Esecuzione automatica
2014-09-27 14:55 - 2013-04-10 15:34 - 00000000 ___RD () C:\Documents and Settings\Rodolfo\Documenti
2014-09-27 11:20 - 2013-04-10 15:22 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Impostazioni locali
2014-09-27 11:20 - 2013-04-10 15:22 - 00000000 ___HD () C:\Documents and Settings\LocalService\Impostazioni locali
2014-09-27 11:20 - 2013-04-10 14:38 - 00000000 __RHD () C:\Documents and Settings\Default User\Impostazioni locali
2014-09-27 11:13 - 2004-08-19 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-27 11:03 - 2013-04-10 14:39 - 00000000 ____D () C:\Programmi\File comuni
2014-09-27 10:53 - 2013-04-10 15:02 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-27 10:46 - 2013-04-12 20:26 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-09-26 22:24 - 2013-04-10 13:57 - 00000355 __RSH () C:\boot.ini
2014-09-25 22:46 - 2014-04-30 19:01 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Dati applicazioni\BitTorrent
2014-09-25 22:03 - 2013-04-11 20:06 - 00000000 ____D () C:\Programmi\Mozilla Maintenance Service
2014-09-24 20:14 - 2013-04-14 23:12 - 00000487 ____C () C:\WINDOWS\wininit.ini
2014-09-22 18:25 - 2004-08-19 14:00 - 00013714 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-21 10:31 - 2013-04-13 13:25 - 00000000 ____D () C:\Programmi\CCleaner
2014-09-20 14:11 - 2013-10-13 14:03 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Documenti\Biblioteca di calibre
2014-09-20 12:59 - 2013-10-13 14:02 - 00000000 ____D () C:\Documents and Settings\Rodolfo\Dati applicazioni\calibre
2014-09-16 20:59 - 2013-04-25 19:07 - 00000000 ____D () C:\Programmi\File comuni\Adobe
2014-09-16 20:59 - 2013-04-11 08:56 - 00000000 ____D () C:\Documents and Settings\All Users\Dati applicazioni\Adobe
2014-09-16 20:56 - 2013-04-25 19:07 - 00000000 ____D () C:\Programmi\Adobe
2014-09-14 17:33 - 2014-06-27 13:24 - 00000000 ____D () C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2014-09-14 17:32 - 2013-11-15 12:24 - 00000000 ____D () C:\Programmi\Sony
2014-09-14 17:30 - 2013-11-15 12:25 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Avvio\Programmi\Sony
2014-09-14 17:30 - 2013-11-15 12:24 - 00000000 ____D () C:\Documents and Settings\All Users\Dati applicazioni\Sony
2014-09-08 12:20 - 2013-04-11 15:53 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-06 17:36 - 2013-04-10 15:34 - 00000000 ___RD () C:\Documents and Settings\Rodolfo\Menu Avvio\Programmi
2014-09-06 10:20 - 2013-04-14 17:48 - 00000000 ____D () C:\Programmi\Vstplugins
2014-09-01 00:31 - 2013-04-11 21:58 - 00000438 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

Some content of TEMP:
====================
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\avgnt.exe
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\bgdfcffc.exe
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\Quarantine.exe
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\tmp22.exe
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\vxfdse.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-10-2014 01
Ran by Rodolfo at 2014-10-01 23:43:46
Running from C:\Documents and Settings\Rodolfo\Documenti\Download
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Italiano (HKLM\...\{AC76BA86-7AD7-1040-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento della protezione per Windows XP (KB923789) (HKLM\...\KB923789) (Version:  - Microsoft Corporation)
Aggiornamento per Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Aggiornamento rapido per Windows XP (KB942288-v3) (HKLM\...\KB942288-v3) (Version: 3 - Microsoft Corporation)
AudioEase Speakersphone VST RTAS v1.03 (HKLM\...\AudioEase Speakersphone VST RTAS_is1) (Version:  - Audio Ease)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32128 - BitTorrent Inc.)
BurnAware Professional 6.8 (HKLM\...\BurnAware Professional_is1) (Version:  - Burnaware)
calibre (HKLM\...\{BA356893-F9F4-4C84-B10B-6EB2FC3C3B90}) (Version: 1.5.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Image-Line PoiZone v2.1 (HKLM\...\Image-Line PoiZone v2.1) (Version:  - )
Java Auto Updater (Version: 2.0.1.2 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 9.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
Live 8.2.2 (HKLM\...\Live 8.2.2) (Version:  - )
Malwarebytes Anti-Malware versione 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 it) (HKLM\...\Mozilla Firefox 32.0.3 (x86 it)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
Ohm Force - Ohmicide VST (HKLM\...\Ohmicide VST) (Version:  - )
OrangeVocoder VST 2.02 (HKLM\...\OrangeVocoder_VST_2.02) (Version:  - )
Sound Forge Pro 10.0 (HKLM\...\{B8A817D7-AE0F-42BA-AEB9-B5F1F3EFB7AF}) (Version: 10.0.425 - Sony)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Video Converter 3.71 100812 (HKLM\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080413.144514 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-09-2014 20:19:22 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-19 14:00 - 2014-10-01 22:43 - 00001397 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
107.181.174.69 www.google-analytics.com.
107.181.174.69 google-analytics.com.
107.181.174.69 connect.facebook.net.
158.58.173.195 www.google-analytics.com.
158.58.173.195 google-analytics.com.
158.58.173.195 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Programmi\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Programmi\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Programmi\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2014-10-01 23:19 - 2014-10-01 23:19 - 00023552 _____ () C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\ciwbiec.dll
2004-08-19 14:00 - 2004-08-19 14:00 - 00015360 _____ () C:\WINDOWS\system32\tsd32.dll
2014-09-23 21:09 - 2014-09-23 21:09 - 02400768 _____ () C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-10-01 21:51 - 2014-10-01 21:51 - 00086016 _____ () C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\Ojics\regTraceInterval.dll
2014-09-23 23:38 - 2014-09-23 23:38 - 01821184 _____ () C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Secure\Icons\IconsCacheHelper.dll
2013-04-11 21:58 - 2012-11-13 14:06 - 00108960 _____ () C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-04-11 21:58 - 2012-11-13 14:06 - 00416160 _____ () C:\Programmi\Spybot - Search & Destroy 2\DEC150.bpl
2013-04-11 21:58 - 2012-11-13 14:06 - 00528288 _____ () C:\Programmi\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-04-11 21:58 - 2012-11-13 14:06 - 00158624 _____ () C:\Programmi\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-04-11 21:58 - 2012-11-13 14:06 - 00554400 _____ () C:\Programmi\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-04-11 08:49 - 2012-02-17 20:55 - 00166912 _____ () C:\Programmi\WinRAR\rarext.dll
2014-09-28 22:36 - 2014-09-28 22:36 - 00057856 _____ () C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\IWsoft\Smilib.dll
2014-09-25 21:29 - 2014-09-25 21:31 - 03715184 _____ () C:\Programmi\Mozilla Firefox\mozjs.dll
2013-04-11 21:58 - 2012-08-23 09:38 - 00574840 _____ () C:\Programmi\Spybot - Search & Destroy 2\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2025429265-2111687655-682003330-500 - Administrator - Enabled)
Guest (S-1-5-21-2025429265-2111687655-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2025429265-2111687655-682003330-1000 - Limited - Disabled)
Rodolfo (S-1-5-21-2025429265-2111687655-682003330-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Rodolfo
SUPPORT_388945a0 (S-1-5-21-2025429265-2111687655-682003330-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Controller RAID
Description: Controller RAID
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controller audio multimediale
Description: Controller audio multimediale
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2014 11:40:18 PM) (Source: SDFSSvc.exe) (EventID: 0) (User: )
Description: Il processo di servizio non ha potuto connettersi al controller di servizio

Error: (09/28/2014 10:40:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Applicazione in stallo firefox.exe, versione 32.0.3.5379, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error: (09/28/2014 06:49:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512, modulo che ha provocato l'errore , versione 0.0.0.0, indirizzo errore 0x00000000.
Elaborazione evento specifico al supporto per [explorer.exe!ws!] in corso

Error: (09/28/2014 06:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512, modulo che ha provocato l'errore , versione 0.0.0.0, indirizzo errore 0x00000000.
Elaborazione evento specifico al supporto per [explorer.exe!ws!] in corso

Error: (09/28/2014 06:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512, modulo che ha provocato l'errore , versione 0.0.0.0, indirizzo errore 0x00000000.
Elaborazione evento specifico al supporto per [explorer.exe!ws!] in corso

Error: (09/28/2014 06:49:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512, modulo che ha provocato l'errore , versione 0.0.0.0, indirizzo errore 0x00000000.
Elaborazione evento specifico al supporto per [explorer.exe!ws!] in corso

Error: (09/28/2014 06:49:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512, modulo che ha provocato l'errore , versione 0.0.0.0, indirizzo errore 0x00000000.
Elaborazione evento specifico al supporto per [explorer.exe!ws!] in corso

Error: (09/28/2014 06:49:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512, modulo che ha provocato l'errore , versione 0.0.0.0, indirizzo errore 0x00000000.
Elaborazione evento specifico al supporto per [explorer.exe!ws!] in corso

Error: (09/28/2014 06:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512, modulo che ha provocato l'errore , versione 0.0.0.0, indirizzo errore 0x00000000.
Elaborazione evento specifico al supporto per [explorer.exe!ws!] in corso

Error: (09/28/2014 06:49:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512, modulo che ha provocato l'errore , versione 0.0.0.0, indirizzo errore 0x00000000.
Elaborazione evento specifico al supporto per [explorer.exe!ws!] in corso


System errors:
=============
Error: (10/01/2014 11:40:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Spybot-S&D 2 Scanner Service è terminato in modo imprevisto. Questo problema si è verificato 1 volta/e.  Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.

Error: (10/01/2014 11:29:12 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Il lease 192.168.1.3 dell'indirizzo IP della scheda di rete con indirizzo 00508D5D14A5 è stato
negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato un messaggio DHCPNACK.

Error: (10/01/2014 11:28:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Spybot-S&D 2 Security Center Service non è stato avviato per il seguente errore:
%%1053

Error: (10/01/2014 11:28:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Spybot-S&D 2 Security Center Service.

Error: (10/01/2014 11:28:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Spybot-S&D 2 Scanner Service non è stato avviato per il seguente errore:
%%1053

Error: (10/01/2014 11:28:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Spybot-S&D 2 Scanner Service.

Error: (10/01/2014 10:55:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Spybot-S&D 2 Security Center Service non è stato avviato per il seguente errore:
%%1053

Error: (10/01/2014 10:55:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Spybot-S&D 2 Security Center Service.

Error: (10/01/2014 10:55:20 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (10/01/2014 09:39:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio Spybot-S&D 2 Scanner Service non è stato avviato per il seguente errore:
%%1053


Microsoft Office Sessions:
=========================
Error: (10/01/2014 11:40:18 PM) (Source: SDFSSvc.exe) (EventID: 0) (User: )
Description: Il processo di servizio non ha potuto connettersi al controller di servizio

Error: (09/28/2014 10:40:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe32.0.3.5379hungapp0.0.0.000000000

Error: (09/28/2014 06:49:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (09/28/2014 06:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (09/28/2014 06:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (09/28/2014 06:49:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (09/28/2014 06:49:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (09/28/2014 06:49:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (09/28/2014 06:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (09/28/2014 06:49:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000
 

 

 

When connection starts antivirus shows TR/CRYPT.EPACK 21673 ( CLOUD ).

Computer is more than slow......



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 02 October 2014 - 01:06 PM

Before I suggest any fix please run this tool and post the log for my review.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#5 tbozo

tbozo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 02 October 2014 - 01:51 PM

RogueKiller V9.2.13.0 [Sep 25 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Rodolfo [Admin rights]
Mode : Remove -- Date : 10/02/2014  20:46:55

¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] vxfdse.exe -- C:\DOCUME~1\Rodolfo\IMPOST~1\Temp\vxfdse.exe[-] -> Chiuso [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-2025429265-2111687655-682003330-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce | 9yW79317 : "C:\Documents and Settings\Rodolfo\Dati applicazioni\9yW79317.exe" opt [-][x] -> Cancellato
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NON SELEZIONATO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NON SELEZIONATO
[Hj.RegVal] HKEY_USERS\S-1-5-21-2025429265-2111687655-682003330-1004\Software\Microsoft\Command Processor | AutoRun : "C:\Documents and Settings\Rodolfo\Dati applicazioni\Microsoft\Windows\IEUpdate\netdde.exe"  -> Sostituito ()
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2025429265-2111687655-682003330-1004\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :

¤¤¤ Le attività pianificate : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] netdde.lnk -- C:\Documents and Settings\Rodolfo\Menu Avvio\Programmi\Esecuzione automatica\netdde.lnk [LNK@] C:\Documents and Settings\Rodolfo\Dati applicazioni\Microsoft\Windows\IEUpdate\netdde.exe -> Cancellato

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 215 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtClose[25] : Unknown @ 0xf7ca717c
[SSDT:Addr(Hook.SSDT)] NtCreateKey[41] : Unknown @ 0xf7ca7136
[SSDT:Addr(Hook.SSDT)] NtCreateSection[50] : Unknown @ 0xf7ca7186
[SSDT:Addr(Hook.SSDT)] NtCreateThread[53] : Unknown @ 0xf7ca712c
[SSDT:Addr(Hook.SSDT)] NtDeleteKey[63] : Unknown @ 0xf7ca713b
[SSDT:Addr(Hook.SSDT)] NtDeleteValueKey[65] : Unknown @ 0xf7ca7145
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[68] : Unknown @ 0xf7ca7177
[SSDT:Addr(Hook.SSDT)] NtLoadKey[98] : Unknown @ 0xf7ca714a
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[122] : Unknown @ 0xf7ca7118
[SSDT:Addr(Hook.SSDT)] NtOpenThread[128] : Unknown @ 0xf7ca711d
[SSDT:Addr(Hook.SSDT)] NtQueryValueKey[177] : Unknown @ 0xf7ca719f
[SSDT:Addr(Hook.SSDT)] NtReplaceKey[193] : Unknown @ 0xf7ca7154
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[200] : Unknown @ 0xf7ca7190
[SSDT:Addr(Hook.SSDT)] NtRestoreKey[204] : Unknown @ 0xf7ca714f
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[213] : Unknown @ 0xf7ca718b
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[237] : Unknown @ 0xf7ca7195
[SSDT:Addr(Hook.SSDT)] NtSetValueKey[247] : Unknown @ 0xf7ca7140
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[255] : Unknown @ 0xf7ca719a
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[257] : Unknown @ 0xf7ca7127
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xf7ca71ae
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0xf7ca71b3
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$13Regexpr@PREOp : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47318cc
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$16Regexpr@ERegExpr : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47324e8
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$16Regexpr@TRegExpr : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4732148
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$18Gnugettext@TDomain : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4739720
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$18Gnugettext@TMoFile : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473939c
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$18Regexpr@PRENextOff : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47318e0
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$20Regexpr@PREBracesArg : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47318f8
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$21Gnugettext@EGGIOError : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738f6c
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$22Gnugettext@EGnuGettext : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738d84
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$22Gnugettext@TExecutable : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4739810
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$22Gnugettext@TTranslator : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738cd8
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$23Gnugettext@TDebugLogger : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4739100
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$23Gnugettext@TOnDebugLine : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4739048
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$25Gnugettext@TGetPluralForm : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47390d0
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$28Gnugettext@EGGComponentError : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738ecc
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$30Gnugettext@EGGProgrammingError : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738e24
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$30Gnugettext@TGnuGettextInstance : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473a59c
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$32Gnugettext@EGGAnsi2WideConvError : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4739010
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$34Regexpr@TRegExprInvertCaseFunction : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4731910
[EAT:Addr] (explorer.exe) DEC150.bpl - @GetPackageInfoTable : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4741a30
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@AddDomainForResourceString$qqrx20System@UnicodeStrin·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473c62c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@DefaultInstance : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x474401c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@EGGAnsi2WideConvError@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738fec
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@EGGComponentError@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738eac
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@EGGIOError@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738f54
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@EGGProgrammingError@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738e04
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@EGnuGettext@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738d6c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@ExecutableFilename : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4744018
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@Finalization$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4741840
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@GetCurrentLanguage$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473bf38
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@GetTranslatorNameAndEmail$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473bca4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@HookIntoResourceStrings$qqroo : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47410ac
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@LoadResString$qqrp20System@TResStringRec : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473becc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@LoadResStringW$qqrp20System@TResStringRec : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473bf20
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@RemoveDomainForResourceString$qqrx20System@UnicodeSt·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473c688
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@RetranslateComponent$qqrp18Classes@TComponentx20Syst·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b71c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4739450
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@$bctr$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473cfd8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@$bdtr$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473bf70
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@CloseMoFile$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473bf4c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@GetListOfLanguages$qqrp16Classes@TStrings : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473c994
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@GetTranslationProperty$qqr20System@UnicodeSt·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473c3b8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@OpenMoFile$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473bfe4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@SetFilename$qqrx20System@UnicodeString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473cf5c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@SetLanguageCode$qqrx20System@UnicodeString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473c6e8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@gettext$qqrx31System@%AnsiStringT$us$i65535$·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473cf80
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@setDirectory$qqrx20System@UnicodeString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473c5cc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TExecutable@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47397c8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4739898
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@$bctr$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d084
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@$bdtr$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d25c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@DebugLogPause$qqro : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f420
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@DebugLogToFile$qqrx20System@Unic·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f424
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@FreeTP_ClassHandlingItems$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473fba4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@GetCurrentLanguage$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d4ac
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@GetListOfLanguages$qqrx20System@·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f3d0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@GetTranslationProperty$qqrx20Sys·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f1f4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@GetTranslatorNameAndEmail$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f1b0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@Getdomain$qqrx20System@UnicodeSt·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f428
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@LoadResString$qqrp20System@TResS·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f4ac
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@RetranslateComponent$qqrp18Class·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f62c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_CreateRetranslator$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d538
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_GlobalHandleClass$qqrp17Syste·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d554
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_GlobalIgnoreClass$qqrp17Syste·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d6e8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_GlobalIgnoreClassProperty$qqr·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d958
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_Ignore$qqrp14System@TObjectx2·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473db60
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_IgnoreClass$qqrp17System@TMet·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f7d8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_IgnoreClassProperty$qqrp17Sys·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f9b4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TranslateComponent$qqrp18Classes·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473dbb4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TranslateProperties$qqrp14System·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473e3e0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TranslateProperty$qqrp14System@T·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473de7c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TranslateStrings$qqrp16Classes@T·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f078
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@UseLanguage$qqr20System@UnicodeS·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473eb98
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@WhenNewDomain$qqrx20System@Unico·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f3c4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@WhenNewDomainDirectory$qqrx20Sys·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f3cc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@WhenNewLanguage$qqrx20System@Uni·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f3c8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@bindtextdomain$qqrx20System@Unic·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d014
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@bindtextdomainToFile$qqrx20Syste·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f3f8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@dgettext$qqrx20System@UnicodeStr·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d3a4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@dgettext_NoExtract$qqrx20System@·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d488
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@dngettext$qqrx20System@UnicodeSt·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f220
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@dngettext_NoExtract$qqrx20System·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f344
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@getcurrenttextdomain$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d4c0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@gettext$qqrx20System@UnicodeStri·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d4d4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@gettext_NoExtract$qqrx20System@U·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d4f0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@gettext_NoOp$qqrx20System@Unicod·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d508
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@ngettext$qqrx20System@UnicodeStr·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f370
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@ngettext_NoExtract$qqrx20System@·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473f39c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@textdomain$qqrx20System@UnicodeS·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473d51c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4739198
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@$bctr$qqrx20System@UnicodeStringxjjxo : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4741154
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@$bdtr$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47415fc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@CardinalInMem$qqrpcui : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x474113c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@autoswap32$qqrui : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4741100
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@gettext$qqrx31System@%AnsiStringT$us$i65535$·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x474164c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_GlobalHandleClass$qqrp17System@TMetaClassynpqqrp1·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b6f0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_GlobalIgnoreClass$qqrp17System@TMetaClass : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b6b0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_GlobalIgnoreClassProperty$qqrp17System@TMetaClass·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b6e0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_Ignore$qqrp14System@TObjectx20System@UnicodeStrin·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b6a0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_IgnoreClass$qqrp17System@TMetaClass : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b6c0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_IgnoreClassProperty$qqrp17System@TMetaClassx20Sys·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b6d0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TranslateComponent$qqrp18Classes@TComponentx20System·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b70c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@UseLanguage$qqr20System@UnicodeString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473bcb8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@_$qqrx20System@UnicodeString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b5a0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@bindtextdomain$qqrx20System@UnicodeStringt1 : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b690
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@dgettext$qqrx20System@UnicodeStringt1 : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b5b8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@dgettext_NoExtract$qqrx20System@UnicodeStringt1 : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b5d4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@dngettext$qqrx20System@UnicodeStringt1t1i : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b5ec
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@getcurrenttextdomain$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b67c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@gettext$qqrx20System@UnicodeString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b55c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@gettext_NoExtract$qqrx20System@UnicodeString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b574
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@gettext_NoOp$qqrx20System@UnicodeString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b588
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@initialization$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x474208c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@ngettext$qqrx20System@UnicodeStringt1i : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b61c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@ngettext_NoExtract$qqrx20System@UnicodeStringt1i : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b648
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@textdomain$qqrx20System@UnicodeString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473b66c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@ERegExpr@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4732498
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@ExecRegExpr$qqrx17System@WideStringt1 : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4732658
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@Finalization$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738c2c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@QuoteRegExprMetaChars$qqrx17System@WideString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47327c0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprInvertCaseFunction : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4743058
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprLinePairedSeparator : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4743054
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprLineSeparators : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4743050
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierG : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4743043
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierI : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4743040
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierM : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4743044
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierR : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4743041
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierS : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4743042
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierX : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4743045
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprSpaceChars : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4743048
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprSubExpressions$qqrx20System@UnicodeStringp16Clas·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4732904
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprWordChars : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x474304c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@ReplaceRegExpr$qqrx17System@WideStringt1t1o : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473272c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@SplitRegExpr$qqrx17System@WideStringt1p16Classes@TStrin·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47326c0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4731a68
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@$bctr$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733c7c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@$bdtr$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733d90
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Compile$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47344c0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@CompileRegExpr$qqrpb : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4734694
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Dump$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738570
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@DumpOp$qqrb : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4737dcc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@EmitC$qqrb : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47345c8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@EmitNode$qqrb : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4734588
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Error$qqri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4738af4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ErrorMsg$qqri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4732c14
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Exec$qqrx17System@WideString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4737534
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ExecNext$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4737698
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ExecPos$qqri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47376e0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ExecPrim$qqri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473754c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetCompilerErrorPos$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4736144
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetExpression$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733e00
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetInputString$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47376e8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetLinePairedSeparator$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47378bc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetMatch$qqri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733f9c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetMatchLen$qqri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733f64
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetMatchPos$qqri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733f28
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetModifier$qqri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47343b8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetModifierStr$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733fe8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetSubExprMatchCount$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733efc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@InsertOperator$qqrbpbi : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47345f0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@InvalidateProgramm$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47344a4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@InvertCaseFunction$qqrxb : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733dd8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@IsProgrammOk$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47344e0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@LastError$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733c58
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@MatchPrim$qqrpb : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47366a8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@OpTail$qqrpbt1 : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4734568
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ParseAtom$qqrri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473559c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ParseBranch$qqrri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4734ad8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ParseModifiersStr$qqrx17System@WideStringri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4734180
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ParsePiece$qqrri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4734d70
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ParseReg$qqriri : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4734908
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@RegMatch$qqrpb : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47374f0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Replace$qqr17System@WideStringx17System@WideSt·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4737cc0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetExpression$qqrx17System@WideString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733e28
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetInputString$qqrx17System@WideString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4737718
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetLinePairedSeparator$qqrx17System@WideString·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4737810
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetLineSeparators$qqrx17System@WideString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47377e4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetModifier$qqrio : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473442c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetModifierStr$qqrx17System@WideString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4734390
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Split$qqr17System@WideStringp16Classes@TString·'ÛæíÊ(þW : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4737bc0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@StrScanCI$qqrpbb : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x473616c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Substitute$qqrx17System@WideString : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4737a14
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Tail$qqrpbt1 : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4734530
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@VersionMajor$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733c6c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@VersionMinor$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4733c74
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@regnext$qqrpb : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4736688
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@regrepeat$qqrpbi : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47361b4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@initialization$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4742078
[EAT:Addr] (explorer.exe) DEC150.bpl - @Snlthirdparty@@GetPackageInfoTable$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4741a30
[EAT:Addr] (explorer.exe) DEC150.bpl - @Snlthirdparty@@PackageLoad$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4741a38
[EAT:Addr] (explorer.exe) DEC150.bpl - @Snlthirdparty@@PackageUnload$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4741a44
[EAT:Addr] (explorer.exe) DEC150.bpl - @Snlthirdparty@initialization$qqrv : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x47422e8
[EAT:Addr] (explorer.exe) DEC150.bpl - Finalize : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4741a44
[EAT:Addr] (explorer.exe) DEC150.bpl - Initialize : C:\Programmi\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x4741a38

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] ff006904e8ee0efb71266a78ff800e3e
[BSP] 89bdcf593b8d8901ec2d897b239f9971 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 19085 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Maxtor 6Y080L0 +++++
--- User ---
[MBR] 59f77e242eed3f3abbce35d4a98b44a2
[BSP] 4be21e90b42a0c21451d6eb037cbbcf3 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 78159 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10022014_204543.log



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 03 October 2014 - 07:55 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
Winlogon\Notify\ciwbiec: C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\ciwbiec.dll ()
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\Run: [ciwbiec] => rundll32 "C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\ciwbiec.dll",ciwbiec
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\RunOnce: [93cE9a] => C:\Documents and Settings\Rodolfo\Dati applicazioni\93cE9a.exe [724992 2014-10-01] ()
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\Command Processor: "C:\Documents and Settings\Rodolfo\Dati applicazioni\Microsoft\Windows\IEUpdate\netdde.exe" <===== ATTENTION!
ShortcutTarget: netdde.lnk -> C:\Documents and Settings\Rodolfo\Dati applicazioni\Microsoft\Windows\IEUpdate\netdde.exe (No File)
SearchScopes: HKCU - URL http://www.bing.com/search?q={searchTerms}
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\yahoo-it.xml
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\Rodolfo\IMPOST~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U3 TlntSvr; No ImagePath
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\avgnt.exe
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\bgdfcffc.exe
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\tmp22.exe
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\vxfdse.exe
C:\Documents and Settings\Rodolfo\Dati applicazioni\93cE9a.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#7 tbozo

tbozo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 03 October 2014 - 01:13 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-10-2014
Ran by Rodolfo at 2014-10-03 18:49:48 Run:1
Running from C:\Documents and Settings\Rodolfo\Documenti\Download
Loaded Profile: Rodolfo (Available profiles: Rodolfo)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
Winlogon\Notify\ciwbiec: C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\ciwbiec.dll ()
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\Run: [ciwbiec] => rundll32 "C:\Documents and Settings\Rodolfo\Impostazioni locali\Dati applicazioni\ciwbiec.dll",ciwbiec
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\RunOnce: [93cE9a] => C:\Documents and Settings\Rodolfo\Dati applicazioni\93cE9a.exe [724992 2014-10-01] ()
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\...\Command Processor: "C:\Documents and Settings\Rodolfo\Dati applicazioni\Microsoft\Windows\IEUpdate\netdde.exe" <===== ATTENTION!
ShortcutTarget: netdde.lnk -> C:\Documents and Settings\Rodolfo\Dati applicazioni\Microsoft\Windows\IEUpdate\netdde.exe (No File)
SearchScopes: HKCU - URL http://www.bing.com/search?q={searchTerms}
FF SearchPlugin: C:\Programmi\mozilla firefox\browser\searchplugins\yahoo-it.xml
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\DOCUME~1\Rodolfo\IMPOST~1\Temp\cpuz132\cpuz132_x32.sys [X]
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U3 TlntSvr; No ImagePath
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\avgnt.exe
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\bgdfcffc.exe
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\tmp22.exe
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\vxfdse.exe
C:\Documents and Settings\Rodolfo\Dati applicazioni\93cE9a.exe

End
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ciwbiec" => Key deleted successfully.
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ciwbiec => value deleted successfully.
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\93cE9a => Value not found.
HKU\S-1-5-21-2025429265-2111687655-682003330-1004\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully.
C:\Documents and Settings\Rodolfo\Dati applicazioni\Microsoft\Windows\IEUpdate\netdde.exe not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
C:\Programmi\mozilla firefox\browser\searchplugins\yahoo-it.xml => Moved successfully.
catchme => Service deleted successfully.
cpuz132 => Service deleted successfully.
IntelIde => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
TlntSvr => Service deleted successfully.
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\avgnt.exe => Moved successfully.
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\bgdfcffc.exe => Moved successfully.
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\tmp22.exe => Moved successfully.
C:\Documents and Settings\Rodolfo\Impostazioni locali\Temp\vxfdse.exe => Moved successfully.
"C:\Documents and Settings\Rodolfo\Dati applicazioni\93cE9a.exe" => File/Directory not found.

==== End of Fixlog ====

 

 

 

 

 Results of screen317's Security Check version 0.99.88  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Avira Free Antivirus    
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 CCleaner     
 Java version out of Date!
 Adobe Flash Player     15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

Seems the computer is running much better ,

even if still slow

antivirus detected  : HEUR / APC ( CLOUD )



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 03 October 2014 - 01:47 PM

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

Edited by nasdaq, 03 October 2014 - 01:48 PM.


#9 tbozo

tbozo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 03 October 2014 - 04:29 PM

Updated java, but runs even slower.

Tried to disable it from browser.... same story

Antivirus still shows up and can't be updated.( update files can be downloaded but not installed ).



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 04 October 2014 - 08:21 AM



If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers used by CM Emulators.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

    HOW TO: Enable the CD Emulators... < restore only when we are finished.

    To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.[/list] ===

    Read carefully and follow these steps.
    TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • ===

    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===


#11 tbozo

tbozo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 04 October 2014 - 02:45 PM

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:30 on 04/10/2014 (Rodolfo)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 05 October 2014 - 06:39 AM

As previously suggested, download and run this tool TDSSKiller

#13 tbozo

tbozo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 05 October 2014 - 10:24 AM

can't post anymore ---- post is too long-----------



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:34 PM

Posted 05 October 2014 - 10:38 AM

Cut you log in two or three parts.
Use more than one post to reply.

#15 tbozo

tbozo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 05 October 2014 - 10:52 AM

10:29:50.0703 0x01f8  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
10:30:00.0656 0x01f8  ============================================================
10:30:00.0656 0x01f8  Current date / time: 2014/10/05 10:30:00.0656
10:30:00.0656 0x01f8  SystemInfo:
10:30:00.0656 0x01f8  
10:30:00.0656 0x01f8  OS Version: 5.1.2600 ServicePack: 3.0
10:30:00.0656 0x01f8  Product type: Workstation
10:30:00.0656 0x01f8  ComputerName: RODOLFO-9C47E61
10:30:00.0656 0x01f8  UserName: Rodolfo
10:30:00.0656 0x01f8  Windows directory: C:\WINDOWS
10:30:00.0656 0x01f8  System windows directory: C:\WINDOWS
10:30:00.0656 0x01f8  Processor architecture: Intel x86
10:30:00.0656 0x01f8  Number of processors: 1
10:30:00.0656 0x01f8  Page size: 0x1000
10:30:00.0656 0x01f8  Boot type: Normal boot
10:30:00.0656 0x01f8  ============================================================
10:30:10.0921 0x01f8  KLMD registered as C:\WINDOWS\system32\drivers\95474889.sys
10:30:12.0812 0x01f8  System UUID: {BAD15B06-CE27-0900-8B6F-793923681010}
10:30:19.0234 0x01f8  Drive \Device\Harddisk0\DR0 - Size: 0x4A94F0000 ( 18.65 Gb ), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:30:19.0250 0x01f8  Drive \Device\Harddisk1\DR1 - Size: 0x1315740000 ( 76.34 Gb ), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:30:19.0500 0x01f8  ============================================================
10:30:19.0500 0x01f8  \Device\Harddisk0\DR0:
10:30:19.0562 0x01f8  MBR partitions:
10:30:19.0562 0x01f8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2546802
10:30:19.0562 0x01f8  \Device\Harddisk1\DR1:
10:30:19.0562 0x01f8  MBR partitions:
10:30:19.0562 0x01f8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A7FAD
10:30:19.0562 0x01f8  ============================================================
10:30:19.0703 0x01f8  C: <-> \Device\Harddisk0\DR0\Partition1
10:30:19.0953 0x01f8  F: <-> \Device\Harddisk1\DR1\Partition1
10:30:19.0953 0x01f8  ============================================================
10:30:19.0953 0x01f8  Initialize success
10:30:19.0953 0x01f8  ============================================================
10:30:42.0390 0x06b8  ============================================================
10:30:42.0390 0x06b8  Scan started
10:30:42.0390 0x06b8  Mode: Manual;
10:30:42.0390 0x06b8  ============================================================
10:30:42.0390 0x06b8  KSN ping started
10:30:43.0531 0x06b8  KSN ping finished: true
10:30:49.0546 0x06b8  ================ Scan system memory ========================
10:30:49.0562 0x06b8  System memory - ok
10:30:49.0578 0x06b8  ================ Scan services =============================
10:30:50.0093 0x06b8  Abiosdsk - ok
10:30:50.0156 0x06b8  abp480n5 - ok
10:30:50.0406 0x06b8  [ D766E636187B8F240BBFBABCD51EB2C6, 7B4CA12B475DCD25BD1E7B0D97BCD7ACCA2B937C413725A25DE414FDDDF3E435 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:30:50.0453 0x06b8  ACPI - ok
10:30:50.0984 0x06b8  [ 49AC5CD87FBDDA62F3E25190019E7627, E2AF6436C460CB7FC8E5458383395C94E155120730887E611841D39C33A6B0FA ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:30:51.0093 0x06b8  ACPIEC - ok
10:30:51.0375 0x06b8  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:30:51.0640 0x06b8  AdobeFlashPlayerUpdateSvc - ok
10:30:51.0687 0x06b8  adpu160m - ok
10:30:51.0828 0x06b8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:30:52.0062 0x06b8  aec - ok
10:30:52.0203 0x06b8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:30:52.0453 0x06b8  AFD - ok
10:30:52.0468 0x06b8  Aha154x - ok
10:30:52.0546 0x06b8  aic78u2 - ok
10:30:52.0609 0x06b8  aic78xx - ok
10:30:52.0781 0x06b8  [ 14A077AD0CF6116D1102631D8E1EDEE8, 86F05D20687B2C1271CACDCD2BBE397AFB27A0FDA8EF27922D56AF1CCDF03C41 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:30:52.0937 0x06b8  Alerter - ok
10:30:53.0031 0x06b8  [ 79FE2E0D7859738225816658F0BB2A0D, CD9502C805756F4AAA1DCC535AC51DBD4D66EDCC00DC9BFE555BA33762905A5B ] ALG             C:\WINDOWS\System32\alg.exe
10:30:53.0046 0x06b8  ALG - ok
10:30:53.0109 0x06b8  AliIde - ok
10:30:53.0203 0x06b8  [ 8368729823859D2CFECC83BFF7A4F8D8, C65B79FD1C600066918AE801E1F35C5093AE5FFB1CFEDFF08F3CEC862CCA4756 ] AmdK7           C:\WINDOWS\system32\DRIVERS\amdk7.sys
10:30:55.0359 0x06b8  AmdK7 - ok
10:30:55.0406 0x06b8  amsint - ok
10:30:56.0171 0x06b8  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Programmi\Avira\AntiVir Desktop\sched.exe
10:30:56.0375 0x06b8  AntiVirSchedulerService - ok
10:30:56.0578 0x06b8  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService  C:\Programmi\Avira\AntiVir Desktop\avguard.exe
10:30:56.0750 0x06b8  AntiVirService - ok
10:30:56.0781 0x06b8  AppMgmt - ok
10:30:56.0812 0x06b8  asc - ok
10:30:56.0875 0x06b8  asc3350p - ok
10:30:56.0921 0x06b8  asc3550 - ok
10:30:57.0687 0x06b8  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:30:58.0468 0x06b8  aspnet_state - ok
10:30:58.0546 0x06b8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:30:58.0640 0x06b8  AsyncMac - ok
10:30:58.0828 0x06b8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:30:58.0890 0x06b8  atapi - ok
10:30:58.0937 0x06b8  Atdisk - ok
10:30:59.0046 0x06b8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:30:59.0171 0x06b8  Atmarpc - ok
10:30:59.0265 0x06b8  [ 1B58D118049304E88464BE614C6D0014, 4925C9EFF5B44706D654FDBD414F1BD121FD087F2405968C3DBB55AFF317B130 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:30:59.0296 0x06b8  AudioSrv - ok
10:30:59.0390 0x06b8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:30:59.0578 0x06b8  audstub - ok
10:30:59.0703 0x06b8  [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:30:59.0921 0x06b8  avgntflt - ok
10:31:00.0078 0x06b8  [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:31:00.0312 0x06b8  avipbb - ok
10:31:00.0390 0x06b8  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:31:00.0500 0x06b8  avkmgr - ok
10:31:00.0593 0x06b8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:31:00.0640 0x06b8  Beep - ok
10:31:00.0937 0x06b8  [ 48C4763A9C8990FB48B73445BEB15D6A, 6D82346967D2D5F53FC6EF401C0187BB4D2EA304421C6FC5CB1E9F751FED2D80 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:31:01.0812 0x06b8  BITS - ok
10:31:01.0968 0x06b8  [ 076D11B52F066ED33E3A80F8070A3E2E, 4CC4A71D3CB790D2D28F60E8AB955677EB67BB7CE5B087DC21E4EE07EE1B0858 ] Browser         C:\WINDOWS\System32\browser.dll
10:31:02.0015 0x06b8  Browser - ok
10:31:02.0109 0x06b8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:31:02.0250 0x06b8  cbidf2k - ok
10:31:02.0343 0x06b8  cd20xrnt - ok
10:31:02.0390 0x06b8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:31:02.0531 0x06b8  Cdaudio - ok
10:31:02.0671 0x06b8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:31:02.0828 0x06b8  Cdfs - ok
10:31:02.0937 0x06b8  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:31:03.0031 0x06b8  Cdrom - ok
10:31:03.0046 0x06b8  Changer - ok
10:31:03.0250 0x06b8  [ D04F2BEB5EA63D0766E12E44AEF7C38D, 7D2F5173F4EC4BD27094F6E1D123D274EE0B9A9A8732F30F8057A14913A2E6A7 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:31:03.0406 0x06b8  CiSvc - ok
10:31:03.0500 0x06b8  [ 48CB1DEFA1A6506C3CF09E4950F82EF6, FAF3A4636242DD51EB5806337C15A8735FE0D4DBA6797CA564EC5A87F35279FC ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:31:03.0609 0x06b8  ClipSrv - ok
10:31:03.0843 0x06b8  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:31:04.0921 0x06b8  clr_optimization_v2.0.50727_32 - ok
10:31:05.0390 0x06b8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:31:06.0078 0x06b8  clr_optimization_v4.0.30319_32 - ok
10:31:06.0109 0x06b8  CmdIde - ok
10:31:06.0218 0x06b8  COMSysApp - ok
10:31:06.0312 0x06b8  Cpqarray - ok
10:31:06.0406 0x06b8  [ B6FCBB157E9C8ABDCA4134C535535A8B, 03D8D24A277F22F81FC7294D626A1169AC862CD9DD45508FB9E13766B383482B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:31:06.0437 0x06b8  CryptSvc - ok
10:31:06.0578 0x06b8  dac2w2k - ok
10:31:06.0609 0x06b8  dac960nt - ok
10:31:06.0968 0x06b8  [ BC4E0226341AAEC1222336B3AED86BAB, CBE39840A484EC182133B18794BD5AAFCC25C306B5F497CA22BFC8321C12F88F ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:31:07.0343 0x06b8  DcomLaunch - ok
10:31:07.0500 0x06b8  [ 699EE7F752A25180AEB92C3A0EAEE440, 4AC5439470AD8481EB0C8AD82DAC6D39A520CB82DF5CCB2C422B7354DC290F4F ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:31:07.0687 0x06b8  Dhcp - ok
10:31:07.0921 0x06b8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:31:08.0281 0x06b8  Disk - ok
10:31:08.0328 0x06b8  dmadmin - ok
10:31:08.0875 0x06b8  [ 82BC125A8ED33F5F0E75F2AAC1065323, D062D2FCBF3A29A543505060C0E8B8E9F13B07B3B4F9EB113DA374C6E0A41DB3 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:31:09.0875 0x06b8  dmboot - ok
10:31:10.0031 0x06b8  [ E959DDC0EA7AC11EE5E5602E2A364310, 49E8229E8695657D1E814C47D441E16BA354DA6DA21BCCC07DB707D06D5C6B2F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:31:10.0359 0x06b8  dmio - ok
10:31:10.0468 0x06b8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:31:10.0625 0x06b8  dmload - ok
10:31:10.0718 0x06b8  [ A01858C50704B2D2EDEEBBF6BBBCED2A, 64C05CE32BBA5D38FADA1FC0EA10080F9B0286D399C9C4362BB574C89F36A13A ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:31:11.0093 0x06b8  dmserver - ok
10:31:11.0234 0x06b8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:31:11.0484 0x06b8  DMusic - ok
10:31:11.0656 0x06b8  [ B7A1162B1A26DF7B60D5D9500006096C, CB008A400BB25B32095172E7F6B04AE83C90460308F784F3EF9BD9980496F7CE ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:31:11.0703 0x06b8  Dnscache - ok
10:31:12.0046 0x06b8  [ D580D77DFF316BD8C9D73B38695DE8DC, 87456B4B8644E1E19BFA929F216A45A13A13B7795829713203D2AC825473380B ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:31:12.0281 0x06b8  Dot3svc - ok
10:31:12.0359 0x06b8  dpti2o - ok
10:31:12.0531 0x06b8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:31:12.0625 0x06b8  drmkaud - ok
10:31:12.0812 0x06b8  [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01     C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
10:31:13.0109 0x06b8  dtsoftbus01 - ok
10:31:13.0343 0x06b8  [ 86B1F123BACD444E81960B339BAE3FF2, B00AA9ADB902B527C9694AD9CD12BE7F0C5385BA1F11A2BF878D0C37D7AF975A ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:31:13.0546 0x06b8  EapHost - ok
10:31:13.0734 0x06b8  [ B6599EDA9F3EBEF064504EE35BBECA1C, 85AED431255F65EF2F90557B59FD36C038E983EFE30388948657F3F3E6712AE0 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:31:13.0781 0x06b8  ERSvc - ok
10:31:14.0046 0x06b8  [ C79FEAE2F68982259907AB52B0F2676F, 2B9A6BCF479C839EA6BE03D66D6F70CB2C134D1D6301D61152682432B8C5DAE1 ] Eventlog        C:\WINDOWS\system32\services.exe
10:31:14.0156 0x06b8  Eventlog - ok
10:31:14.0437 0x06b8  [ 8360CB9756E598A5C6214EACFB3677C3, 6E63B47D1D9966C3880C88FEE78A2531A3533E29D9DACAABA14D0F1FA5C3961F ] EventSystem     C:\WINDOWS\system32\es.dll
10:31:14.0609 0x06b8  EventSystem - ok
10:31:14.0765 0x06b8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:31:15.0687 0x06b8  Fastfat - ok
10:31:15.0828 0x06b8  [ DCCC606FC144F6E44E497F9A906F1C30, 961D1A633BAE3634BA649BE4D7CD01836072A5956D3BD8F0AE3241DF55ED884C ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:31:15.0921 0x06b8  FastUserSwitchingCompatibility - ok
10:31:16.0187 0x06b8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:31:16.0343 0x06b8  Fdc - ok
10:31:16.0562 0x06b8  [ E9648254056BCE81A85380C0C3647DC4, AE58F498BD1C33360FE3BB9EA22C13EA562206B68E7946B587CB5A6DF94586A1 ] FETNDIS         C:\WINDOWS\system32\DRIVERS\fetnd5.sys
10:31:16.0781 0x06b8  FETNDIS - ok
10:31:17.0109 0x06b8  [ 2CFEA3326981A18C6BAF2BD9BE76225B, 0D55F67AEA1F18E7C5C279C09B54B6360B6C01901BC0D6004D7C46784684BBFC ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:31:17.0312 0x06b8  Fips - ok
10:31:17.0406 0x06b8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:31:17.0796 0x06b8  Flpydisk - ok
10:31:17.0953 0x06b8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:31:18.0359 0x06b8  FltMgr - ok
10:31:18.0562 0x06b8  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:31:19.0062 0x06b8  FontCache3.0.0.0 - ok
10:31:19.0187 0x06b8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:31:19.0375 0x06b8  Fs_Rec - ok
10:31:19.0515 0x06b8  [ F3269A6EE547EA87B949A1CEA4816B38, FD0D11864A1C89F2E6E765BFE7D395F65019C20A9AECDA0ED31AB17296F26A44 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:31:19.0968 0x06b8  Ftdisk - ok
10:31:20.0171 0x06b8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:31:20.0437 0x06b8  Gpc - ok
10:31:20.0609 0x06b8  [ 6CE66B51B4EB23D9D073F92698C55C8D, 0E639A74CF876FF55965BB65469CFEB986522600D59F067E6FE3D33AE963C017 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:31:21.0015 0x06b8  helpsvc - ok
10:31:21.0062 0x06b8  HidServ - ok
10:31:21.0312 0x06b8  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:31:21.0453 0x06b8  hidusb - ok
10:31:21.0578 0x06b8  [ 00CAD842F48947887A972828ACA665F7, 5A139B5E303B4C87D21C7D7DA9CA07AE676A3B31D0DF80883E74960F3AE8F364 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:31:21.0796 0x06b8  hkmsvc - ok
10:31:21.0828 0x06b8  hpn - ok
10:31:21.0968 0x06b8  [ 970178E8E003EB1481293830069624B9, 411E7224347D7CB001667CDE013D7C30A3CC07AC7968FBFF4975A79D63BCA7D0 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
10:31:23.0218 0x06b8  HSFHWBS2 - ok
10:31:23.0593 0x06b8  [ EBB354438A4C5A3327FB97306260714A, 95C5008E44815343FBC4F7DEE47370EB9A28AFC12AE2447A0B298789504DB6B9 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
10:31:24.0828 0x06b8  HSF_DP - ok
10:31:25.0015 0x06b8  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:31:25.0906 0x06b8  HTTP - ok
10:31:26.0093 0x06b8  [ 450091AEBFCD08E5858533EAB5B9A436, 523792DA923FEF2BD4EE93D66FDE0B0DD3B35B68B30388B63B10411951F78843 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:31:26.0375 0x06b8  HTTPFilter - ok
10:31:26.0406 0x06b8  i2omgmt - ok
10:31:26.0437 0x06b8  i2omp - ok
10:31:26.0500 0x06b8  [ 610726E28AF55B95043C5C35A727E320, 795B1D388BB0EC2402F00AC023DBD194A569F11EF8EA239A2EAA1B9C712A9D05 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:31:26.0609 0x06b8  i8042prt - ok
10:31:27.0171 0x06b8  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:31:30.0828 0x06b8  idsvc - ok
10:31:30.0921 0x06b8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:31:31.0156 0x06b8  Imapi - ok
10:31:31.0296 0x06b8  [ DB491237445F172FDDDF00541DE1A51D, C1D80CB3B6E610BBDFBE957D24CA3E398C4337A15C805CE81771E7E071ABAEE1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:31:31.0343 0x06b8  ImapiService - ok
10:31:31.0500 0x06b8  ini910u - ok
10:31:31.0625 0x06b8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
10:31:31.0859 0x06b8  Ip6Fw - ok
10:31:31.0953 0x06b8  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:31:32.0296 0x06b8  IpFilterDriver - ok
10:31:32.0390 0x06b8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:31:32.0843 0x06b8  IpInIp - ok
10:31:32.0968 0x06b8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:31:33.0046 0x06b8  IpNat - ok
10:31:33.0125 0x06b8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:31:33.0406 0x06b8  IPSec - ok
10:31:33.0546 0x06b8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:31:33.0718 0x06b8  IRENUM - ok
10:31:33.0781 0x06b8  [ 0953594BEB81CC72FCC62D37921B25A6, 8E4912C4714ADA04D1A75032DC5932695021139846A6085950D195517F7D3180 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:31:33.0984 0x06b8  isapnp - ok
10:31:35.0000 0x06b8  [ BF918C9473D64BBD53C22C47045883F5, 1980726FBFEEE75E4B360B1A4F438CF1ADD929AC21BD5197F740CB8AD8194BD2 ] JavaQuickStarterService C:\Programmi\Java\jre7\bin\jqs.exe
10:31:35.0421 0x06b8  JavaQuickStarterService - ok
10:31:35.0781 0x06b8  [ 28B6EACE513CA7EABA3B809AD4BC274D, 8079FE59F681070D67AE51D259BFF2C651AFECE182AE10E604B3BB6B2DBD81AD ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:31:36.0140 0x06b8  Kbdclass - ok
10:31:36.0328 0x06b8  [ 4C61C226BDDA2EF1672B2C5F4E56625E, 81B229974C9059C3901E84AF54B84E22BCDC6FA163F14EC41204D4FEB5601F1D ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:31:36.0796 0x06b8  kbdhid - ok
10:31:37.0187 0x06b8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:31:38.0765 0x06b8  kmixer - ok
10:31:38.0968 0x06b8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:31:39.0546 0x06b8  KSecDD - ok
10:31:40.0203 0x06b8  [ CFCF4AEE4F81C6185EE663097F7189D3, 04DA4CBB3A26D5301D2852F444B1A7AE7D9190DA4C048370BFA01E3A61802606 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:31:40.0281 0x06b8  lanmanserver - ok
10:31:40.0843 0x06b8  [ E13B0181DDA60B93E3253EFF52A79CBE, C9204D714B3BA54C0793E57B95419BDE2D88A6C510B7622F6CA0788F7E88D435 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:31:41.0359 0x06b8  lanmanworkstation - ok
10:31:41.0812 0x06b8  lbrtfdc - ok
10:31:42.0046 0x06b8  [ E01255727D0B158538D7C2B469B533A8, D56D004BA2381232AD4FAEBABAA6245DF62C1C69397F2533686515FBE7836310 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:31:42.0078 0x06b8  LmHosts - ok
10:31:43.0125 0x06b8  [ F8B823414A22DBF3BEC10DCAA5F93CD8, 651C7521033439C0AA9006F1AC2CF376B1588CE781BEE4D10B7622FA3D055F6C ] McciCMService   C:\Programmi\Common Files\Motive\McciCMService.exe
10:31:43.0656 0x06b8  McciCMService - ok
10:31:43.0843 0x06b8  [ 195741AEE20369980796B557358CD774, 4AD0E691A7543539578FBF849828B5F1DDB5BCD697B4F9D28CF2AAB3F555D56B ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:31:44.0000 0x06b8  mdmxsdk - ok
10:31:44.0171 0x06b8  [ 3B32F662C8607E891F325E41F7EE225C, 6118AF8D82FEA98AE29718DD60391337F7B027622A8F7EEAF0B60EAB8814FAAA ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:31:44.0406 0x06b8  Messenger - ok
10:31:44.0703 0x06b8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:31:45.0031 0x06b8  mnmdd - ok
10:31:45.0187 0x06b8  [ 514A299EC926BAADA3C718B171476AA4, B546297504C120FDB56A059E4E93D3E0B21381128629A60ED9171E76FFBA7B2A ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:31:45.0468 0x06b8  mnmsrvc - ok
10:31:45.0593 0x06b8  [ 8CB6636806D76B85FAFAEE94D75F5129, 7233A4832A97C2BEF6951676533AE157632B88C7CDD3BE74B810B6501A66D894 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:31:45.0656 0x06b8  Modem - ok
10:31:45.0875 0x06b8  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:31:46.0031 0x06b8  MODEMCSA - ok
10:31:46.0156 0x06b8  [ E904EBED608055A2BFB824C07F59766C, 032AB7397FD6B269EB4C6A71AF26284736AAD17E9EAA85A470A52FAA6FA48486 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:31:46.0328 0x06b8  Mouclass - ok
10:31:46.0406 0x06b8  [ D7662F0CF5B77BBBE3202716F5BD5318, F5B352F6A618CA125C587342296AB257115CE7ABC8B7098CDF83A73BDFC221C8 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:31:46.0578 0x06b8  mouhid - ok
10:31:46.0656 0x06b8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:31:46.0796 0x06b8  MountMgr - ok
10:31:46.0968 0x06b8  [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
10:31:47.0187 0x06b8  MozillaMaintenance - ok
10:31:47.0218 0x06b8  mraid35x - ok
10:31:47.0328 0x06b8  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:31:47.0546 0x06b8  MREMP50 - ok
10:31:47.0671 0x06b8  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:31:48.0000 0x06b8  MRESP50 - ok
10:31:48.0125 0x06b8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:31:48.0734 0x06b8  MRxDAV - ok
10:31:49.0062 0x06b8  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:31:49.0703 0x06b8  MRxSmb - ok
10:31:49.0875 0x06b8  [ 01F77E9E473235C31796ADE46107B0AD, 89CE41DF55751C016E61F8C625B4050B86A01F7ED3D48B8BD01E82F3B8261C9F ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:31:50.0375 0x06b8  MSDTC - ok
10:31:50.0562 0x06b8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:31:50.0796 0x06b8  Msfs - ok
10:31:50.0921 0x06b8  MSIServer - ok
10:31:51.0078 0x06b8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:31:51.0281 0x06b8  MSKSSRV - ok
10:31:51.0343 0x06b8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:31:51.0484 0x06b8  MSPCLOCK - ok
10:31:51.0578 0x06b8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:31:51.0671 0x06b8  MSPQM - ok
10:31:51.0796 0x06b8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:31:51.0796 0x06b8  mssmbios - ok
10:31:52.0156 0x06b8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:31:52.0531 0x06b8  Mup - ok
10:31:52.0765 0x06b8  [ 911587FD303C9690A428BB4B04732B61, D4E207C0F2D2A59F81BA681D564BA62E27DFDF902E14E7AFEA2E57A893D96C08 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:31:53.0203 0x06b8  napagent - ok
10:31:53.0343 0x06b8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:31:54.0156 0x06b8  NDIS - ok
10:31:54.0250 0x06b8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:31:54.0437 0x06b8  NdisTapi - ok
10:31:54.0515 0x06b8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:31:54.0703 0x06b8  Ndisuio - ok
10:31:54.0796 0x06b8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:31:55.0484 0x06b8  NdisWan - ok
10:31:55.0828 0x06b8  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:31:56.0156 0x06b8  NDProxy - ok
10:31:56.0250 0x06b8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:31:56.0765 0x06b8  NetBIOS - ok
10:31:57.0062 0x06b8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:31:57.0843 0x06b8  NetBT - ok
10:31:58.0125 0x06b8  [ 1B09227E41F414A93DBC0BAF80C4D527, 78726FFA0AD600BF915DAE524A4C72847DE399F68087A288D0FB05C4AB490724 ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:31:58.0312 0x06b8  NetDDE - ok
10:31:58.0359 0x06b8  [ 1B09227E41F414A93DBC0BAF80C4D527, 78726FFA0AD600BF915DAE524A4C72847DE399F68087A288D0FB05C4AB490724 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:31:58.0375 0x06b8  NetDDEdsdm - ok
10:31:58.0531 0x06b8  [ 0FBA335727905DE8E4CB5A2CF438ABF5, 7D7C9D34C590C0F46EEA600C5185F266B66A972F3D9F535CABAADF622E97A67C ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:31:58.0562 0x06b8  Netlogon - ok
10:31:59.0187 0x06b8  [ 02815B70FC4CA8611A926176F1C39FC2, D2B78A93584AB59252280ADAC942B65B80EFBE13DFADEC56650E12475CAA3D3B ] Netman          C:\WINDOWS\System32\netman.dll
10:31:59.0328 0x06b8  Netman - ok
10:31:59.0437 0x06b8  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:32:00.0515 0x06b8  NetTcpPortSharing - ok
10:32:00.0671 0x06b8  [ C6B69A18D39744725FB73AC85E46032B, 5C33151152126A557F0C7C30646D169E00674F03CF5E187E540AAA22EB2DBF58 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:32:00.0781 0x06b8  Nla - ok
10:32:01.0000 0x06b8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:32:01.0203 0x06b8  Npfs - ok
10:32:01.0453 0x06b8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:32:02.0578 0x06b8  Ntfs - ok
10:32:03.0218 0x06b8  [ 0FBA335727905DE8E4CB5A2CF438ABF5, 7D7C9D34C590C0F46EEA600C5185F266B66A972F3D9F535CABAADF622E97A67C ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:32:03.0234 0x06b8  NtLmSsp - ok
10:32:03.0453 0x06b8  [ 89DB90B5F35D2795D9FC56D933CC72B8, D2B337F648BDE65ACA5DF1277766784283FFC7DD231E7A66D3DF1DCFD0CB7564 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:32:04.0234 0x06b8  NtmsSvc - ok
10:32:04.0375 0x06b8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:32:04.0562 0x06b8  Null - ok
10:32:05.0562 0x06b8  [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:32:10.0031 0x06b8  nv - ok
10:32:10.0671 0x06b8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:32:11.0093 0x06b8  NwlnkFlt - ok
10:32:11.0203 0x06b8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:32:11.0656 0x06b8  NwlnkFwd - ok
10:32:11.0890 0x06b8  [ 4E9408A178B2D955871C2CDD278DE3C3, 0D0C9A9F7281F13DED6AB0BEA3779380D1FBF7442461DE20869E744DE810328C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:32:12.0000 0x06b8  Parport - ok
10:32:12.0125 0x06b8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:32:12.0218 0x06b8  PartMgr - ok
10:32:12.0343 0x06b8  [ 0DABEF655A444CB1E193626FB1D24B9F, 3B9923363E3B7A01FEA882E1BD2148F70ECD5106FC2F174548269F50E2E5F7D1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:32:12.0640 0x06b8  ParVdm - ok
10:32:12.0781 0x06b8  [ F40A46892AFEBB0314536B849D57C11E, FB6EBF422CE1B71DD39103223851D36149B2D159B90903E553033BCDB244A091 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:32:13.0078 0x06b8  PCI - ok
10:32:13.0125 0x06b8  PCIDump - ok
10:32:13.0156 0x06b8  PCIIde - ok
10:32:13.0265 0x06b8  [ 815C50F2B1D1562800BDCE8BE895000E, 4DE07E8A1390DF1A411F2813064888F457C229A7FA510159BA4D488031771F41 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:32:13.0656 0x06b8  Pcmcia - ok
10:32:13.0703 0x06b8  PDCOMP - ok
10:32:13.0796 0x06b8  PDFRAME - ok
10:32:13.0828 0x06b8  PDRELI - ok
10:32:13.0859 0x06b8  PDRFRAME - ok
10:32:13.0968 0x06b8  perc2 - ok
10:32:14.0000 0x06b8  perc2hib - ok
10:32:14.0156 0x06b8  [ C79FEAE2F68982259907AB52B0F2676F, 2B9A6BCF479C839EA6BE03D66D6F70CB2C134D1D6301D61152682432B8C5DAE1 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:32:14.0281 0x06b8  PlugPlay - ok
10:32:14.0328 0x06b8  [ 0FBA335727905DE8E4CB5A2CF438ABF5, 7D7C9D34C590C0F46EEA600C5185F266B66A972F3D9F535CABAADF622E97A67C ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:32:14.0328 0x06b8  PolicyAgent - ok
10:32:14.0406 0x06b8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:32:14.0796 0x06b8  PptpMiniport - ok
10:32:14.0828 0x06b8  [ 0FBA335727905DE8E4CB5A2CF438ABF5, 7D7C9D34C590C0F46EEA600C5185F266B66A972F3D9F535CABAADF622E97A67C ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:32:14.0828 0x06b8  ProtectedStorage - ok
10:32:14.0968 0x06b8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:32:15.0156 0x06b8  PSched - ok
10:32:15.0281 0x06b8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:32:15.0734 0x06b8  Ptilink - ok
10:32:15.0812 0x06b8  [ 2F4FADDCDBC6DC301F3CB9FFFB4B4A09, FD4AD89AC70600B8EC019C513CDD08765B1A0831FB50045062EE0835B2F3EDB2 ] pwdrvio         C:\WINDOWS\system32\pwdrvio.sys
10:32:16.0468 0x06b8  pwdrvio - ok
10:32:16.0531 0x06b8  [ B75CF7AAE69964EBBE5B875AC81231CD, 09CF1A2E97360116FF22F9AB6EC0BE1BE1554FA970734C51BD5FFD31A4F72F88 ] pwdspio         C:\WINDOWS\system32\pwdspio.sys
10:32:16.0765 0x06b8  pwdspio - ok
10:32:16.0796 0x06b8  ql1080 - ok
10:32:16.0875 0x06b8  Ql10wnt - ok
10:32:16.0906 0x06b8  ql12160 - ok
10:32:16.0937 0x06b8  ql1240 - ok
10:32:16.0968 0x06b8  ql1280 - ok
10:32:17.0515 0x06b8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:32:17.0812 0x06b8  RasAcd - ok
10:32:17.0906 0x06b8  [ 9839B418343D6E6E52659BDF3FF1FE67, 8B3FDA61B82836D79DBC3C7B92538E5A921A4A9BFC0B60411D307150A0FBCFED ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:32:18.0187 0x06b8  RasAuto - ok
10:32:18.0250 0x06b8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:32:18.0515 0x06b8  Rasl2tp - ok
10:32:18.0796 0x06b8  [ 62AD41548E720DB4763B86F95E44F3FA, D9349F6192134434362E602CA6B35AF1212B8CE413F02CDEDA8A644238F37DA4 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:32:18.0843 0x06b8  RasMan - ok
10:32:19.0031 0x06b8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:32:19.0078 0x06b8  RasPppoe - ok
10:32:19.0156 0x06b8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:32:19.0515 0x06b8  Raspti - ok
10:32:19.0609 0x06b8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:32:20.0203 0x06b8  Rdbss - ok
10:32:20.0343 0x06b8  [ 0227F048067A41AA7944F2B00739A5D5, B75CCDBFE31789DC16DC2F3D2B63771B50B453478327F8B7F189357DEF6BAE8E ] RDID1021        C:\WINDOWS\system32\Drivers\rdwm1021.sys
10:32:20.0687 0x06b8  RDID1021 - ok
10:32:20.0750 0x06b8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:32:21.0109 0x06b8  RDPCDD - ok
10:32:21.0234 0x06b8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:32:21.0640 0x06b8  RDPWD - ok
10:32:21.0781 0x06b8  [ CC72E6AE90245F0AE48BF1236A7E1F9C, 17CF8F174DCC3B07379716C4532A4F875AE8E4010AA61E4C7B2EA24E29BF5ABD ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:32:22.0328 0x06b8  RDSessMgr - ok
10:32:22.0406 0x06b8  [ 393FC252593323B624B230ECA6B85E63, 77030C7E4847859704B0E6CD404D7B00CE89036157883052A61101EDAE4B375B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:32:22.0609 0x06b8  redbook - ok
10:32:22.0703 0x06b8  [ 7EBBF16FBD3E0E34F084FA635C1844E3, 6149B4FE725D8016932EEDF1A47288A5066046FF833EE5DCD7344A9077450690 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:32:22.0890 0x06b8  RemoteAccess - ok
10:32:23.0046 0x06b8  [ DC97F6C8A94691834439872B9E8FF2B3, 6F751308F08D5B890FE49C67D4643EB7BD83566C9BA03CAF203EF431B23B7129 ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:32:23.0359 0x06b8  RpcLocator - ok
10:32:23.0562 0x06b8  [ BC4E0226341AAEC1222336B3AED86BAB, CBE39840A484EC182133B18794BD5AAFCC25C306B5F497CA22BFC8321C12F88F ] RpcSs           C:\WINDOWS\System32\rpcss.dll
10:32:23.0718 0x06b8  RpcSs - ok
10:32:23.0890 0x06b8  [ DCE0D20F8FB66DF41D53734BFF9D66F0, 78B858710DAD33A2BDEFE538299339D94CC932648F329D974B0A2A3BFB75CA27 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:32:24.0265 0x06b8  RSVP - ok
10:32:24.0343 0x06b8  [ 0FBA335727905DE8E4CB5A2CF438ABF5, 7D7C9D34C590C0F46EEA600C5185F266B66A972F3D9F535CABAADF622E97A67C ] SamSs           C:\WINDOWS\system32\lsass.exe
10:32:24.0390 0x06b8  SamSs - ok
10:32:24.0500 0x06b8  [ 1D456F1CD76A80793C07BA52CF3A7455, 34E878C24A28D67395D8ABA0DACF5FD73F2F4F6F6314D436D287CA1D75BF974B ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:32:24.0765 0x06b8  SCardSvr - ok
10:32:24.0906 0x06b8  [ 511886E5BD060046CCE8373E92E62EDF, 3BA4AEBE00474DA71C0A5EFBEC216C585A314D5F4F0C4E603D1EEBB9B6991343 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:32:24.0968 0x06b8  Schedule - ok
10:32:25.0625 0x06b8  [ 206387AB881E93A1A6EB89966C8651F1, 3BF9DFF3E70F0787F7F94BE5B9717DFADD9E13AB8154FAE295CEAC834F0835E5 ] SDScannerService C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
10:32:26.0343 0x06b8  SDScannerService - ok
10:32:26.0968 0x06b8  [ A529CFE32565C0B145578FFB2B32C9A5, 4B1596CBDDA74D510707FD475AAB3A89B1203E0B95ECAE3756CAA56555F9F66D ] SDUpdateService C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:32:27.0781 0x06b8  SDUpdateService - ok
10:32:27.0968 0x06b8  [ CB63BDB77BB86549FC3303C2F11EDC18, 1C96C082B9CE08C8F3C088D5DE68BA8783E6F6A837A88E2654BC4CBCF7B81846 ] SDWSCService    C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:32:28.0078 0x06b8  SDWSCService - ok
10:32:28.0250 0x06b8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:32:28.0437 0x06b8  Secdrv - ok
10:32:28.0625 0x06b8  [ 17C6354CA08E7C7972E12C67478AE134, BA0C6EC30FF345840435C16DB30BD08047EF54455057104FEAB03657CFF5EB41 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:32:28.0625 0x06b8  seclogon - ok
10:32:28.0828 0x06b8  [ 99D236203F5B17A4994D6A7AA292938A, 3E2CB4F6FBBDAC80C2FEA2F580979CAFF19FCFC1185C180311E579AF64E8FB8C ] SecurityCenterServer932441251 C:\WINDOWS\system32\socoidhipy.exe
10:32:29.0421 0x06b8  SecurityCenterServer932441251 - ok
10:32:29.0515 0x06b8  [ A0ECA1CE0FCCB29C5E4E1F416E95E73E, 36DB8E0D89255CCC7369A50542065E3661652D650130CAC22EBA3691512C6B81 ] SENS            C:\WINDOWS\system32\sens.dll
10:32:29.0562 0x06b8  SENS - ok
10:32:29.0750 0x06b8  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:32:29.0890 0x06b8  serenum - ok
10:32:29.0968 0x06b8  [ FDBD9D64E2E03270021D424F0DCCF79D, F818B9355B6965FA4D8847AA2A54AC950381C914D96EB7E94B8DEE6CF820CFD5 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:32:30.0140 0x06b8  Serial - ok
10:32:30.0515 0x06b8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:32:30.0625 0x06b8  Sfloppy - ok
10:32:30.0796 0x06b8  [ 152C0555925DFE028E3148FD215146BB, B34D6363CAD693FBF0354450A749A3F82BD1AA80CE719862D6C85854C7254D78 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:32:30.0937 0x06b8  SharedAccess - ok
10:32:31.0156 0x06b8  [ DCCC606FC144F6E44E497F9A906F1C30, 961D1A633BAE3634BA649BE4D7CD01836072A5956D3BD8F0AE3241DF55ED884C ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:32:31.0203 0x06b8  ShellHWDetection - ok
10:32:31.0343 0x06b8  Simbad - ok
10:32:31.0421 0x06b8  Sparrow - ok
10:32:31.0546 0x06b8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:32:31.0687 0x06b8  splitter - ok
10:32:31.0781 0x06b8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:32:31.0796 0x06b8  Spooler - ok
10:32:31.0859 0x06b8  [ 618718CAE288BF7CBD8FCBAB2577D932, 51C5B937909884214CEE257505B5925D7089222E8B37B5D10DC6A7460C9D7546 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:32:31.0968 0x06b8  sr - ok
10:32:32.0125 0x06b8  [ B3E3DA70A7A76E69B872DE3D06D32C19, 3398D5375077EBAAD5CDBCD3D5E0BE25AE78CCC13EE17CFC03723A8BA7CBD0D2 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:32:32.0218 0x06b8  srservice - ok
10:32:32.0531 0x06b8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:32:33.0078 0x06b8  Srv - ok
10:32:33.0203 0x06b8  [ 5215569DD3A8FBC65A85E85F3C12258B, C6AD200F740BB0586520AD90C7D532AA167F2E63199801E7D07E6F6AE594BC73 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:32:33.0500 0x06b8  SSDPSRV - ok
10:32:33.0625 0x06b8  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:32:33.0781 0x06b8  ssmdrv - ok
10:32:33.0984 0x06b8  [ 3B9263E137896E4D303494F116E00608, B0979242ABDADD4CB12617B8D8715DBD97B8B0A64B3640774A32E0D7DAE02741 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:32:34.0687 0x06b8  stisvc - ok
10:32:34.0750 0x06b8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:32:34.0875 0x06b8  swenum - ok
10:32:34.0953 0x06b8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:32:35.0078 0x06b8  swmidi - ok
10:32:35.0234 0x06b8  SwPrv - ok
10:32:35.0484 0x06b8  symc810 - ok
10:32:35.0562 0x06b8  symc8xx - ok
10:32:35.0671 0x06b8  sym_hi - ok
10:32:35.0796 0x06b8  sym_u3 - ok
10:32:35.0890 0x06b8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:32:36.0125 0x06b8  sysaudio - ok
10:32:36.0234 0x06b8  [ A34A9A872EEC4C026FD542AC7156FE0B, D71D365E8F7C8F7BF347C06FB687B8E976D3CF5B319211009223D16638F8521A ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:32:36.0500 0x06b8  SysmonLog - ok
10:32:36.0640 0x06b8  [ 6B85F1A9DCE45D45BFFAD3222C21F297, 4285B0929162CE3497B89C31CA769547300FF920E3F264F4C7E06C2DB780C8B4 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:32:36.0750 0x06b8  TapiSrv - ok
10:32:36.0937 0x06b8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:32:38.0156 0x06b8  Tcpip - ok
10:32:38.0281 0x06b8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:32:38.0437 0x06b8  TDPIPE - ok
10:32:38.0640 0x06b8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:32:38.0765 0x06b8  TDTCP - ok
10:32:38.0843 0x06b8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:32:38.0921 0x06b8  TermDD - ok
10:32:39.0093 0x06b8  [ FE5A5329CCFC33D645C33077FF04F052, 5B8F641C1F94CD9BAB0CB632F80E707F01118D77CF754C0DCE9E813F789ABCC3 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:32:39.0187 0x06b8  TermService - ok
10:32:39.0296 0x06b8  [ DCCC606FC144F6E44E497F9A906F1C30, 961D1A633BAE3634BA649BE4D7CD01836072A5956D3BD8F0AE3241DF55ED884C ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:32:39.0296 0x06b8  Themes - ok
10:32:39.0328 0x06b8  TosIde - ok
10:32:39.0437 0x06b8  [ 690294999DF1248FAF85D95B31955D0C, 74072BCBD543FC7FECCD4F54EA9D016BE10D1F00B5D3F90A7AB651DD9DCF276E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:32:39.0453 0x06b8  TrkWks - ok
10:32:39.0828 0x06b8  [ D85938F272D1BCF3DB3A31FC0A048928, 798328C8C06EEE7B0852E6D2B16C3AF24D529737ECA2E9725415261A5736D051 ] uagp35          C:\WINDOWS\system32\DRIVERS\uagp35.sys
10:32:40.0125 0x06b8  uagp35 - ok
10:32:40.0203 0x06b8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:32:40.0359 0x06b8  Udfs - ok
10:32:40.0437 0x06b8  [ 2F2C2D5415ABC67B51D97DD90AAD31BB, 61206C58E35C996E86B190B16DC0BEE9CC6C178C6F3AC9152DAFA431104E0719 ] UKS11LDR        C:\WINDOWS\system32\drivers\uks11ldr.sys
10:32:40.0812 0x06b8  UKS11LDR - ok
10:32:40.0843 0x06b8  ultra - ok
10:32:41.0046 0x06b8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:32:41.0390 0x06b8  Update - ok
10:32:41.0656 0x06b8  [ 8057B0744D9842A090E51D2845861D5F, E226DFF48FB766CC36273FAA631140254F9C339891C9EE7D6F2FA2B2E5372FDF ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:32:41.0890 0x06b8  upnphost - ok
10:32:42.0000 0x06b8  [ F5E8B846EC10E1DF8DCA64119E2EB709, D0475F2A2EF5C2DBCC64E27B548560F19124C4EC3BEA3B776A690A61B36E5A9A ] UPS             C:\WINDOWS\System32\ups.exe
10:32:42.0093 0x06b8  UPS - ok
10:32:42.0187 0x06b8  [ E919708DB44ED8543A7C017953148330, 226D032912D396117213FC29CD0BB5A8B2F872DD91D92F254F2F1FE392481B61 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
10:32:42.0328 0x06b8  usbaudio - ok
10:32:42.0390 0x06b8  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:32:42.0531 0x06b8  usbccgp - ok
10:32:42.0593 0x06b8  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:32:42.0890 0x06b8  usbehci - ok
10:32:43.0125 0x06b8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:32:43.0312 0x06b8  usbhub - ok
10:32:43.0468 0x06b8  [ 4DBFEB3AF5E388A73F2C405EC88ED552, 31BD6CFF99CE7582C34262FD477B234A655073C2531F3ACC64656C61F93311E6 ] USBKS1X1        C:\WINDOWS\system32\drivers\usbks1x1.sys
10:32:43.0937 0x06b8  USBKS1X1 - ok
10:32:44.0109 0x06b8  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:32:44.0312 0x06b8  usbprint - ok
10:32:44.0468 0x06b8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:32:44.0609 0x06b8  USBSTOR - ok
10:32:44.0890 0x06b8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:32:45.0078 0x06b8  usbuhci - ok
10:32:45.0156 0x06b8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:32:45.0343 0x06b8  VgaSave - ok
10:32:45.0500 0x06b8  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
10:32:45.0703 0x06b8  ViaIde - ok
10:32:45.0828 0x06b8  [ E46C1B5A56DA7DA603D09DFCC79EC59E, E16CC03DE648AC9B79F6833A0771C4A5D3E85D331537CB2D442B48094B7AFB7B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:32:46.0421 0x06b8  VolSnap - ok
10:32:47.0390 0x06b8  [ C2FE17125256102F5B44194D5DB0A799, 30C8B2788E552082E5672E6976D9665949D125E32491C59E7633101FD0E76C92 ] VSS             C:\WINDOWS\System32\vssvc.exe
10:32:47.0890 0x06b8  VSS - ok
10:32:48.0046 0x06b8  [ 2969DD84B584A6BB541A5273103957A3, 31D30251CEC9E165624AA4787384A44345996A785158B96EDA234D46B9999D3F ] W32Time         C:\WINDOWS\system32\w32time.dll
10:32:48.0125 0x06b8  W32Time - ok
10:32:48.0218 0x06b8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:32:48.0437 0x06b8  Wanarp - ok
10:32:48.0468 0x06b8  WDICA - ok
10:32:48.0750 0x06b8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:32:48.0906 0x06b8  wdmaud - ok
10:32:49.0015 0x06b8  [ 2EC50EE79B65F60C8E8B4A03BBB3A42F, D71F2AA601B71F16657E3B2F28EE89CE8A3DD99D77CCD63A2AFBE85F15501CB7 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:32:49.0078 0x06b8  WebClient - ok
10:32:49.0546 0x06b8  [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE, 48EF4217924D15D54F9B3E1D5E51944FF16E7832982D32A978A3FA8165417611 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
10:32:52.0296 0x06b8  winachsf - ok
10:32:53.0046 0x06b8  [ 40911E98D0F1CBB1015F2101982F1DDF, C4AF11AF406BA59FB9EFDB6CBE1F2005454CD3B9EEE19A8F4095D6EB2420EE6D ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:32:53.0203 0x06b8  winmgmt - ok
10:32:53.0421 0x06b8  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:32:53.0828 0x06b8  WmdmPmSN - ok
10:32:54.0156 0x06b8  [ 81FD02839FDB10ACF0EC40B809B9F8CC, 18917E10CEB48B3FE51D3C0AFD8FB27306646CE357EE10AE07BB14B4BDA5278A ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:32:54.0265 0x06b8  WmiApSrv - ok
10:32:55.0937 0x06b8  [ F30DC8F80CF65A323E8B6A2DB81561E3, C249E3B13456D5EB5CA7F64FE8C7B1CC01D383129C7A2AF06360CF67C4445E5E ] WMPNetworkSvc   C:\Programmi\Windows Media Player\WMPNetwk.exe
10:32:57.0812 0x06b8  WMPNetworkSvc - ok
10:32:58.0593 0x06b8  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:33:00.0593 0x06b8  WPFFontCache_v0400 - ok
10:33:01.0093 0x06b8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:33:01.0296 0x06b8  WS2IFSL - ok
10:33:01.0546 0x06b8  [ 926D921C93CFF1E19EF4DE3E4C8368CA, 0DD2273872F77DA2A6A935E3EA25F3A8F48AF13D1317D51BA76D735A99D656EE ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:33:01.0859 0x06b8  wscsvc - ok
10:33:02.0296 0x06b8  [ CC48415E6C7CBAA441A3D6A6DCCBCFA6, 97CFB57AD1F30A690D032297019FB3A8A1664896AF0C310AB799C93EA18F98F8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:33:02.0296 0x06b8  wuauserv - ok
10:33:02.0390 0x06b8  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:33:02.0656 0x06b8  WudfPf - ok
10:33:03.0078 0x06b8  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:33:03.0375 0x06b8  WudfRd - ok
10:33:03.0640 0x06b8  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:33:03.0906 0x06b8  WudfSvc - ok
10:33:05.0093 0x06b8  [ 053E0307A08CAC60793E27E921B46B3E, D886609D17F322075C644C2C9934437026349EA65CC4ED41E1FEA0D89556257E ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:33:06.0593 0x06b8  WZCSVC - ok
10:33:07.0109 0x06b8  [ 5526482DCBA6047641B13BF9C75A74E0, 446EEF008FC5055D8C3640BE57058914D078573883FA3BB7815F847C638FD881 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:33:07.0656 0x06b8  xmlprov - ok
10:33:07.0687 0x06b8  ================ Scan global ===============================
10:33:08.0734 0x06b8  [ 17DDFE6A0B5404C5EF4C03AD996D0562, 4E806713F5F86F60FB6204028321AEBE26195EE99A537B52D9627F2659C4A77A ] C:\WINDOWS\system32\basesrv.dll
10:33:09.0234 0x06b8  [ 63A5456E7C4E7771A8B39F82217E7825, 38DF4B5D94D6186835AF8464C8090E0DBECE302A6125A228081D641C0C10D9D9 ] C:\WINDOWS\system32\winsrv.dll
10:33:09.0546 0x06b8  [ 63A5456E7C4E7771A8B39F82217E7825, 38DF4B5D94D6186835AF8464C8090E0DBECE302A6125A228081D641C0C10D9D9 ] C:\WINDOWS\system32\winsrv.dll
10:33:09.0656 0x06b8  [ C79FEAE2F68982259907AB52B0F2676F, 2B9A6BCF479C839EA6BE03D66D6F70CB2C134D1D6301D61152682432B8C5DAE1 ] C:\WINDOWS\system32\services.exe
10:33:09.0718 0x06b8  [ Global ] - ok






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users