Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZEROACCESS rootkit symptoms found (after a few problems)


  • This topic is locked This topic is locked
29 replies to this topic

#1 MGMP

MGMP

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:33 AM

Posted 02 September 2012 - 01:55 PM

Hello,
Rkill has found ZEROACCESS rootkit symptoms on my desktop. Here is all that happened in the last 10 days of usage (I've been away 15 days).

On 11/8 AVG Resident Shield detected the following:
May be infected by unknown virus Win32/DH{LgMPNg} in "c:\Users\Marcello\AppData\Local\Temp\nmrxscaweo.exe"; Action taken:"Object is inaccessible."; Process:"C:\Windows\System32\cmd.exe"
May be infected by unknown virus Win32/DH{LgMPNg} in "c:\Users\Marcello\AppData\Local\Temp\nmrxscaweo.exe"; Action taken:"Moved to Virus Vault"; Process:"C:\Windows\System32\rundll32.exe"
Trojan horse BackDoor.Generic15.BHGZ in "c:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b}\n"; Action taken:"Moved to Virus Vault"; Process:"C:\Windows\explorer.exe"
This folder is the same that is present in the Rkill report.

The last one had an unknown malware, and AVG killed 3 processes and deleted 2 files:
c:\Users\<username>\AppData\Local\Temp\MSIMG32.DLL
c:\Users\<username>\AppData\Local\Temp\AEMWROSXCN.EXE

Meanwhile, ZoneAlarm blocked several connections attempt.

A full scan revealed trojan Java/Exploit.BAH, and I quarantined it.

After that, whenever I reboot or log-off, my desktop resets the icons order to alphabetical with no reason.

When I came back on 31/8 I did another AVG scan that found 2 more trojans: Exploit.Java_c.AFM and Exploit.Java_c.AEC

Afraid there was still a virus, I tried various tools to detect it:
AVG Antivirus Pro found nothing
MBAM found nothing
GMER found nothing (it showed only an avg entry in black); strange thing: all options but Services, Registry, Files, ADS and drive choosing were grayed out and unticked, Scan All became clickable after modifying another field.
The sfc command from the console (scan only mode) said there were damaged services
Rkill is the first tool that found something (full report at the end of the post)

I'm running Windows7 64bit, I have AVG Pro as antivirus and ZoneAlarm Pro as firewall.


Thank you for your help,
MGMP


Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/02/2012 06:03:32 PM in x64 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Marcello\Desktop\rkill\rkill-09-02-2012-06-03-51.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b}\ [ZA Dir]
* C:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b}\@ [ZA File]
* C:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b}\L\ [ZA Dir]
* C:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b}\U\ [ZA Dir]

Checking Windows Service Integrity:

* Servizio trasferimento intelligente in background (BITS) is not Running.
Startup Type set to: Manual

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* WatAdminSvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/02/2012 06:03:57 PM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)

Edited by MGMP, 02 September 2012 - 02:00 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,497 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:33 PM

Posted 02 September 2012 - 02:21 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#3 MGMP

MGMP
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:33 AM

Posted 03 September 2012 - 04:10 AM

Can I safely make a backup on DVDs, or will the infection spread to them?

Note about FRST: all checkboxes were already checked, including "List Drivers MD5".

FRST.txt


Scan result of Farbar Recovery Scan Tool Version: 02-09-2012 03
Ran by SYSTEM at 03-09-2012 10:47:19
Running from F:\
Windows 7 Ultimate (X64) OS Language: Italian Standard
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8288288 2009-10-14] (Realtek Semiconductor)
HKLM\...\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [1125504 2011-11-03] (Check Point Software Technologies)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-09-25] (NEC Electronics Corporation)
HKLM-x32\...\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b [5516800 2009-10-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [603136 2009-08-19] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [887936 2009-08-21] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Launch PC Probe II] [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73360 2011-12-18] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Marcello\...\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe" [550360 2011-06-07] (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [827520 2011-11-03] (Check Point Software Technologies)
2 MDES; C:\ASUS.SYS\CONFIG\DVMExportService.exe [319488 2009-03-24] (DeviceVM)
3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-08-13] (NOS Microsystems Ltd.)
2 OS Selector; "C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe" [2139400 2011-11-15] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-11-13] ()
2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service [2420616 2011-12-18] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ===================

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-04] ()
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
0 fltsrv; C:\Windows\System32\Drivers\fltsrv.sys [132704 2011-11-30] (Acronis)
2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2011-11-03] (Check Point Software Technologies)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
3 TotRec7; C:\Windows\System32\Drivers\TotRec7.sys [183376 2011-07-08] (High Criteria inc.)
3 TotRec8; C:\Windows\System32\Drivers\TotRec8.sys [121424 2011-07-08] (High Criteria inc.)
1 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-03 10:46 - 2012-09-03 10:47 - 00000000 ____D C:\FRST
2012-09-02 17:03 - 2012-09-02 17:09 - 00000000 ____D C:\Users\Marcello\Desktop\rkill
2012-09-02 17:03 - 2012-09-02 17:03 - 00004140 ____A C:\Users\Marcello\Desktop\Rkill.txt
2012-09-02 13:17 - 2012-09-02 14:04 - 00000265 ____A C:\Users\Marcello\Desktop\Nuovo documento di testo.txt
2012-09-01 19:04 - 2012-09-01 19:04 - 00000000 ____D C:\Users\Marcello\AppData\Roaming\Malwarebytes
2012-09-01 19:03 - 2012-09-01 19:03 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-01 19:03 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-01 19:00 - 2012-09-01 19:00 - 00000000 ____D C:\Users\Marcello\Downloads\Malwarebytes
2012-09-01 18:58 - 2012-09-02 11:23 - 00000250 ____A C:\Windows\gmer.ini
2012-09-01 18:58 - 2012-09-01 18:58 - 00884736 ____A C:\Windows\gmer.dll
2012-09-01 18:58 - 2012-09-01 18:58 - 00085969 ____A (GMER) C:\Windows\SysWOW64\Drivers\gmer.sys
2012-09-01 18:58 - 2012-09-01 18:58 - 00000080 ____A C:\Windows\gmer_uninstall.cmd
2012-09-01 18:58 - 2008-04-17 20:13 - 00811008 ____A C:\Windows\gmer.exe
2012-09-01 18:57 - 2012-09-01 18:57 - 00000000 ____D C:\Users\Prova01\AppData\Roaming\WinRAR
2012-09-01 18:16 - 2012-09-02 18:32 - 00000000 ____D C:\Users\Marcello\Downloads\Prova
2012-09-01 10:41 - 2012-09-01 10:41 - 00000978 ____A C:\Users\Marcello\Desktop\Vecchio Desktop.lnk
2012-08-31 19:22 - 2012-08-31 19:50 - 00000000 ____D C:\Dati_temporanei
2012-08-31 18:22 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-08-31 18:22 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-08-31 18:22 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-08-31 18:22 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-08-31 18:22 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-08-31 18:22 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-08-31 18:22 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-08-31 18:22 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-08-31 18:22 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-08-31 16:30 - 2012-08-31 16:30 - 00000000 ____D C:\Users\Prova01\AppData\Roaming\Macromedia
2012-08-31 16:30 - 2012-08-31 16:30 - 00000000 ____D C:\Users\Prova01\AppData\Roaming\Adobe
2012-08-31 13:16 - 2012-08-31 13:17 - 00000000 ____D C:\Users\Prova01\AppData\Local\Microsoft Games
2012-08-31 12:51 - 2012-08-31 12:51 - 00114232 ____A C:\Users\Prova01\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-31 12:51 - 2012-08-31 12:51 - 00000000 ____D C:\Users\Prova01\Documents\ForceField Shared Files
2012-08-31 12:51 - 2012-08-31 12:51 - 00000000 ____D C:\Users\Prova01\AppData\Roaming\CheckPoint
2012-08-31 12:51 - 2012-08-31 12:51 - 00000000 ____D C:\Users\Prova01\AppData\Roaming\AVG2012
2012-08-31 12:51 - 2012-08-31 12:51 - 00000000 ____D C:\Users\Prova01\AppData\Roaming\ATI
2012-08-31 12:51 - 2012-08-31 12:51 - 00000000 ____D C:\Users\Prova01\AppData\Local\VirtualStore
2012-08-31 12:51 - 2012-08-31 12:51 - 00000000 ____D C:\Users\Prova01\AppData\Local\ATI
2012-08-31 12:50 - 2012-08-31 12:51 - 00000000 ____D C:\users\Prova01
2012-08-31 12:50 - 2012-08-31 12:50 - 00000020 ___SH C:\Users\Prova01\ntuser.ini
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Risorse di stampa
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Risorse di rete
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Recenti
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Modelli
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Menu Avvio
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Impostazioni locali
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Documents\Video
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Documents\Musica
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Documents\Immagini
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Documenti
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\Dati applicazioni
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\AppData\Local\Dati applicazioni
2012-08-31 12:50 - 2012-08-31 12:50 - 00000000 __SHD C:\Users\Prova01\AppData\Local\Cronologia

==================== 3 Months Modified Files ================================

2012-09-03 08:27 - 2010-06-10 16:02 - 00000177 ____H C:\dvmexp.idx
2012-09-03 08:27 - 2010-06-10 16:02 - 00000038 ____A C:\dvmaccounts.ini
2012-09-03 08:26 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-03 08:26 - 2009-07-14 05:51 - 00152432 ____A C:\Windows\setupact.log
2012-09-02 21:51 - 2010-06-10 14:53 - 01106840 ____A C:\Windows\WindowsUpdate.log
2012-09-02 21:50 - 2011-04-02 16:05 - 00001154 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-02 21:40 - 2009-07-14 05:45 - 00015472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-02 21:40 - 2009-07-14 05:45 - 00015472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-02 21:37 - 2010-09-06 15:57 - 00693436 ____A C:\Windows\System32\perfh00A.dat
2012-09-02 21:37 - 2010-09-06 15:57 - 00137044 ____A C:\Windows\System32\perfc00A.dat
2012-09-02 21:37 - 2010-09-06 15:40 - 00643818 ____A C:\Windows\System32\perfh007.dat
2012-09-02 21:37 - 2010-09-06 15:40 - 00129522 ____A C:\Windows\System32\perfc007.dat
2012-09-02 21:37 - 2010-09-06 15:34 - 00694412 ____A C:\Windows\System32\perfh00C.dat
2012-09-02 21:37 - 2010-09-06 15:34 - 00130122 ____A C:\Windows\System32\perfc00C.dat
2012-09-02 21:37 - 2009-07-14 11:53 - 00698512 ____A C:\Windows\System32\perfh010.dat
2012-09-02 21:37 - 2009-07-14 11:53 - 00127738 ____A C:\Windows\System32\perfc010.dat
2012-09-02 21:37 - 2009-07-14 06:13 - 03966414 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-02 21:33 - 2011-04-02 16:05 - 00001150 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-02 17:03 - 2012-09-02 17:03 - 00004140 ____A C:\Users\Marcello\Desktop\Rkill.txt
2012-09-02 14:04 - 2012-09-02 13:17 - 00000265 ____A C:\Users\Marcello\Desktop\Nuovo documento di testo.txt
2012-09-02 11:23 - 2012-09-01 18:58 - 00000250 ____A C:\Windows\gmer.ini
2012-09-01 18:58 - 2012-09-01 18:58 - 00884736 ____A C:\Windows\gmer.dll
2012-09-01 18:58 - 2012-09-01 18:58 - 00085969 ____A (GMER) C:\Windows\SysWOW64\Drivers\gmer.sys
2012-09-01 18:58 - 2012-09-01 18:58 - 00000080 ____A C:\Windows\gmer_uninstall.cmd
2012-09-01 10:41 - 2012-09-01 10:41 - 00000978 ____A C:\Users\Marcello\Desktop\Vecchio Desktop.lnk
2012-08-31 18:24 - 2010-06-10 18:26 - 00007623 ____A C:\Users\Marcello\AppData\Local\Resmon.ResmonCfg
2012-08-31 12:51 - 2012-08-31 12:51 - 00114232 ____A C:\Users\Prova01\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-31 12:50 - 2012-08-31 12:50 - 00000020 ___SH C:\Users\Prova01\ntuser.ini
2012-08-04 18:45 - 2012-04-03 07:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-04 18:45 - 2011-05-23 15:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-03 11:40 - 2010-07-23 18:47 - 00353382 ____A C:\Windows\DirectX.log
2012-07-04 14:55 - 2011-11-13 16:24 - 00270408 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-04 14:55 - 2011-11-13 15:03 - 00270408 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-03 18:27 - 2009-07-14 06:08 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-03 12:46 - 2012-09-01 19:03 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-18 11:08 - 2012-06-18 11:08 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

ZeroAccess:
C:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b}
C:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b}\@
C:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b}\L
C:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-03 11:25:24
Restore point made on: 2012-08-03 14:41:55
Restore point made on: 2012-08-03 14:50:38
Restore point made on: 2012-08-11 20:53:45
Restore point made on: 2012-08-31 18:21:58

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6135.12 MB
Available physical RAM: 5400.63 MB
Total Pagefile: 6133.27 MB
Available Pagefile: 5390.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:1397.17 GB) (Free:1180.36 GB) NTFS
3 Drive f: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

N. disco Stato Dimensioni Disponibile Din GPT
-------- ------------- ------------- ------------- --- ---
Disco 0 Online 1397 Gbytes 0 byte
Disco 1 Online 247 Mbytes 0 byte

Partitions of Disk 0:
===============

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 100 Mb 1024 Kb
Partizione 2 Primario 1397 Gb 101 Mb

==================================================================================

Disk: 0
Partizione 1
Tipo : 07
Nascosta: No
Attiva: Si

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Riservato p NTFS Partizione 100 Mb Integro

==================================================================================

Disk: 0
Partizione 2
Tipo : 07
Nascosta: No
Attiva: No

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partizione 1397 Gb Integro

==================================================================================

Partitions of Disk 1:
===============

Partizione ### Tipo Dim. Offset
--------------- ---------------- ------- -------
Partizione 1 Primario 247 Mb 31 Kb

==================================================================================

Disk: 1
Partizione 1
Tipo : 0E
Nascosta: No
Attiva: Si

Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Rimovibile 247 Mb Integro

==================================================================================

Last Boot: 2012-08-31 09:06

==================== End Of Log =============================



Search.txt


Farbar Recovery Scan Tool Version: 02-09-2012 03
Ran by SYSTEM at 2012-09-03 10:48:33
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,497 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:33 PM

Posted 03 September 2012 - 07:30 AM

you can backup documents, images and music, but not programs to DVD, re-install the programs from the .iso or disk if you need to.


Please do the following:

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
C:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#5 MGMP

MGMP
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:33 AM

Posted 03 September 2012 - 09:37 AM

Can I unplug the Internet while I run ComboFix?

Can I backup on a USB as well? (I'll probably do the backup first)

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,497 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:33 PM

Posted 03 September 2012 - 11:43 AM

Yes and Yes :)
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#7 MGMP

MGMP
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:33 AM

Posted 04 September 2012 - 01:27 PM

MAYDAY!

I've followed all steps, but when ComboFix restarted the computer my PC stopped.
At restart I had a black screen with ComboFix window saying "please wait" and a PCProbe window saying it couldn't create system shell notification icon.
After 10+ minutes waiting I closed the PCProbe window, but after 1 hour no progress.

I now have a black screen with ComboFix window saying "please wait". Screensaver is still working.
I don't know what to do.

#8 MGMP

MGMP
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:33 AM

Posted 04 September 2012 - 03:34 PM

I now have to power down the PC.

#9 MGMP

MGMP
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:33 AM

Posted 04 September 2012 - 04:09 PM

While restarting, desktop reappearded. After next restart ZA asked permissions for "NirCmdto launch c:\combofix\nircmd.3xe". Granting Both resulted in an infinite loop. On logout it said "cannot start pev.3xe properly" with 0x0000142 error code

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,497 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:33 PM

Posted 04 September 2012 - 05:06 PM

Ok, let's try the following:


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
RestoreErunt: cf
end


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Please let me know if you can now boot properly
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#11 MGMP

MGMP
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:33 AM

Posted 05 September 2012 - 03:53 AM

I can now boot properly.
On startup AVG LinkScanner was disabled (I re-enabled it).
(I did a backup yesterday before running the tools).


The Fixlog.txt that just ran:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 02-09-2012 03
Ran by SYSTEM at 2012-09-05 10:02:22 Run:2
Running from F:\

==============================================

BCD restored successfuly.
DEFAULT restored successfuly.
SAM restored successfuly.
SECURITY restored successfuly.
SOFTWARE restored successfuly.
SYSTEM restored successfuly.

==== End of Fixlog ====



There is a mistake in the previous post.
The two Zone Alarm pop-ups were:
"NirCmd is trying to launch c:\combofix\cf23551.3xe"
"pev.3xe is trying to launch c:\combofix\nircmd.3xe"



I'm posting also the logs of the previus steps, in case this can help.


The former Fixlog.txt (the one run before ComboFix)

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 02-09-2012 03
Ran by SYSTEM at 2012-09-04 19:08:02 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Users\Marcello\AppData\Local\{f0f4eb1d-0609-2b50-2c39-9e4219ad9f0b} moved successfully.

==== End of Fixlog ====


There is no ComboFix log.


On a side note, desktop icons posistion now work properly.

EDIT: ComboFix deleted CCleaner.

On few stages it performed additional actions (e.g. stage_19 & stage_19a, but I don't remember the single stages).


Edited by MGMP, 05 September 2012 - 08:53 AM.


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,497 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:33 PM

Posted 05 September 2012 - 09:07 AM

some very unusual activity which makes me suspect there might still be infection causing havoc, let's get a scan with TDSSKiller (don't delete or cure anything yet, we have to proceed with caution now)


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#13 MGMP

MGMP
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:33 AM

Posted 05 September 2012 - 09:40 AM

What are you referring to by "some very unusual activity"?
Sometimes PCProbe does that error (randomly), could it have caused the combofix malfunction?


TDSS log


16:27:30.0976 7868 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:27:31.0116 7868 ============================================================
16:27:31.0116 7868 Current date / time: 2012/09/05 16:27:31.0116
16:27:31.0116 7868 SystemInfo:
16:27:31.0116 7868
16:27:31.0116 7868 OS Version: 6.1.7600 ServicePack: 0.0
16:27:31.0116 7868 Product type: Workstation
16:27:31.0116 7868 ComputerName: PC-MARCELLO
16:27:31.0116 7868 UserName: Marcello
16:27:31.0116 7868 Windows directory: C:\Windows
16:27:31.0116 7868 System windows directory: C:\Windows
16:27:31.0116 7868 Running under WOW64
16:27:31.0116 7868 Processor architecture: Intel x64
16:27:31.0116 7868 Number of processors: 8
16:27:31.0116 7868 Page size: 0x1000
16:27:31.0116 7868 Boot type: Normal boot
16:27:31.0116 7868 ============================================================
16:27:32.0161 7868 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:32.0161 7868 Drive \Device\Harddisk1\DR1 - Size: 0xF780000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:27:32.0161 7868 ============================================================
16:27:32.0161 7868 \Device\Harddisk0\DR0:
16:27:32.0161 7868 MBR partitions:
16:27:32.0161 7868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:27:32.0161 7868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
16:27:32.0161 7868 \Device\Harddisk1\DR1:
16:27:32.0161 7868 MBR partitions:
16:27:32.0161 7868 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0x7BBC1
16:27:32.0161 7868 ============================================================
16:27:32.0192 7868 C: <-> \Device\Harddisk0\DR0\Partition2
16:27:32.0192 7868 ============================================================
16:27:32.0192 7868 Initialize success
16:27:32.0192 7868 ============================================================
16:28:34.0546 5344 ============================================================
16:28:34.0546 5344 Scan started
16:28:34.0546 5344 Mode: Manual; TDLFS;
16:28:34.0546 5344 ============================================================
16:28:35.0996 5344 ================ Scan system memory ========================
16:28:35.0996 5344 System memory - ok
16:28:35.0996 5344 ================ Scan services =============================
16:28:36.0262 5344 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:28:36.0262 5344 1394ohci - ok
16:28:36.0277 5344 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:28:36.0277 5344 ACPI - ok
16:28:36.0293 5344 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:28:36.0293 5344 AcpiPmi - ok
16:28:36.0371 5344 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:28:36.0371 5344 adp94xx - ok
16:28:36.0386 5344 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:28:36.0386 5344 adpahci - ok
16:28:36.0402 5344 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:28:36.0402 5344 adpu320 - ok
16:28:36.0433 5344 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:28:36.0433 5344 AeLookupSvc - ok
16:28:36.0496 5344 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
16:28:36.0511 5344 AFD - ok
16:28:36.0527 5344 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:28:36.0527 5344 agp440 - ok
16:28:36.0542 5344 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:28:36.0542 5344 ALG - ok
16:28:36.0558 5344 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:28:36.0558 5344 aliide - ok
16:28:36.0605 5344 [ C4C88CD854B28FC85495C841A0F6A069 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:28:36.0605 5344 AMD External Events Utility - ok
16:28:36.0620 5344 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:28:36.0620 5344 amdide - ok
16:28:36.0636 5344 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:28:36.0636 5344 AmdK8 - ok
16:28:36.0730 5344 [ 1147F8816D4DDC9FC43A40DF52F40500 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
16:28:36.0808 5344 amdkmdag - ok
16:28:36.0823 5344 [ EBC963D8F5B04C98F5EF597AAE79CDDD ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:28:36.0823 5344 amdkmdap - ok
16:28:36.0839 5344 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:28:36.0839 5344 AmdPPM - ok
16:28:36.0870 5344 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:28:36.0870 5344 amdsata - ok
16:28:36.0886 5344 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:28:36.0886 5344 amdsbs - ok
16:28:36.0901 5344 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:28:36.0901 5344 amdxata - ok
16:28:36.0917 5344 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
16:28:36.0917 5344 AppID - ok
16:28:36.0917 5344 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:28:36.0932 5344 AppIDSvc - ok
16:28:36.0964 5344 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
16:28:36.0964 5344 Appinfo - ok
16:28:37.0010 5344 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:28:37.0010 5344 AppMgmt - ok
16:28:37.0026 5344 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:28:37.0026 5344 arc - ok
16:28:37.0042 5344 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:28:37.0042 5344 arcsas - ok
16:28:37.0104 5344 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
16:28:37.0104 5344 AsIO - ok
16:28:37.0151 5344 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
16:28:37.0166 5344 AsSysCtrlService - ok
16:28:37.0198 5344 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:37.0198 5344 AsyncMac - ok
16:28:37.0213 5344 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:28:37.0213 5344 atapi - ok
16:28:37.0276 5344 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
16:28:37.0276 5344 AtiHdmiService - ok
16:28:37.0291 5344 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:28:37.0291 5344 AudioEndpointBuilder - ok
16:28:37.0307 5344 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:28:37.0307 5344 AudioSrv - ok
16:28:37.0463 5344 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
16:28:37.0478 5344 AVGIDSAgent - ok
16:28:37.0525 5344 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:28:37.0525 5344 AVGIDSDriver - ok
16:28:37.0572 5344 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
16:28:37.0572 5344 AVGIDSFilter - ok
16:28:37.0588 5344 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
16:28:37.0603 5344 AVGIDSHA - ok
16:28:37.0650 5344 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
16:28:37.0650 5344 Avgldx64 - ok
16:28:37.0681 5344 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
16:28:37.0681 5344 Avgmfx64 - ok
16:28:37.0712 5344 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
16:28:37.0712 5344 Avgrkx64 - ok
16:28:37.0744 5344 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
16:28:37.0744 5344 Avgtdia - ok
16:28:37.0775 5344 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:28:37.0775 5344 avgwd - ok
16:28:37.0822 5344 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:28:37.0822 5344 AxInstSV - ok
16:28:37.0868 5344 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:28:37.0868 5344 b06bdrv - ok
16:28:37.0915 5344 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:28:37.0931 5344 b57nd60a - ok
16:28:37.0978 5344 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:28:37.0978 5344 BDESVC - ok
16:28:37.0993 5344 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:28:37.0993 5344 Beep - ok
16:28:38.0087 5344 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
16:28:38.0087 5344 BFE - ok
16:28:38.0134 5344 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
16:28:38.0149 5344 BITS - ok
16:28:38.0180 5344 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:38.0180 5344 blbdrive - ok
16:28:38.0212 5344 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:28:38.0212 5344 bowser - ok
16:28:38.0212 5344 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:28:38.0227 5344 BrFiltLo - ok
16:28:38.0227 5344 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:28:38.0227 5344 BrFiltUp - ok
16:28:38.0243 5344 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
16:28:38.0243 5344 Browser - ok
16:28:38.0258 5344 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:28:38.0258 5344 Brserid - ok
16:28:38.0258 5344 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:38.0258 5344 BrSerWdm - ok
16:28:38.0274 5344 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:38.0274 5344 BrUsbMdm - ok
16:28:38.0274 5344 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:28:38.0274 5344 BrUsbSer - ok
16:28:38.0290 5344 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:28:38.0290 5344 BTHMODEM - ok
16:28:38.0305 5344 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:28:38.0305 5344 bthserv - ok
16:28:38.0321 5344 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:28:38.0321 5344 cdfs - ok
16:28:38.0352 5344 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:28:38.0352 5344 cdrom - ok
16:28:38.0399 5344 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
16:28:38.0399 5344 CertPropSvc - ok
16:28:38.0461 5344 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:28:38.0461 5344 circlass - ok
16:28:38.0477 5344 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:28:38.0477 5344 CLFS - ok
16:28:38.0539 5344 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:28:38.0539 5344 clr_optimization_v2.0.50727_32 - ok
16:28:38.0570 5344 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:28:38.0570 5344 clr_optimization_v2.0.50727_64 - ok
16:28:38.0680 5344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:28:38.0680 5344 clr_optimization_v4.0.30319_32 - ok
16:28:38.0758 5344 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:28:38.0758 5344 clr_optimization_v4.0.30319_64 - ok
16:28:38.0773 5344 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:38.0773 5344 CmBatt - ok
16:28:38.0773 5344 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:28:38.0773 5344 cmdide - ok
16:28:38.0804 5344 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
16:28:38.0804 5344 CNG - ok
16:28:38.0820 5344 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:28:38.0820 5344 Compbatt - ok
16:28:38.0836 5344 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:28:38.0836 5344 CompositeBus - ok
16:28:38.0836 5344 COMSysApp - ok
16:28:38.0851 5344 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:28:38.0851 5344 crcdisk - ok
16:28:38.0882 5344 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:28:38.0882 5344 CryptSvc - ok
16:28:38.0914 5344 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
16:28:38.0914 5344 CSC - ok
16:28:38.0929 5344 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
16:28:38.0929 5344 CscService - ok
16:28:38.0960 5344 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:28:38.0976 5344 DcomLaunch - ok
16:28:38.0992 5344 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:28:38.0992 5344 defragsvc - ok
16:28:39.0007 5344 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:28:39.0023 5344 DfsC - ok
16:28:39.0038 5344 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
16:28:39.0038 5344 Dhcp - ok
16:28:39.0038 5344 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:28:39.0038 5344 discache - ok
16:28:39.0054 5344 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:28:39.0054 5344 Disk - ok
16:28:39.0070 5344 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:28:39.0070 5344 Dnscache - ok
16:28:39.0085 5344 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
16:28:39.0101 5344 dot3svc - ok
16:28:39.0101 5344 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
16:28:39.0101 5344 DPS - ok
16:28:39.0163 5344 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:28:39.0179 5344 drmkaud - ok
16:28:39.0194 5344 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:28:39.0194 5344 DXGKrnl - ok
16:28:39.0210 5344 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:28:39.0210 5344 EapHost - ok
16:28:39.0257 5344 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:28:39.0319 5344 ebdrv - ok
16:28:39.0366 5344 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
16:28:39.0366 5344 EFS - ok
16:28:39.0428 5344 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:28:39.0444 5344 ehRecvr - ok
16:28:39.0475 5344 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:28:39.0475 5344 ehSched - ok
16:28:39.0506 5344 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:28:39.0506 5344 elxstor - ok
16:28:39.0522 5344 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:28:39.0522 5344 ErrDev - ok
16:28:39.0538 5344 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:28:39.0538 5344 EventSystem - ok
16:28:39.0538 5344 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:28:39.0553 5344 exfat - ok
16:28:39.0553 5344 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:28:39.0553 5344 fastfat - ok
16:28:39.0631 5344 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
16:28:39.0631 5344 Fax - ok
16:28:39.0647 5344 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:28:39.0647 5344 fdc - ok
16:28:39.0662 5344 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:28:39.0662 5344 fdPHost - ok
16:28:39.0662 5344 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:28:39.0662 5344 FDResPub - ok
16:28:39.0678 5344 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:28:39.0678 5344 FileInfo - ok
16:28:39.0678 5344 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:28:39.0678 5344 Filetrace - ok
16:28:39.0694 5344 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:39.0694 5344 flpydisk - ok
16:28:39.0709 5344 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:28:39.0709 5344 FltMgr - ok
16:28:39.0787 5344 [ B8AFE7A30D34C0E9FDBA81632294547C ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
16:28:39.0787 5344 fltsrv - ok
16:28:39.0818 5344 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
16:28:39.0834 5344 FontCache - ok
16:28:39.0896 5344 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:28:39.0896 5344 FontCache3.0.0.0 - ok
16:28:39.0912 5344 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:28:39.0912 5344 FsDepends - ok
16:28:39.0943 5344 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:28:39.0943 5344 Fs_Rec - ok
16:28:39.0959 5344 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:28:39.0959 5344 fvevol - ok
16:28:39.0974 5344 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:28:39.0974 5344 gagp30kx - ok
16:28:39.0990 5344 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
16:28:39.0990 5344 gpsvc - ok
16:28:40.0084 5344 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:40.0084 5344 gupdate - ok
16:28:40.0099 5344 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:40.0115 5344 gupdatem - ok
16:28:40.0130 5344 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:28:40.0130 5344 hcw85cir - ok
16:28:40.0162 5344 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:28:40.0177 5344 HdAudAddService - ok
16:28:40.0193 5344 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:28:40.0193 5344 HDAudBus - ok
16:28:40.0193 5344 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:28:40.0208 5344 HidBatt - ok
16:28:40.0208 5344 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:28:40.0208 5344 HidBth - ok
16:28:40.0224 5344 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:28:40.0224 5344 HidIr - ok
16:28:40.0240 5344 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:28:40.0240 5344 hidserv - ok
16:28:40.0286 5344 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:28:40.0286 5344 HidUsb - ok
16:28:40.0318 5344 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:28:40.0318 5344 hkmsvc - ok
16:28:40.0333 5344 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:28:40.0333 5344 HomeGroupListener - ok
16:28:40.0380 5344 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:28:40.0380 5344 HomeGroupProvider - ok
16:28:40.0411 5344 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:28:40.0411 5344 HpSAMD - ok
16:28:40.0458 5344 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:28:40.0458 5344 HTTP - ok
16:28:40.0474 5344 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:28:40.0474 5344 hwpolicy - ok
16:28:40.0474 5344 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:28:40.0489 5344 i8042prt - ok
16:28:40.0536 5344 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:28:40.0536 5344 iaStorV - ok
16:28:40.0598 5344 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:28:40.0598 5344 idsvc - ok
16:28:40.0614 5344 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:28:40.0614 5344 iirsp - ok
16:28:40.0630 5344 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
16:28:40.0645 5344 IKEEXT - ok
16:28:40.0723 5344 [ E53DC50458952080889A379746ED128F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:28:40.0723 5344 IntcAzAudAddService - ok
16:28:40.0754 5344 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:28:40.0754 5344 intelide - ok
16:28:40.0754 5344 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:28:40.0754 5344 intelppm - ok
16:28:40.0786 5344 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:28:40.0786 5344 IPBusEnum - ok
16:28:40.0786 5344 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:40.0786 5344 IpFilterDriver - ok
16:28:40.0801 5344 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:28:40.0801 5344 iphlpsvc - ok
16:28:40.0817 5344 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:28:40.0817 5344 IPMIDRV - ok
16:28:40.0817 5344 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:28:40.0817 5344 IPNAT - ok
16:28:40.0864 5344 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:28:40.0864 5344 IRENUM - ok
16:28:40.0879 5344 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:28:40.0879 5344 isapnp - ok
16:28:40.0895 5344 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:28:40.0895 5344 iScsiPrt - ok
16:28:40.0988 5344 [ BF65E6D039AE37C988D5B2B680E7D718 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:28:40.0988 5344 ISWKL - ok
16:28:41.0020 5344 [ 99148599FE4D0A5CD7C7EB74ED5A63E4 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
16:28:41.0020 5344 IswSvc - ok
16:28:41.0051 5344 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:28:41.0051 5344 kbdclass - ok
16:28:41.0098 5344 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:28:41.0098 5344 kbdhid - ok
16:28:41.0113 5344 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
16:28:41.0113 5344 KeyIso - ok
16:28:41.0129 5344 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:28:41.0129 5344 KSecDD - ok
16:28:41.0160 5344 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:28:41.0160 5344 KSecPkg - ok
16:28:41.0176 5344 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:28:41.0176 5344 ksthunk - ok
16:28:41.0191 5344 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:28:41.0207 5344 KtmRm - ok
16:28:41.0222 5344 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:28:41.0222 5344 LanmanServer - ok
16:28:41.0254 5344 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:28:41.0269 5344 LanmanWorkstation - ok
16:28:41.0300 5344 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:28:41.0300 5344 lltdio - ok
16:28:41.0316 5344 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:28:41.0332 5344 lltdsvc - ok
16:28:41.0332 5344 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:28:41.0347 5344 lmhosts - ok
16:28:41.0378 5344 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:28:41.0394 5344 LSI_FC - ok
16:28:41.0410 5344 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:28:41.0410 5344 LSI_SAS - ok
16:28:41.0410 5344 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:28:41.0410 5344 LSI_SAS2 - ok
16:28:41.0456 5344 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:28:41.0456 5344 LSI_SCSI - ok
16:28:41.0503 5344 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:28:41.0503 5344 luafv - ok
16:28:41.0581 5344 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:28:41.0581 5344 Mcx2Svc - ok
16:28:41.0722 5344 [ B0174BBFB541B9BED3FE552C4BF93A9E ] MDES C:\ASUS.SYS\CONFIG\DVMExportService.exe
16:28:41.0722 5344 MDES - ok
16:28:41.0784 5344 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:28:41.0784 5344 megasas - ok
16:28:41.0815 5344 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:28:41.0831 5344 MegaSR - ok
16:28:41.0831 5344 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:28:41.0831 5344 MMCSS - ok
16:28:41.0846 5344 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:28:41.0846 5344 Modem - ok
16:28:41.0846 5344 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:28:41.0846 5344 monitor - ok
16:28:41.0878 5344 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:28:41.0878 5344 mouclass - ok
16:28:41.0878 5344 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:28:41.0878 5344 mouhid - ok
16:28:41.0893 5344 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:28:41.0893 5344 mountmgr - ok
16:28:41.0909 5344 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:28:41.0909 5344 mpio - ok
16:28:41.0909 5344 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:28:41.0909 5344 mpsdrv - ok
16:28:41.0940 5344 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:28:41.0940 5344 MpsSvc - ok
16:28:41.0956 5344 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:28:41.0956 5344 MRxDAV - ok
16:28:41.0987 5344 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:41.0987 5344 mrxsmb - ok
16:28:42.0034 5344 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:42.0034 5344 mrxsmb10 - ok
16:28:42.0049 5344 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:42.0049 5344 mrxsmb20 - ok
16:28:42.0080 5344 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:28:42.0080 5344 msahci - ok
16:28:42.0096 5344 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:28:42.0096 5344 msdsm - ok
16:28:42.0112 5344 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:28:42.0112 5344 MSDTC - ok
16:28:42.0158 5344 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:28:42.0158 5344 Msfs - ok
16:28:42.0174 5344 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:28:42.0174 5344 mshidkmdf - ok
16:28:42.0174 5344 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:28:42.0174 5344 msisadrv - ok
16:28:42.0190 5344 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:28:42.0205 5344 MSiSCSI - ok
16:28:42.0205 5344 msiserver - ok
16:28:42.0236 5344 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:28:42.0236 5344 MSKSSRV - ok
16:28:42.0252 5344 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:42.0252 5344 MSPCLOCK - ok
16:28:42.0268 5344 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:28:42.0268 5344 MSPQM - ok
16:28:42.0283 5344 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:28:42.0283 5344 MsRPC - ok
16:28:42.0299 5344 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:28:42.0299 5344 mssmbios - ok
16:28:42.0314 5344 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:28:42.0314 5344 MSTEE - ok
16:28:42.0330 5344 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:28:42.0330 5344 MTConfig - ok
16:28:42.0377 5344 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
16:28:42.0377 5344 MTsensor - ok
16:28:42.0392 5344 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:28:42.0392 5344 Mup - ok
16:28:42.0424 5344 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
16:28:42.0439 5344 napagent - ok
16:28:42.0455 5344 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:28:42.0455 5344 NativeWifiP - ok
16:28:42.0470 5344 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:28:42.0486 5344 NDIS - ok
16:28:42.0486 5344 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:42.0486 5344 NdisCap - ok
16:28:42.0502 5344 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:42.0502 5344 NdisTapi - ok
16:28:42.0517 5344 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:42.0517 5344 Ndisuio - ok
16:28:42.0533 5344 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:42.0533 5344 NdisWan - ok
16:28:42.0548 5344 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:28:42.0548 5344 NDProxy - ok
16:28:42.0564 5344 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:28:42.0564 5344 NetBIOS - ok
16:28:42.0564 5344 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:28:42.0580 5344 NetBT - ok
16:28:42.0580 5344 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
16:28:42.0580 5344 Netlogon - ok
16:28:42.0626 5344 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:28:42.0626 5344 Netman - ok
16:28:42.0642 5344 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:28:42.0642 5344 netprofm - ok
16:28:42.0673 5344 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:28:42.0673 5344 NetTcpPortSharing - ok
16:28:42.0704 5344 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:28:42.0704 5344 nfrd960 - ok
16:28:42.0736 5344 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:28:42.0736 5344 NlaSvc - ok
16:28:42.0814 5344 [ EF7A048FE8E3F102C78C9BD7C448BB6C ] nosGetPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
16:28:42.0814 5344 nosGetPlusHelper - ok
16:28:42.0829 5344 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:28:42.0829 5344 Npfs - ok
16:28:42.0845 5344 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:28:42.0845 5344 nsi - ok
16:28:42.0860 5344 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:28:42.0860 5344 nsiproxy - ok
16:28:42.0907 5344 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:28:42.0907 5344 Ntfs - ok
16:28:42.0938 5344 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:28:42.0938 5344 Null - ok
16:28:43.0001 5344 [ A61B0AF4D6B934928CFD1140DEEA5C8D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
16:28:43.0001 5344 nusb3hub - ok
16:28:43.0048 5344 [ FA4B2F20561BDBCC6B9AC3E3BDCD7E3F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:28:43.0063 5344 nusb3xhc - ok
16:28:43.0094 5344 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:28:43.0110 5344 nvraid - ok
16:28:43.0126 5344 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:28:43.0126 5344 nvstor - ok
16:28:43.0172 5344 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:28:43.0172 5344 nv_agp - ok
16:28:43.0188 5344 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:28:43.0188 5344 ohci1394 - ok
16:28:43.0313 5344 [ 63927F81E1A89C03E77977DE35C4ABB8 ] OS Selector C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
16:28:43.0313 5344 OS Selector - ok
16:28:43.0391 5344 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:28:43.0391 5344 ose - ok
16:28:43.0516 5344 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:28:43.0562 5344 osppsvc - ok
16:28:43.0609 5344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:28:43.0609 5344 p2pimsvc - ok
16:28:43.0640 5344 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:28:43.0640 5344 p2psvc - ok
16:28:43.0656 5344 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:28:43.0656 5344 Parport - ok
16:28:43.0687 5344 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:28:43.0687 5344 partmgr - ok
16:28:43.0687 5344 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:28:43.0687 5344 PcaSvc - ok
16:28:43.0703 5344 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
16:28:43.0703 5344 pci - ok
16:28:43.0718 5344 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:28:43.0718 5344 pciide - ok
16:28:43.0734 5344 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:28:43.0734 5344 pcmcia - ok
16:28:43.0750 5344 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:28:43.0750 5344 pcw - ok
16:28:43.0765 5344 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:28:43.0765 5344 PEAUTH - ok
16:28:43.0796 5344 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:28:43.0828 5344 PeerDistSvc - ok
16:28:43.0874 5344 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:28:43.0874 5344 PerfHost - ok
16:28:43.0921 5344 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
16:28:43.0937 5344 pla - ok
16:28:43.0984 5344 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:28:43.0984 5344 PlugPlay - ok
16:28:43.0999 5344 PnkBstrA - ok
16:28:44.0030 5344 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:28:44.0030 5344 PNRPAutoReg - ok
16:28:44.0046 5344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:28:44.0046 5344 PNRPsvc - ok
16:28:44.0093 5344 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:28:44.0093 5344 PolicyAgent - ok
16:28:44.0124 5344 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:28:44.0124 5344 Power - ok
16:28:44.0171 5344 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:28:44.0171 5344 PptpMiniport - ok
16:28:44.0171 5344 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:28:44.0186 5344 Processor - ok
16:28:44.0233 5344 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
16:28:44.0233 5344 ProfSvc - ok
16:28:44.0233 5344 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:28:44.0249 5344 ProtectedStorage - ok
16:28:44.0280 5344 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:28:44.0280 5344 Psched - ok
16:28:44.0358 5344 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:28:44.0389 5344 ql2300 - ok
16:28:44.0405 5344 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:28:44.0405 5344 ql40xx - ok
16:28:44.0420 5344 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:28:44.0420 5344 QWAVE - ok
16:28:44.0436 5344 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:28:44.0436 5344 QWAVEdrv - ok
16:28:44.0436 5344 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:28:44.0452 5344 RasAcd - ok
16:28:44.0483 5344 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:44.0498 5344 RasAgileVpn - ok
16:28:44.0514 5344 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:28:44.0514 5344 RasAuto - ok
16:28:44.0530 5344 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:44.0530 5344 Rasl2tp - ok
16:28:44.0545 5344 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
16:28:44.0561 5344 RasMan - ok
16:28:44.0576 5344 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:44.0576 5344 RasPppoe - ok
16:28:44.0576 5344 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:28:44.0576 5344 RasSstp - ok
16:28:44.0592 5344 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:28:44.0608 5344 rdbss - ok
16:28:44.0608 5344 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:28:44.0608 5344 rdpbus - ok
16:28:44.0623 5344 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:44.0623 5344 RDPCDD - ok
16:28:44.0639 5344 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:28:44.0639 5344 RDPDR - ok
16:28:44.0654 5344 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:28:44.0654 5344 RDPENCDD - ok
16:28:44.0670 5344 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:28:44.0670 5344 RDPREFMP - ok
16:28:44.0701 5344 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:28:44.0701 5344 RDPWD - ok
16:28:44.0717 5344 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:28:44.0717 5344 rdyboost - ok
16:28:44.0748 5344 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:28:44.0748 5344 RemoteAccess - ok
16:28:44.0764 5344 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:28:44.0779 5344 RemoteRegistry - ok
16:28:44.0826 5344 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:28:44.0826 5344 RpcEptMapper - ok
16:28:44.0842 5344 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:28:44.0842 5344 RpcLocator - ok
16:28:44.0857 5344 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
16:28:44.0857 5344 RpcSs - ok
16:28:44.0873 5344 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:28:44.0873 5344 rspndr - ok
16:28:44.0888 5344 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
16:28:44.0888 5344 s3cap - ok
16:28:44.0888 5344 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
16:28:44.0888 5344 SamSs - ok
16:28:44.0904 5344 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:28:44.0904 5344 sbp2port - ok
16:28:44.0920 5344 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:28:44.0920 5344 SCardSvr - ok
16:28:44.0935 5344 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:28:44.0935 5344 scfilter - ok
16:28:44.0951 5344 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
16:28:44.0966 5344 Schedule - ok
16:28:44.0998 5344 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:28:44.0998 5344 SCPolicySvc - ok
16:28:45.0013 5344 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:28:45.0013 5344 SDRSVC - ok
16:28:45.0029 5344 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:28:45.0029 5344 secdrv - ok
16:28:45.0044 5344 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
16:28:45.0044 5344 seclogon - ok
16:28:45.0060 5344 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:28:45.0060 5344 SENS - ok
16:28:45.0076 5344 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:28:45.0076 5344 SensrSvc - ok
16:28:45.0091 5344 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:28:45.0091 5344 Serenum - ok
16:28:45.0107 5344 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:28:45.0107 5344 Serial - ok
16:28:45.0122 5344 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:28:45.0122 5344 sermouse - ok
16:28:45.0138 5344 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
16:28:45.0138 5344 SessionEnv - ok
16:28:45.0154 5344 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:28:45.0154 5344 sffdisk - ok
16:28:45.0169 5344 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:28:45.0169 5344 sffp_mmc - ok
16:28:45.0169 5344 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:28:45.0185 5344 sffp_sd - ok
16:28:45.0185 5344 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:28:45.0185 5344 sfloppy - ok
16:28:45.0216 5344 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:28:45.0216 5344 SharedAccess - ok
16:28:45.0247 5344 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:28:45.0247 5344 ShellHWDetection - ok
16:28:45.0278 5344 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:28:45.0294 5344 SiSRaid2 - ok
16:28:45.0294 5344 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:28:45.0294 5344 SiSRaid4 - ok
16:28:45.0341 5344 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:28:45.0341 5344 Smb - ok
16:28:45.0419 5344 [ BBFB94699C8C265A6AF5FD51BDE26DFC ] snapman C:\Windows\system32\DRIVERS\snapman.sys
16:28:45.0419 5344 snapman - ok
16:28:45.0419 5344 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:28:45.0434 5344 SNMPTRAP - ok
16:28:45.0434 5344 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:28:45.0434 5344 spldr - ok
16:28:45.0450 5344 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
16:28:45.0450 5344 Spooler - ok
16:28:45.0497 5344 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
16:28:45.0512 5344 sppsvc - ok
16:28:45.0528 5344 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:28:45.0544 5344 sppuinotify - ok
16:28:45.0575 5344 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:28:45.0575 5344 srv - ok
16:28:45.0606 5344 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:28:45.0606 5344 srv2 - ok
16:28:45.0637 5344 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:28:45.0637 5344 srvnet - ok
16:28:45.0684 5344 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:28:45.0684 5344 SSDPSRV - ok
16:28:45.0700 5344 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:28:45.0700 5344 SstpSvc - ok
16:28:45.0746 5344 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:28:45.0746 5344 stexstor - ok
16:28:45.0778 5344 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
16:28:45.0793 5344 stisvc - ok
16:28:45.0793 5344 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
16:28:45.0793 5344 storflt - ok
16:28:45.0824 5344 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
16:28:45.0824 5344 storvsc - ok
16:28:45.0824 5344 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:28:45.0824 5344 swenum - ok
16:28:45.0856 5344 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:28:45.0856 5344 swprv - ok
16:28:45.0887 5344 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
16:28:45.0902 5344 SysMain - ok
16:28:45.0918 5344 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:28:45.0918 5344 TabletInputService - ok
16:28:45.0934 5344 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
16:28:45.0949 5344 TapiSrv - ok
16:28:45.0965 5344 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:28:45.0980 5344 TBS - ok
16:28:46.0012 5344 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:28:46.0012 5344 Tcpip - ok
16:28:46.0074 5344 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:28:46.0074 5344 TCPIP6 - ok
16:28:46.0090 5344 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:28:46.0090 5344 tcpipreg - ok
16:28:46.0121 5344 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:28:46.0121 5344 TDPIPE - ok
16:28:46.0136 5344 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:28:46.0152 5344 TDTCP - ok
16:28:46.0183 5344 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:28:46.0183 5344 tdx - ok
16:28:46.0199 5344 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:28:46.0199 5344 TermDD - ok
16:28:46.0214 5344 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
16:28:46.0230 5344 TermService - ok
16:28:46.0246 5344 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:28:46.0246 5344 Themes - ok
16:28:46.0261 5344 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:28:46.0261 5344 THREADORDER - ok
16:28:46.0308 5344 [ 9EFC1C747A516A317A80D8AD1164718C ] TotRec7 C:\Windows\system32\drivers\TotRec7.sys
16:28:46.0308 5344 TotRec7 - ok
16:28:46.0355 5344 [ 71554FECD5EFFAD80CA94F7C5E36ED83 ] TotRec8 C:\Windows\system32\drivers\TotRec8.sys
16:28:46.0355 5344 TotRec8 - ok
16:28:46.0355 5344 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:28:46.0355 5344 TrkWks - ok
16:28:46.0417 5344 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:28:46.0417 5344 TrustedInstaller - ok
16:28:46.0417 5344 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:28:46.0433 5344 tssecsrv - ok
16:28:46.0464 5344 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:28:46.0464 5344 tunnel - ok
16:28:46.0480 5344 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:28:46.0480 5344 uagp35 - ok
16:28:46.0495 5344 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:28:46.0495 5344 udfs - ok
16:28:46.0511 5344 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:28:46.0511 5344 UI0Detect - ok
16:28:46.0558 5344 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:28:46.0558 5344 uliagpkx - ok
16:28:46.0573 5344 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:28:46.0573 5344 umbus - ok
16:28:46.0573 5344 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:28:46.0573 5344 UmPass - ok
16:28:46.0589 5344 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
16:28:46.0604 5344 UmRdpService - ok
16:28:46.0620 5344 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:28:46.0620 5344 upnphost - ok
16:28:46.0651 5344 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
16:28:46.0651 5344 usbccgp - ok
16:28:46.0667 5344 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:28:46.0667 5344 usbcir - ok
16:28:46.0698 5344 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:28:46.0698 5344 usbehci - ok
16:28:46.0714 5344 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:28:46.0714 5344 usbhub - ok
16:28:46.0729 5344 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:28:46.0729 5344 usbohci - ok
16:28:46.0745 5344 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:28:46.0745 5344 usbprint - ok
16:28:46.0776 5344 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:28:46.0776 5344 USBSTOR - ok
16:28:46.0792 5344 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:28:46.0792 5344 usbuhci - ok
16:28:46.0807 5344 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:28:46.0807 5344 UxSms - ok
16:28:46.0807 5344 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
16:28:46.0807 5344 VaultSvc - ok
16:28:46.0823 5344 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:28:46.0823 5344 vdrvroot - ok
16:28:46.0901 5344 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
16:28:46.0932 5344 vds - ok
16:28:46.0948 5344 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:28:46.0948 5344 vga - ok
16:28:46.0948 5344 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:28:46.0948 5344 VgaSave - ok
16:28:46.0979 5344 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:28:46.0979 5344 vhdmp - ok
16:28:46.0979 5344 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:28:46.0979 5344 viaide - ok
16:28:46.0994 5344 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
16:28:46.0994 5344 vmbus - ok
16:28:47.0010 5344 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
16:28:47.0026 5344 VMBusHID - ok
16:28:47.0026 5344 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:28:47.0026 5344 volmgr - ok
16:28:47.0041 5344 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:28:47.0041 5344 volmgrx - ok
16:28:47.0057 5344 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:28:47.0072 5344 volsnap - ok
16:28:47.0135 5344 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
16:28:47.0135 5344 Vsdatant - ok
16:28:47.0213 5344 vsmon - ok
16:28:47.0228 5344 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:28:47.0244 5344 vsmraid - ok
16:28:47.0275 5344 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
16:28:47.0306 5344 VSS - ok
16:28:47.0306 5344 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:28:47.0322 5344 vwifibus - ok
16:28:47.0353 5344 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:28:47.0353 5344 W32Time - ok
16:28:47.0353 5344 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:28:47.0353 5344 WacomPen - ok
16:28:47.0369 5344 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:28:47.0369 5344 WANARP - ok
16:28:47.0369 5344 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:28:47.0369 5344 Wanarpv6 - ok
16:28:47.0400 5344 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
16:28:47.0431 5344 wbengine - ok
16:28:47.0447 5344 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:28:47.0447 5344 WbioSrvc - ok
16:28:47.0462 5344 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:28:47.0478 5344 wcncsvc - ok
16:28:47.0478 5344 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:28:47.0478 5344 WcsPlugInService - ok
16:28:47.0494 5344 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:28:47.0494 5344 Wd - ok
16:28:47.0509 5344 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:28:47.0509 5344 Wdf01000 - ok
16:28:47.0525 5344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:28:47.0525 5344 WdiServiceHost - ok
16:28:47.0525 5344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:28:47.0525 5344 WdiSystemHost - ok
16:28:47.0540 5344 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
16:28:47.0556 5344 WebClient - ok
16:28:47.0572 5344 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:28:47.0572 5344 Wecsvc - ok
16:28:47.0603 5344 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:28:47.0603 5344 wercplsupport - ok
16:28:47.0634 5344 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:28:47.0634 5344 WerSvc - ok
16:28:47.0650 5344 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:28:47.0650 5344 WfpLwf - ok
16:28:47.0665 5344 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:28:47.0665 5344 WIMMount - ok
16:28:47.0665 5344 WinDefend - ok
16:28:47.0681 5344 WinHttpAutoProxySvc - ok
16:28:47.0712 5344 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:28:47.0712 5344 Winmgmt - ok
16:28:47.0759 5344 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
16:28:47.0806 5344 WinRM - ok
16:28:47.0868 5344 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:28:47.0868 5344 WinUsb - ok
16:28:47.0899 5344 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:28:47.0899 5344 Wlansvc - ok
16:28:47.0946 5344 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:28:47.0946 5344 WmiAcpi - ok
16:28:47.0962 5344 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:28:47.0962 5344 wmiApSrv - ok
16:28:47.0977 5344 WMPNetworkSvc - ok
16:28:47.0993 5344 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:28:47.0993 5344 WPCSvc - ok
16:28:48.0008 5344 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:28:48.0024 5344 WPDBusEnum - ok
16:28:48.0024 5344 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:28:48.0024 5344 ws2ifsl - ok
16:28:48.0040 5344 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
16:28:48.0040 5344 wscsvc - ok
16:28:48.0040 5344 WSearch - ok
16:28:48.0102 5344 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:28:48.0133 5344 wuauserv - ok
16:28:48.0133 5344 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:28:48.0133 5344 WudfPf - ok
16:28:48.0196 5344 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:28:48.0196 5344 WUDFRd - ok
16:28:48.0211 5344 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:28:48.0211 5344 wudfsvc - ok
16:28:48.0227 5344 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:28:48.0227 5344 WwanSvc - ok
16:28:48.0242 5344 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
16:28:48.0258 5344 yukonw7 - ok
16:28:48.0258 5344 ================ Scan global ===============================
16:28:48.0274 5344 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:28:48.0289 5344 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
16:28:48.0305 5344 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
16:28:48.0320 5344 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:28:48.0336 5344 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:28:48.0336 5344 [Global] - ok
16:28:48.0336 5344 ================ Scan MBR ==================================
16:28:48.0336 5344 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:28:48.0679 5344 \Device\Harddisk0\DR0 - ok
16:28:48.0679 5344 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR1
16:28:53.0500 5344 \Device\Harddisk1\DR1 - ok
16:28:53.0500 5344 ================ Scan VBR ==================================
16:28:53.0500 5344 [ F523EC649DDF95B86053EB03708391B7 ] \Device\Harddisk0\DR0\Partition1
16:28:53.0500 5344 \Device\Harddisk0\DR0\Partition1 - ok
16:28:53.0515 5344 [ 36449E917E0A0C7D6CF726E7006DFB26 ] \Device\Harddisk0\DR0\Partition2
16:28:53.0515 5344 \Device\Harddisk0\DR0\Partition2 - ok
16:28:53.0515 5344 [ 8F060468AB983745BE1BF4D6A1EF20F3 ] \Device\Harddisk1\DR1\Partition1
16:28:53.0515 5344 \Device\Harddisk1\DR1\Partition1 - ok
16:28:53.0515 5344 ============================================================
16:28:53.0515 5344 Scan finished
16:28:53.0515 5344 ============================================================
16:28:53.0531 3660 Detected object count: 0
16:28:53.0531 3660 Actual detected object count: 0
16:29:11.0830 3728 Deinitialize success

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,497 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:33 PM

Posted 05 September 2012 - 09:45 AM

Sometimes PCProbe does that error

Ah, ok, that could account for it, I hadn't encountered those errors with ComboFix before, so that program may very well have interfered.

You may need to uninstall it completely, then re-install PCProbe if it is not functioning correctly

TDSSKiller is clear, so let's move on and get a diagnostic scan with a different tool

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#15 MGMP

MGMP
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:33 AM

Posted 05 September 2012 - 11:48 AM

OTL.txt

OTL logfile created on: 05/09/2012 16:50:39 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Marcello\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

5,99 Gb Total Physical Memory | 4,15 Gb Available Physical Memory | 69,32% Memory free
11,98 Gb Paging File | 9,81 Gb Available in Paging File | 81,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 1178,82 Gb Free Space | 84,37% Space Free | Partition Type: NTFS
Drive E: | 247,21 Mb Total Space | 245,79 Mb Free Space | 99,42% Space Free | Partition Type: FAT

Computer Name: PC-MARCELLO | User Name: Marcello | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/05 16:48:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Marcello\Desktop\OTL.exe
PRC - [2012/08/04 19:45:21 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/12/18 22:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 22:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/15 19:30:16 | 002,139,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2011/11/13 17:24:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programmi_miei\Microsoft_Office_2010\Office14\ONENOTEM.EXE
PRC - [2010/05/21 01:01:34 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 01:01:32 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/10/06 16:33:06 | 002,156,032 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe
PRC - [2009/10/02 19:42:22 | 006,154,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/10/02 17:26:44 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
PRC - [2009/09/30 05:07:44 | 000,623,104 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AASP\1.01.01\aaCenter.exe
PRC - [2009/09/25 22:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/19 16:44:56 | 000,603,136 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2009/08/19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/24 12:36:36 | 000,319,488 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe


========== Modules (No Company Name) ==========

MOD - [2010/09/07 10:32:40 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/09/30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/08/28 17:05:52 | 001,412,608 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\OcProfile.dll
MOD - [2009/08/27 19:41:46 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll
MOD - [2009/08/27 19:41:46 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
MOD - [2009/04/13 04:37:34 | 000,188,928 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.01.01\aasp.dll
MOD - [2009/04/07 09:25:44 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\ASUS\PC Probe II\vvc.dll
MOD - [2008/12/15 20:01:54 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\TVOCLIB.DLL
MOD - [2008/12/10 20:27:56 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV\pngio.dll
MOD - [2008/01/17 16:46:20 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\PC Probe II\cpuutil.dll
MOD - [2008/01/17 10:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.01.01\cpuutil.dll
MOD - [2005/06/22 17:39:56 | 000,204,851 | ---- | M] () -- C:\Program Files (x86)\ASUS\PC Probe II\PowerDll.dll
MOD - [2005/06/22 11:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.01.01\PowerDll.dll
MOD - [2004/12/14 10:08:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\PC Probe II\AsHtmlEngine.dll
MOD - [2004/02/05 17:44:58 | 000,373,760 | ---- | M] () -- C:\Program Files (x86)\ASUS\PC Probe II\soundplay.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/02/03 06:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/12/18 22:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/15 19:30:16 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2011/11/13 17:24:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/03 16:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programmi\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2010/08/13 09:12:02 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/08/19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/24 12:36:36 | 000,319,488 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\CONFIG\DVMExportService.exe -- (MDES)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/30 16:40:31 | 000,310,368 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/11/30 16:40:27 | 000,132,704 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2011/07/08 18:17:26 | 000,121,424 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec8.sys -- (TotRec8)
DRV:64bit: - [2011/07/08 18:17:18 | 000,183,376 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec7.sys -- (TotRec7)
DRV:64bit: - [2011/05/07 18:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/03 05:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/25 22:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 22:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/11/03 16:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programmi\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 00 B5 E5 54 4C CB 01 [binary data]
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\..\SearchScopes,DefaultScope = {3C48329B-7540-4571-9ABD-D8BBAAD24B12}
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\..\SearchScopes\{3C48329B-7540-4571-9ABD-D8BBAAD24B12}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\..\SearchScopes\{7EEC989B-3057-4D56-9E55-F6A85D15AE16}: "URL" = http://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\..\SearchScopes\{91DFE6B1-193C-48B0-A347-931A6D95D37E}: "URL" = http://it.wikipedia.org/w/index.php?title=Speciale:Ricerca&search={searchTerms}
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\..\SearchScopes\{AC18386E-B97B-46BC-83A3-8C766077927F}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\..\SearchScopes\{C99F70FB-341E-4B31-B93D-E824C35422BE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\..\SearchScopes\{EBAAD0ED-7A09-48FC-8C5F-C4EEC89A19E6}: "URL" = http://www.oxfordparavia.it/_{searchTerms}
IE - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PR7C4F~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PR7C4F~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/10 10:28:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/08/31 09:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/01/07 12:56:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/31 09:18:32 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/09/04 19:24:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmi\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi_miei\Microsoft_Office_2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Marcello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Marcello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2010.lnk = C:\Programmi_miei\Microsoft_Office_2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3593015668-1568723813-1041403708-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi_miei\Microsoft_Office_2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: I&nvia a OneNote - C:\Programmi_miei\Microsoft_Office_2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi_miei\Microsoft_Office_2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: I&nvia a OneNote - C:\Programmi_miei\Microsoft_Office_2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi_miei\Microsoft_Office_2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi_miei\Microsoft_Office_2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi_miei\Microsoft_Office_2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi_miei\Microsoft_Office_2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{084D25D8-9948-4DE0-8214-A161D1175555}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5906FA0-DF5F-47F4-8416-E6D05D169285}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/05 16:48:46 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Marcello\Desktop\OTL.exe
[2012/09/05 16:26:44 | 000,000,000 | ---D | C] -- C:\Users\Marcello\Desktop\tdsskiller
[2012/09/04 22:39:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/04 19:16:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/04 19:16:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/04 19:16:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/04 19:16:11 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/09/04 19:16:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/04 19:15:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/04 19:15:55 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/09/04 18:56:37 | 004,744,582 | R--- | C] (Swearware) -- C:\Users\Marcello\Desktop\ComboFix.exe
[2012/09/03 11:46:59 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/02 18:03:51 | 000,000,000 | ---D | C] -- C:\Users\Marcello\Desktop\rkill
[2012/09/01 20:04:20 | 000,000,000 | ---D | C] -- C:\Users\Marcello\AppData\Roaming\Malwarebytes
[2012/09/01 20:03:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/01 20:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/01 20:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/01 19:58:04 | 000,085,969 | ---- | C] (GMER) -- C:\Windows\SysWow64\drivers\gmer.sys
[2012/08/31 20:22:39 | 000,000,000 | ---D | C] -- C:\Dati_temporanei
[2012/08/31 09:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/05 16:50:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/05 16:48:57 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/09/05 16:48:46 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Marcello\Desktop\OTL.exe
[2012/09/05 16:26:27 | 002,193,184 | ---- | M] () -- C:\Users\Marcello\Desktop\tdsskiller.zip
[2012/09/05 15:41:46 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/05 10:10:46 | 000,015,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 10:10:46 | 000,015,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 10:09:42 | 093,707,027 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/09/05 10:08:34 | 003,966,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/05 10:08:34 | 000,698,512 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/09/05 10:08:34 | 000,694,412 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/09/05 10:08:34 | 000,693,436 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/09/05 10:08:34 | 000,643,818 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/09/05 10:08:34 | 000,615,990 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/05 10:08:34 | 000,137,044 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/09/05 10:08:34 | 000,130,122 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/09/05 10:08:34 | 000,129,522 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/09/05 10:08:34 | 000,127,738 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/09/05 10:08:34 | 000,106,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/05 10:03:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/05 10:03:32 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/04 22:50:18 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
[2012/09/04 19:24:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/04 18:56:58 | 004,744,582 | R--- | M] (Swearware) -- C:\Users\Marcello\Desktop\ComboFix.exe
[2012/09/04 12:57:17 | 000,001,137 | ---- | M] () -- C:\Users\Marcello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2010.lnk
[2012/09/02 12:23:55 | 000,000,250 | ---- | M] () -- C:\Windows\gmer.ini
[2012/09/01 19:58:04 | 000,884,736 | ---- | M] () -- C:\Windows\gmer.dll
[2012/09/01 19:58:04 | 000,085,969 | ---- | M] (GMER) -- C:\Windows\SysWow64\drivers\gmer.sys
[2012/09/01 19:58:04 | 000,000,080 | ---- | M] () -- C:\Windows\gmer_uninstall.cmd
[2012/09/01 11:41:00 | 000,000,978 | ---- | M] () -- C:\Users\Marcello\Desktop\Vecchio Desktop.lnk
[2012/08/31 19:24:20 | 000,007,623 | ---- | M] () -- C:\Users\Marcello\AppData\Local\Resmon.ResmonCfg
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/05 16:26:26 | 002,193,184 | ---- | C] () -- C:\Users\Marcello\Desktop\tdsskiller.zip
[2012/09/04 19:16:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/04 19:16:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/04 19:16:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/04 19:16:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/04 19:16:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/01 19:58:04 | 000,884,736 | ---- | C] () -- C:\Windows\gmer.dll
[2012/09/01 19:58:04 | 000,811,008 | ---- | C] () -- C:\Windows\gmer.exe
[2012/09/01 19:58:04 | 000,000,250 | ---- | C] () -- C:\Windows\gmer.ini
[2012/09/01 19:58:04 | 000,000,080 | ---- | C] () -- C:\Windows\gmer_uninstall.cmd
[2012/09/01 11:41:00 | 000,000,978 | ---- | C] () -- C:\Users\Marcello\Desktop\Vecchio Desktop.lnk
[2011/11/13 16:03:42 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/13 16:03:40 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/30 16:14:37 | 000,004,608 | ---- | C] () -- C:\Users\Marcello\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 19:26:21 | 000,007,623 | ---- | C] () -- C:\Users\Marcello\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2012/09/01 19:44:06 | 000,000,000 | ---D | M] -- C:\Users\Marcello\AppData\Roaming\#ISW.FS#
[2010/09/04 20:29:49 | 000,000,000 | ---D | M] -- C:\Users\Marcello\AppData\Roaming\Auslogics
[2011/12/01 15:39:40 | 000,000,000 | ---D | M] -- C:\Users\Marcello\AppData\Roaming\AVG2012
[2010/09/08 17:12:05 | 000,000,000 | ---D | M] -- C:\Users\Marcello\AppData\Roaming\AVG9
[2012/01/07 12:56:47 | 000,000,000 | ---D | M] -- C:\Users\Marcello\AppData\Roaming\CheckPoint
[2010/10/04 16:56:20 | 000,000,000 | ---D | M] -- C:\Users\Marcello\AppData\Roaming\Lite
[2010/09/07 10:41:45 | 000,000,000 | ---D | M] -- C:\Users\Marcello\AppData\Roaming\OpenOffice.org
[2011/11/13 16:03:27 | 000,000,000 | ---D | M] -- C:\Users\Marcello\AppData\Roaming\PunkBuster
[2011/11/01 20:38:04 | 000,000,000 | ---D | M] -- C:\Users\Marcello\AppData\Roaming\TotalRecorder
[2011/11/13 17:24:18 | 000,000,000 | ---D | M] -- C:\Users\Marcello\AppData\Roaming\Ubisoft
[2012/08/31 13:51:44 | 000,000,000 | ---D | M] -- C:\Users\Prova01\AppData\Roaming\AVG2012
[2012/08/31 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Prova01\AppData\Roaming\CheckPoint
[2012/09/04 19:05:51 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2008/04/29 17:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programmi_miei\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2008/07/01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programmi_miei\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2008/07/01 15:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST31500341AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: SMI USB DISK USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0,00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1 397,00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Win95 w/Extended Int 13
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0,00GB
Starting Offset: 32256
Hidden sectors: 0


< End of report >


extras.txt

OTL Extras logfile created on: 05/09/2012 16:50:39 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Marcello\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

5,99 Gb Total Physical Memory | 4,15 Gb Available Physical Memory | 69,32% Memory free
11,98 Gb Paging File | 9,81 Gb Available in Paging File | 81,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 1178,82 Gb Free Space | 84,37% Space Free | Partition Type: NTFS
Drive E: | 247,21 Mb Total Space | 245,79 Mb Free Space | 99,42% Space Free | Partition Type: FAT

Computer Name: PC-MARCELLO | User Name: Marcello | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Programmi_miei\Microsoft_Office_2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programmi_miei\Microsoft_Office_2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Programmi_miei\Microsoft_Office_2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programmi_miei\Microsoft_Office_2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B518FB-C765-43C1-90BE-2C1031A4349C}" = lport=139 | protocol=6 | dir=in | app=system |
"{181DDB82-9B55-4591-9547-DBB63331A1B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{368DFA1C-1CAD-4C43-878C-C27564B12A81}" = lport=6004 | protocol=17 | dir=in | app=c:\programmi_miei\microsoft_office_2010\office14\outlook.exe |
"{509ED15B-25B7-4F5E-8ADB-5CC5179A4778}" = lport=445 | protocol=6 | dir=in | app=system |
"{548A7140-CF20-455F-A851-2312EA1B0D78}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8FB07D30-125B-4C1F-9DAD-163407743E45}" = rport=137 | protocol=17 | dir=out | app=system |
"{9C5E2E44-5134-47A5-A38C-CEEB352FFF5B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A572F3D3-781B-4E76-9259-7E2AF90842DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{A78AA8B5-E19F-4901-8F8E-97C12E052D8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC49D36C-19B1-4C14-AB78-8C2501A743F3}" = rport=138 | protocol=17 | dir=out | app=system |
"{F709D720-551D-4793-BAA9-99B5FA7CE07C}" = rport=139 | protocol=6 | dir=out | app=system |
"{FDFD7D1E-A001-433B-8386-CED5B157BFAD}" = rport=445 | protocol=6 | dir=out | app=system |
"{FEDD91DC-1436-4581-88B9-30E40A69093E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02666C9C-2480-4B5F-A205-D54178B7DF07}" = protocol=17 | dir=in | app=c:\program files (x86)\giochi\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{0748E407-65D6-4264-B0EE-6CBD3AC2602A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia le sabbie dimenticate\prince of persia.exe |
"{08592E5B-2A14-4073-BFF5-75584A8E0E29}" = protocol=6 | dir=in | app=c:\program files (x86)\giochi\ubisoft\prince of persia\princeofpersia_launcher.exe |
"{143C730A-0392-4381-AD06-D28E6E9F0052}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1496C2D9-7196-44FA-8967-863F4556CED1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{166739DE-8A23-4656-809F-3E8C10AA6ED9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{1B0EDB40-0A49-4B47-A57E-187864D62571}" = protocol=17 | dir=in | app=c:\programmi_miei\microsoft_office_2010\office14\onenote.exe |
"{1B27EFB3-4F82-4913-8392-684496DEA1E8}" = protocol=6 | dir=in | app=c:\program files (x86)\giochi\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{2065D296-6BEA-48E9-8534-4CF7539D152A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{22158659-2EEA-44C3-BB59-BD7BE669CABC}" = protocol=6 | dir=in | app=c:\program files (x86)\giochi\electronic arts\crytek\crysis\bin32\crysis.exe |
"{28AF1D90-BDA6-417B-BE61-B485A6869B35}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{2DD5F6FC-034C-4304-9874-DE50880C844D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{315C9260-C51D-4B3E-9A00-732CCBA6D7A3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{36C9D47F-A415-4F80-A910-C4EE00415E04}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{38EBBBF1-D6B6-47F9-AA9F-B1C1DE9E9BDA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{38F0358B-0D06-4BFB-BE3F-200F209A604F}" = protocol=6 | dir=in | app=c:\program files (x86)\giochi\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{39ABABF6-2352-4452-AFE7-FB2BF330BC84}" = protocol=17 | dir=in | app=c:\program files (x86)\giochi\electronic arts\crytek\crysis\bin32\crysis.exe |
"{3B0F503E-83AE-4809-B025-E7E12C178039}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{3BC2925A-3596-43DD-BCEB-819E37A391B5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia le sabbie dimenticate\gamesettings.exe |
"{3BDA2B42-0284-430F-BD95-79D49CEDC52D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{3E1B89B2-9F42-4D33-BFC8-B4BC713A5DE0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{4335075F-EE1C-4975-A51B-1E9F5CEEB52A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia le sabbie dimenticate\uplaybrowser.exe |
"{46C3F481-C0D4-45AF-B2AA-7BC045DDB1BE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{48D88AFF-A42F-44DF-A01D-A0FF578C4075}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{490E43B1-E4F8-4C7A-AF16-B667D52EEF62}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{4CD97C6C-CBFF-4240-9D4A-6C7708DE09E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe |
"{51EBD1C2-CFBE-4F08-9767-C2E5D868EBD8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia le sabbie dimenticate\uplaybrowser.exe |
"{5278A807-2B3F-460B-B302-9A86ED4403E9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{557D1EC6-969D-442E-AD57-57CEE9F55070}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{58993D14-E957-40B7-A96E-0D4FEB48CD09}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{5CA87DA1-22CD-4BE7-8F31-C1E6C262DA1C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{5FA6B086-84C6-403E-9577-B79C7E7155AC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{61BCB739-7E74-40C2-B8B4-BB1FB3C5EF15}" = protocol=6 | dir=in | app=c:\program files (x86)\giochi\electronic arts\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{66444DEF-1E95-4413-8598-6785729A4F19}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{671AA183-7A93-40FC-873A-9EE49EEB27EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{6CB64882-C320-4E4A-BDEB-A3C9D2904DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\giochi\ubisoft\prince of persia\prince of persia.exe |
"{795822F5-2712-455B-BEFB-2D79B81C049D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7CE882B9-1B8A-4E07-B292-3995C1767305}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe |
"{7DCBB547-45DB-49BD-B832-CB55791C9D9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7FD918B7-5F5A-43EE-ABBB-A3CB82B372A4}" = protocol=6 | dir=in | app=c:\program files (x86)\giochi\electronic arts\crytek\crysis\bin64\crysis.exe |
"{811306DA-9F44-4DCB-B3DD-98CC34D6DDDF}" = protocol=17 | dir=in | app=c:\program files (x86)\giochi\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{81D170F0-896D-425B-A0D0-2B10CCE70B39}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{84F7659E-E1F8-44CC-B3F2-E44BF3529DDB}" = protocol=6 | dir=in | app=c:\programmi_miei\microsoft_office_2010\office14\onenote.exe |
"{8783448F-E91C-4242-AA95-6264649D694B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{88B4A56C-CA38-4AE6-8184-3588A0E01F8E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{89ECA8A2-231B-491F-A982-2A259B700069}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |
"{8C18BC0A-AB15-4F34-87CF-E2BEC1E690F1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia le sabbie dimenticate\gu.exe |
"{9470E1CB-E778-47E2-9FA4-16E701F9802B}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{98D6B356-5EB1-463F-A333-51EEA9F03227}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia le sabbie dimenticate\gu.exe |
"{99724351-B1D9-4E76-ADD8-FFF9AB460B66}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{9CF69E0F-7A21-4B9D-9262-4222FC713205}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{A09A390C-C595-4DA7-8957-DE3D1CDC1783}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A1871B6F-41B1-4C89-A921-994601E69348}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia le sabbie dimenticate\prince of persia.exe |
"{A5DA2F17-81A0-4457-ADA3-E200DC92B5BB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{A68B1C8D-28B1-426E-8766-C08073E52868}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{AA0BE1F3-24D4-47AB-AAAC-149CDAEBCF63}" = protocol=17 | dir=in | app=c:\program files (x86)\giochi\electronic arts\crytek\crysis\bin64\crysis.exe |
"{B1293278-8F0D-456A-B632-9E1D2AD2FDD3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{B1EFFBE4-7623-4AFB-AE68-7A8A49EB435F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{B3C717C3-DB7D-4E3E-A809-744192548950}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B521F35F-6B8F-446E-8EF4-92BA18952363}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{BC27473F-1560-47DF-9DB9-6ED969178A30}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{C5414F04-1848-4F9F-9ABA-C521F80D6D89}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{C78A82D0-801D-432A-BB75-8409F5A366A6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{CC45A90E-60CF-4A08-BF55-06D1931D40B1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{DB267C5B-012E-46E3-88C1-A7D3D8C5F6D5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{DC63062C-2C8B-4E1B-AB08-5F8A98DC4CB4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{DD1B8F16-C229-40E0-9FE4-1E056D6F194D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia le sabbie dimenticate\gamesettings.exe |
"{E0C866DF-E59C-4BF3-A0B0-9664227A3388}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{E2B034F0-91E6-422C-9E60-465995F12FC4}" = protocol=17 | dir=in | app=c:\program files (x86)\giochi\ubisoft\prince of persia\princeofpersia_launcher.exe |
"{E5C2C63C-B626-4831-B8DB-7AF557D2A429}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{E9878D97-1052-455E-9D1C-3434BE5CE2C4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E9E2318C-D755-4285-B65A-BBE3ECD347C0}" = protocol=17 | dir=in | app=c:\program files (x86)\giochi\electronic arts\medal of honor airborne\unrealengine3\binaries\moha.exe |
"{EA7D7204-A703-4D58-9FCB-C03A5D69D09A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{EBFEEC1F-F5FC-48F0-8DC7-48131F703437}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{EE3DD14F-2771-489A-9959-4F2AAA571E86}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{F7A6F580-7CEE-4EB3-A040-B3D64148E4D5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F8F3A234-35F9-4E99-8B59-3EA07D958027}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
"{F95AA0FC-27E4-4259-9F5B-54F8BE80EEC4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F9933111-BF34-4F75-91A5-AB55A0041DEE}" = protocol=17 | dir=in | app=c:\program files (x86)\giochi\ubisoft\prince of persia\prince of persia.exe |
"{F9C389F9-ED18-4C28-A71D-DA4D282E9661}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2010
"{956C3A74-CC73-4951-6FB7-1E484B0ABF85}" = ccc-utility64
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{C9378F0F-B547-5506-165D-98F235F11514}" = ATI AVIVO64 Codecs
"{ED49426D-A15D-D7E0-DF56-3AC844CEDF8E}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"WinRAR archiver" = WinRAR 4.10 (64-bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{02EE0368-37D0-B8D6-CD94-6224C33011BC}" = CCC Help Chinese Standard
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1F1C068F-4965-4E84-4868-BADCA7E480CE}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{217254AD-7DC2-8E55-B0AA-DF40293E2568}" = Catalyst Control Center Graphics Full Existing
"{2319A25C-57C8-148A-B89E-963B691F80AB}" = CCC Help Hungarian
"{245F5D2D-6F34-4970-B8D7-D6F3C3C07575}" = ZoneAlarm Firewall
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AF93414-6137-78ED-FE12-F7B9AF2E8093}" = CCC Help Dutch
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools
"{32C50807-7764-F554-3FFB-E1EFA38A17A4}" = CCC Help Norwegian
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3B8CED8E-3210-499C-CF55-839C77DDA5A8}" = CCC Help Japanese
"{462E2065-E54B-4CFD-87A2-BAE82EEFACD1}" = Catalyst Control Center Core Implementation
"{46D1B803-63C8-B1F7-F803-2CABFF3BADD3}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BBDC0E5-6457-CDB9-F1C4-C79321D448AA}" = CCC Help Portuguese
"{54A4CA37-EBF2-0512-C4C7-E432FEDD148B}" = CCC Help Swedish
"{557EDA52-5803-C91F-A0A5-635317063D8D}" = Catalyst Control Center Graphics Full New
"{5656D5EA-34E3-48FD-CA55-601925BF13AF}" = CCC Help Russian
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault™
"{5A9A2B89-58BC-DFB9-CF7F-1127A26A6D1D}" = CCC Help Spanish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65A7D970-7915-4311-E3CC-08745BDF6A66}" = CCC Help English
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{691BD252-796D-4AE3-924C-C48A1CD4BEDF}" = OpenOffice.org 3.2
"{6AC06152-AD39-D387-6D3B-2A4D0556F207}" = Catalyst Control Center Graphics Previews Common
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{7222FE15-CEDA-9142-A488-CB4AA559F7F9}" = Catalyst Control Center Graphics Previews Vista
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{771A2007-443E-9A62-06A3-6ADB6BEDA9C4}" = CCC Help Czech
"{78D8028B-D2BA-A3B9-2EA8-D30F25E3F87F}" = ccc-core-static
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7E06305E-6E2C-EBFA-69E9-782891EF06EF}" = Catalyst Control Center Localization All
"{8055552F-62EB-CA8A-ECA6-E12422199FFA}" = CCC Help Chinese Traditional
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia Le Sabbie del Tempo
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8EFB7927-48AD-4E6D-91B7-6B2BD6C3F380}" = Acronis Disk Director 11 Home
"{90140000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010
"{90140000-0015-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010
"{90140000-0016-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010
"{90140000-0018-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010
"{90140000-0019-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010
"{90140000-001A-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010
"{90140000-001B-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0410-1000-0000000FF1CE}_Office14.SingleImage_{6664EABC-4985-4C45-925C-6E23AB142266}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010
"{90140000-002C-0410-0000-0000000FF1CE}_Office14.SingleImage_{711BC808-AC64-48E2-82B2-6B53BB802142}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010
"{90140000-006E-0410-0000-0000000FF1CE}_Office14.SingleImage_{C9172EE7-BDCA-4E57-9217-4C589947298B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010
"{90140000-00A1-0410-0000-0000000FF1CE}_Office14.SingleImage_{269F607C-E754-459B-AD70-F15D73EB8D10}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{934DE9F7-7498-0FC4-FC6A-166097F218F4}" = CCC Help Italian
"{96ACE4A4-C769-47D2-9FCE-4F46754857E7}" = ZoneAlarm Security
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A5ACDF54-6963-B634-2444-6A694B6CF7A3}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-A94000000001}" = Adobe Reader 9.4.6 - Italiano
"{ADFE8E88-7288-677A-114B-098547ED85CE}" = CCC Help Thai
"{B7E797F4-2642-BEF9-055B-13B930C9D665}" = CCC Help German
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C12A2A3D-0D08-8262-E189-E831A8AC3D37}" = Catalyst Control Center InstallProxy
"{C139A440-9691-AB3C-8AFB-F8FCAC960014}" = CCC Help Polish
"{C3A5A0C9-5DBE-7A06-1285-D00F21E19FCF}" = Catalyst Control Center Graphics Light
"{C91B7063-6966-A498-7FBA-BCF0A6EBD0B1}" = CCC Help Korean
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CC53FB29-E042-1744-2D35-DE2A100B6210}" = CCC Help Greek
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia® Le Sabbie Dimenticate
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Spirito Guerriero
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8266E63-44B0-5CD2-B29E-DA522ABFCFD1}" = CCC Help Turkish
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE2188AD-BDFA-AC75-F326-86043F06B48F}" = Catalyst Control Center HydraVision Full
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Digital Editions" = Adobe Digital Editions
"GeoGebra" = GeoGebra
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"PunkBusterSvc" = PunkBuster Services
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"TotalRecorder" = Total Recorder 8.3 VideoPro Edition
"ZoneAlarm Pro" = ZoneAlarm Pro

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3593015668-1568723813-1041403708-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 30/11/2011 03:06:42 | Computer Name = PC-Marcello | Source = Windows Search Service | ID = 3028
Description =

Error - 30/11/2011 03:06:42 | Computer Name = PC-Marcello | Source = Windows Search Service | ID = 3058
Description =

Error - 30/11/2011 03:06:42 | Computer Name = PC-Marcello | Source = Windows Search Service | ID = 7010
Description =

Error - 30/11/2011 03:06:42 | Computer Name = PC-Marcello | Source = Windows Search Service | ID = 7040
Description =

Error - 30/11/2011 03:06:42 | Computer Name = PC-Marcello | Source = Windows Search Service | ID = 7042
Description =

Error - 30/11/2011 10:35:10 | Computer Name = PC-Marcello | Source = SideBySide | ID = 16842785
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Impossibile
trovare l'assembly dipendente Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Utilizzare
sxstrace.exe per ottenere una diagnosi dettagliata.

Error - 30/11/2011 10:35:19 | Computer Name = PC-Marcello | Source = SideBySide | ID = 16842785
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Impossibile
trovare l'assembly dipendente Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Utilizzare
sxstrace.exe per ottenere una diagnosi dettagliata.

Error - 30/11/2011 10:35:21 | Computer Name = PC-Marcello | Source = SideBySide | ID = 16842785
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe".
Impossibile
trovare l'assembly dipendente Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Utilizzare
sxstrace.exe per ottenere una diagnosi dettagliata.

Error - 30/11/2011 10:35:24 | Computer Name = PC-Marcello | Source = SideBySide | ID = 16842785
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Impossibile
trovare l'assembly dipendente Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762".
Utilizzare
sxstrace.exe per ottenere una diagnosi dettagliata.

Error - 11/12/2011 04:35:00 | Computer Name = PC-Marcello | Source = Application Hang | ID = 1002
Description = Il programma iexplore.exe versione 8.0.7600.16869 non interagisce
più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Centro operativo nel Pannello
di controllo. ID processo: 1230 Ora di avvio: 01ccb7d92f51690d Ora di chiusura: 0 Percorso
applicazione: C:\Program Files (x86)\Internet Explorer\iexplore.exe ID segnalazione:


[ System Events ]
Error - 04/09/2012 12:57:00 | Computer Name = PC-Marcello | Source = Disk | ID = 262155
Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR2.

Error - 04/09/2012 12:57:01 | Computer Name = PC-Marcello | Source = Disk | ID = 262155
Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR2.

Error - 04/09/2012 12:57:01 | Computer Name = PC-Marcello | Source = Disk | ID = 262155
Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR2.

Error - 04/09/2012 13:21:26 | Computer Name = PC-Marcello | Source = Service Control Manager | ID = 7030
Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema
non è configurato per consentire servizi interattivi. Questo servizio potrà non
funzionare correttamente.

Error - 04/09/2012 13:22:41 | Computer Name = PC-Marcello | Source = Application Popup | ID = 1060
Description = Caricamento del driver \??\C:\ComboFix\catchme.sys bloccato a causa
di incompatibilità con il sistema in uso. Rivolgersi al fornitore del software
per richiedere una versione compatibile del driver.

Error - 04/09/2012 13:24:32 | Computer Name = PC-Marcello | Source = Service Control Manager | ID = 7030
Description = Il servizio PEVSystemStart è contrassegnato come interattivo. Il sistema
non è configurato per consentire servizi interattivi. Questo servizio potrà non
funzionare correttamente.

Error - 04/09/2012 13:25:41 | Computer Name = PC-Marcello | Source = Service Control Manager | ID = 7023
Description = Servizio Windows Defender terminato con l'errore: %%126

Error - 04/09/2012 16:39:17 | Computer Name = PC-Marcello | Source = DCOM | ID = 10010
Description =

Error - 04/09/2012 16:40:22 | Computer Name = PC-Marcello | Source = Service Control Manager | ID = 7023
Description = Servizio Windows Defender terminato con l'errore: %%126

Error - 05/09/2012 04:22:35 | Computer Name = PC-Marcello | Source = BROWSER | ID = 8032
Description =


< End of report >


attention: there was no "show results" button; the log opened automatically at the end of the scan.
MBAM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.05.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Marcello :: PC-MARCELLO [administrator]

05/09/2012 17:04:52
mbam-log-2012-09-05 (17-04-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 217600
Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET online scanner did not find any threats.
There was no "LIST OF THREATS FOUND" button.

Edited by MGMP, 05 September 2012 - 01:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users