Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Log


  • This topic is locked This topic is locked
45 replies to this topic

#1 VashTheStampede

VashTheStampede

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 02 April 2012 - 07:49 PM

Hello everyone, first I would like to thank you for the help they will you give me and sorry if my English is not perfect... :)

I work with Windows 7 and I used ComboFix to scan my system after trying the above I have Avira antivirus and spybot, without definitive results.

The problem I had is that when I connect external devices like USB sticks or external HD to my pc, they fell off continuously, then reconnect to themselves, and so on..

I followed several guides that explain how to delete autorun files and recycle, possible causes of what happened to me, I also used PRT to scan the system, but found nothing. Only after using Combofix again everything seems to function properly.

So I would like backup my PC, because I have important work data, I wanted to be sure it was alright, for this reason I wanted to ask you if you could see the log file to give me some reassurance :)

I also wanted to ask if I have to take action on the usb in my possession, I scanned with Avira, I have to do other actions?

If you need more info ask me.

I report the log file:

ComboFix 12-03-30.06 - Utente 30/03/2012 20:58:12.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.16364.14430 [GMT 2:00]
Eseguito da: c:\users\Utente\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Utente\AppData\Local\Microsoft\Windows\Temporary Internet Files\{69A6F641-05F2-4F13-963C-4C39CBE3A3B1}.xps
c:\users\Utente\AppData\Local\Microsoft\Windows\Temporary Internet Files\{80570798-368C-4C49-83A2-77E0BA58749D}.xps
c:\users\Utente\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CFE1D55A-1E36-430C-AAA8-CD17D538ED5C}.xps
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-28 al 2012-03-30 )))))))))))))))))))))))))))))))))))
.
.
2012-03-30 19:00 . 2012-03-30 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 18:18 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6F60AC3-54A7-4442-BDA4-976AEC2A4021}\mpengine.dll
2012-03-14 21:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 21:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 21:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 21:02 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 21:02 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 21:02 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 21:02 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 21:02 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 21:02 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 21:02 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 21:02 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 21:02 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 21:02 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-08 18:38 . 2012-03-08 18:38 -------- d-----w- c:\program files\iTunes
2012-03-08 18:38 . 2012-03-08 18:38 -------- d-----w- c:\program files\iPod
2012-03-07 21:16 . 2012-03-07 21:16 -------- d-----w- c:\users\Utente\AppData\Local\ActiveState
2012-03-01 22:31 . 2012-03-01 22:31 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 22:30 . 2011-04-27 20:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:18 . 2011-03-31 14:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-14 20:27 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 20:27 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 13:10 . 2012-01-03 13:10 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2012-01-03 13:10 . 2012-01-03 13:10 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programmi installati\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Facebook Update"="c:\users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-23 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"avgnt"="e:\programmi installati\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Acrobat Assistant 8.0"="e:\programmi installati\Adobe CS5.5\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="e:\programmi installati\Adobe CS5.5\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;e:\programmi installati\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 SBSDWSCService;SBSD Security Center Service;e:\programmi installati\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000Core.job
- c:\users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-23 20:00]
.
2012-03-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000UA.job
- c:\users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-23 20:00]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000Core.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 23:02]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000UA.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 23:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel
IE: I&nvia a OneNote
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\qw6dy4me.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-V-Ray for 3dsmax 2011 for x86 - c:\program files (x86)\Chaos Group\V-Ray\3dsmax 2011 for x86\uninstall\wininstaller.exe-uninstall=c:\program files (x86)\Chaos Group\V-Ray\3dsmax 2011 for x86\uninstall\install.log
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-03-30 21:01:44
ComboFix-quarantined-files.txt 2012-03-30 19:01
.
Pre-Run: 50.178.215.936 byte disponibili
Post-Run: 50.319.753.216 byte disponibili
.
- - End Of File - - F3E4A493FE7759937200FEA698FCE0B3

I thank you again for your help.

I look forward to your reply.

Hello

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 08 April 2012 - 07:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448619 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 12 April 2012 - 07:22 PM

Hi,

as I wrote in my first message, I would need help to analyze the log to find out if my pc is alright after the problems I had described in the first message, which seems to have been finally resolved with the use of ComboFix. So I would like my PC backup, because i have important work on, I wanted to be sure it was alright, for this reason I wanted to ask you if you could see the log file to give me some reassurance :)

I performed the steps you wrote in the message sent from HelpBot, I have a 64-bit original version of Windows Professional, so I haven't creating a GMER log.

I report the DDS log file:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Utente at 2:05:12 on 2012-04-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.16364.12961 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
E:\Programmi Installati\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
E:\Programmi Installati\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
E:\Programmi Installati\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Programmi Installati\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
E:\Programmi Installati\Adobe CS5.5\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Programmi Installati\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Programmi Installati\mozilla\firefox.exe
E:\Programmi Installati\mozilla\plugin-container.exe
E:\Programmi Installati\mozilla\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] E:\Programmi Installati\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Facebook Update] "C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avgnt] "E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Acrobat Assistant 8.0] "E:\Programmi Installati\Adobe CS5.5\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "E:\Programmi Installati\Adobe CS5.5\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [iTunesHelper] "E:\Programmi Installati\iTunesHelper.exe"
mRun: [<NO NAME>]
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&sporta in Microsoft Excel
IE: I&nvia a OneNote
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{BE7CBCF5-9C27-46C6-92E4-F59BD329B0AB} : DhcpNameServer = 62.101.93.101 83.103.25.250
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
{0347C33E-8762-4905-BF09-768834316C61}
{074C1DC5-9320-4A9A-947D-C042949C6216}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [avgnt] "E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Acrobat Assistant 8.0] "E:\Programmi Installati\Adobe CS5.5\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "E:\Programmi Installati\Adobe CS5.5\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [iTunesHelper] "E:\Programmi Installati\iTunesHelper.exe"
mRun-x64: [(Predefinito)]
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\qw6dy4me.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Users\Utente\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Utente\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Programmi Installati\Adobe CS5.5\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: E:\Programmi Installati\Mozilla Plugins\npitunes.dll
FF - plugin: E:\Programmi Installati\Plugins\npdeployJava1.dll
FF - plugin: E:\Programmi Installati\Plugins\nppdf32.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin2.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin3.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin4.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin5.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin6.dll
FF - plugin: E:\Programmi Installati\Plugins\npqtplugin7.dll
FF - plugin: E:\Programmi Installati\Reader\AIR\nppdf32.dll
FF - plugin: E:\Programmi Installati\Reader\browser\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirScheduler;Avira AntiVir Scheduler;E:\Programmi Installati\Avira\AntiVir Desktop\sched.exe [2011-4-11 136360]
R2 AntiVirService;Avira AntiVir Guard;E:\Programmi Installati\Avira\AntiVir Desktop\avguard.exe [2011-4-11 269480]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-5-30 8192]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 SBSDWSCService;SBSD Security Center Service;E:\Programmi Installati\Spybot - Search & Destroy\SDWinSec.exe [2011-4-11 1153368]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Programmi Installati\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 StorSvc;Servizio di archiviazione;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-12 01:00:55 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 01:00:55 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 01:00:54 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 01:00:19 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 01:00:19 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 01:00:19 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 01:00:18 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 01:00:18 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 01:00:18 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 01:00:18 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 20:26:34 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AFE8C397-F36F-4822-BCD7-E066BE64897A}\mpengine.dll
2012-04-11 19:58:44 -------- d-----w- C:\Program Files\iTunes
2012-04-11 19:58:44 -------- d-----w- C:\Program Files\iPod
2012-03-30 19:07:11 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-30 18:57:43 98816 ----a-w- C:\Windows\sed.exe
2012-03-30 18:57:43 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-30 18:57:43 256000 ----a-w- C:\Windows\PEV.exe
2012-03-30 18:57:43 208896 ----a-w- C:\Windows\MBR.exe
2012-03-28 18:23:53 -------- d-----w- C:\Users\Utente\AppData\Local\{5463295E-56BF-4A37-B1FB-02197F9304F8}
2012-03-28 18:23:42 -------- d-----w- C:\Users\Utente\AppData\Local\{C94B3BF3-9AA9-403F-BD80-A82151264865}
2012-03-27 21:06:33 -------- d-----w- C:\Users\Utente\AppData\Local\{420305EF-860A-4270-A255-4A7E964F018D}
2012-03-27 21:06:22 -------- d-----w- C:\Users\Utente\AppData\Local\{8AEDC960-A8A0-478B-B806-64EDB7949170}
2012-03-26 20:40:35 -------- d-----w- C:\Users\Utente\AppData\Local\{BE5DD001-D57A-486A-A28B-B2B8A950D6B6}
2012-03-26 20:40:24 -------- d-----w- C:\Users\Utente\AppData\Local\{80A47CAB-AF65-4E4E-8045-755E7FF408CA}
2012-03-25 16:27:22 -------- d-----w- C:\Users\Utente\AppData\Local\{1213BE87-F727-4163-AF76-A90733C11F16}
2012-03-25 16:27:01 -------- d-----w- C:\Users\Utente\AppData\Local\{DA5E0BD7-0B09-46E8-A74D-89932A654ED5}
2012-03-24 17:19:00 -------- d-----w- C:\Users\Utente\AppData\Local\{5F54C97C-67E5-43E7-ABEE-800C18EBF713}
2012-03-24 17:18:49 -------- d-----w- C:\Users\Utente\AppData\Local\{71A29539-37E0-4DC0-B418-BCE4456155BB}
2012-03-23 18:53:07 -------- d-----w- C:\Users\Utente\AppData\Local\{43FCF98A-1521-4ECF-93F5-9114F1A8811B}
2012-03-23 18:52:56 -------- d-----w- C:\Users\Utente\AppData\Local\{6054D09A-1016-48D2-B254-FE81C9C7E44C}
2012-03-22 20:07:07 -------- d-----w- C:\Users\Utente\AppData\Local\{96C12416-A1F4-43C1-8281-DDC60B2D12E4}
2012-03-22 20:06:55 -------- d-----w- C:\Users\Utente\AppData\Local\{55DDE327-5519-413C-B3A1-0462734D1F1B}
2012-03-21 21:27:17 -------- d-----w- C:\Users\Utente\AppData\Local\{D202AFA2-0995-4554-8ABE-56B21948E46B}
2012-03-21 21:27:06 -------- d-----w- C:\Users\Utente\AppData\Local\{7164FCF7-F782-4C13-B565-A5953FB114C4}
2012-03-20 18:36:44 -------- d-----w- C:\Users\Utente\AppData\Local\{554EDC2C-8C91-48F7-87B8-548BC939B8B5}
2012-03-20 18:36:33 -------- d-----w- C:\Users\Utente\AppData\Local\{3F9D28C2-F707-4158-8704-0D57E4D0304C}
2012-03-19 21:37:00 -------- d-----w- C:\Users\Utente\AppData\Local\{3BC7667B-A0B1-44CA-9D87-1109640D9846}
2012-03-19 21:36:48 -------- d-----w- C:\Users\Utente\AppData\Local\{FD77B56F-5C4B-4FA5-9199-8CB7F07110DD}
2012-03-19 03:03:01 -------- d-----w- C:\Users\Utente\AppData\Local\{8880C9BE-20BD-4B00-945B-28EC6BDF677A}
2012-03-18 15:02:27 -------- d-----w- C:\Users\Utente\AppData\Local\{FB290733-8796-488D-A1C3-52B25F32CCE1}
2012-03-18 15:02:05 -------- d-----w- C:\Users\Utente\AppData\Local\{085E3092-967A-410A-8811-DB11599DD456}
2012-03-17 15:27:00 -------- d-----w- C:\Users\Utente\AppData\Local\{48E1D070-2CF8-4652-8E1D-4A7A5CD0DA0E}
2012-03-17 15:26:49 -------- d-----w- C:\Users\Utente\AppData\Local\{13F84348-8746-4136-B479-21ACF06CC1C9}
2012-03-16 20:51:10 -------- d-----w- C:\Users\Utente\AppData\Local\{5D864270-E616-4F9A-930C-BEBE07300D62}
2012-03-16 08:50:32 -------- d-----w- C:\Users\Utente\AppData\Local\{67B5A4E2-B203-4ABF-8ABF-DC13E870964E}
2012-03-15 20:49:55 -------- d-----w- C:\Users\Utente\AppData\Local\{6BF81FA7-DDC3-4BDC-B0C6-E90EB912A427}
2012-03-15 20:49:44 -------- d-----w- C:\Users\Utente\AppData\Local\{BF3A2BF9-6B1E-4DD6-91A2-AEDC8B8259CB}
2012-03-14 21:02:21 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 21:02:21 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 21:02:21 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 21:02:12 -------- d-----w- C:\Users\Utente\AppData\Local\{9708A1B7-0088-47E2-AF68-FACA03C731DC}
2012-03-14 21:02:03 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 21:02:03 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 21:02:03 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 21:02:02 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 21:02:02 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 21:02:02 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 21:02:02 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 21:02:00 -------- d-----w- C:\Users\Utente\AppData\Local\{704900A6-B977-4BA2-9F08-F1570B083B1F}
.
==================== Find3M ====================
.
2012-03-01 22:30:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 2:05:24,98 ===============

I thank you again for your help.

I look forward to your reply.

Hello

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 12 April 2012 - 10:43 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 14 April 2012 - 11:57 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 15 April 2012 - 05:33 PM

Hello, thank you for having responded to me and I apologize for the delay in responding. I've done what I've said, I scanned the pc with the two tools and I write the log files:

tdsskiller:

00:22:43.0278 4676 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
00:22:43.0858 4676 ============================================================
00:22:43.0858 4676 Current date / time: 2012/04/16 00:22:43.0858
00:22:43.0858 4676 SystemInfo:
00:22:43.0858 4676
00:22:43.0858 4676 OS Version: 6.1.7601 ServicePack: 1.0
00:22:43.0858 4676 Product type: Workstation
00:22:43.0858 4676 ComputerName: UTENTE-PC
00:22:43.0858 4676 UserName: Utente
00:22:43.0858 4676 Windows directory: C:\Windows
00:22:43.0858 4676 System windows directory: C:\Windows
00:22:43.0858 4676 Running under WOW64
00:22:43.0858 4676 Processor architecture: Intel x64
00:22:43.0858 4676 Number of processors: 8
00:22:43.0858 4676 Page size: 0x1000
00:22:43.0858 4676 Boot type: Normal boot
00:22:43.0858 4676 ============================================================
00:22:44.0065 4676 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:22:44.0065 4676 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:22:44.0069 4676 \Device\Harddisk0\DR0:
00:22:44.0069 4676 MBR used
00:22:44.0069 4676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
00:22:44.0069 4676 \Device\Harddisk1\DR1:
00:22:44.0069 4676 MBR used
00:22:44.0069 4676 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:22:44.0069 4676 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
00:22:44.0088 4676 Initialize success
00:22:44.0088 4676 ============================================================
00:22:45.0835 5604 ============================================================
00:22:45.0835 5604 Scan started
00:22:45.0835 5604 Mode: Manual;
00:22:45.0835 5604 ============================================================
00:22:46.0261 5604 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:22:46.0268 5604 1394ohci - ok
00:22:46.0279 5604 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:22:46.0289 5604 ACPI - ok
00:22:46.0296 5604 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:22:46.0298 5604 AcpiPmi - ok
00:22:46.0304 5604 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:22:46.0308 5604 AdobeARMservice - ok
00:22:46.0320 5604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:22:46.0329 5604 adp94xx - ok
00:22:46.0339 5604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:22:46.0346 5604 adpahci - ok
00:22:46.0355 5604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:22:46.0360 5604 adpu320 - ok
00:22:46.0369 5604 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:22:46.0369 5604 AeLookupSvc - ok
00:22:46.0381 5604 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:22:46.0389 5604 AFD - ok
00:22:46.0397 5604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:22:46.0401 5604 agp440 - ok
00:22:46.0408 5604 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:22:46.0408 5604 ALG - ok
00:22:46.0415 5604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:22:46.0418 5604 aliide - ok
00:22:46.0425 5604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:22:46.0427 5604 amdide - ok
00:22:46.0435 5604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:22:46.0438 5604 AmdK8 - ok
00:22:46.0446 5604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:22:46.0449 5604 AmdPPM - ok
00:22:46.0457 5604 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:22:46.0461 5604 amdsata - ok
00:22:46.0470 5604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:22:46.0474 5604 amdsbs - ok
00:22:46.0482 5604 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:22:46.0484 5604 amdxata - ok
00:22:46.0557 5604 AntiVirScheduler (349a0e0039141c9b32e1f6bea860560f) E:\Programmi Installati\Avira\AntiVir Desktop\sched.exe
00:22:46.0565 5604 AntiVirScheduler - ok
00:22:46.0577 5604 AntiVirService (445c1a3f7a5a8d0454c8944115e69f18) E:\Programmi Installati\Avira\AntiVir Desktop\avguard.exe
00:22:46.0578 5604 AntiVirService - ok
00:22:46.0586 5604 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:22:46.0589 5604 AppID - ok
00:22:46.0596 5604 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:22:46.0596 5604 AppIDSvc - ok
00:22:46.0604 5604 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:22:46.0604 5604 Appinfo - ok
00:22:46.0608 5604 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:22:46.0612 5604 Apple Mobile Device - ok
00:22:46.0621 5604 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:22:46.0622 5604 AppMgmt - ok
00:22:46.0629 5604 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:22:46.0633 5604 arc - ok
00:22:46.0641 5604 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:22:46.0645 5604 arcsas - ok
00:22:46.0652 5604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:22:46.0654 5604 AsyncMac - ok
00:22:46.0661 5604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:22:46.0662 5604 atapi - ok
00:22:46.0669 5604 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
00:22:46.0671 5604 AthBTPort - ok
00:22:46.0679 5604 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
00:22:46.0681 5604 ATHDFU - ok
00:22:46.0684 5604 AtherosSvc (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
00:22:46.0687 5604 AtherosSvc - ok
00:22:46.0701 5604 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:22:46.0706 5604 AudioEndpointBuilder - ok
00:22:46.0714 5604 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:22:46.0717 5604 AudioSrv - ok
00:22:46.0725 5604 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
00:22:46.0728 5604 avgntflt - ok
00:22:46.0736 5604 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
00:22:46.0739 5604 avipbb - ok
00:22:46.0747 5604 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:22:46.0747 5604 AxInstSV - ok
00:22:46.0759 5604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:22:46.0767 5604 b06bdrv - ok
00:22:46.0778 5604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:22:46.0783 5604 b57nd60a - ok
00:22:46.0792 5604 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:22:46.0792 5604 BDESVC - ok
00:22:46.0800 5604 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:22:46.0802 5604 Beep - ok
00:22:46.0816 5604 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:22:46.0821 5604 BFE - ok
00:22:46.0836 5604 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
00:22:46.0843 5604 BITS - ok
00:22:46.0851 5604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:22:46.0853 5604 blbdrive - ok
00:22:46.0862 5604 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:22:46.0867 5604 Bonjour Service - ok
00:22:46.0876 5604 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:22:46.0879 5604 bowser - ok
00:22:46.0886 5604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:22:46.0888 5604 BrFiltLo - ok
00:22:46.0894 5604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:22:46.0896 5604 BrFiltUp - ok
00:22:46.0903 5604 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:22:46.0907 5604 BridgeMP - ok
00:22:46.0915 5604 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:22:46.0916 5604 Browser - ok
00:22:46.0925 5604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:22:46.0931 5604 Brserid - ok
00:22:46.0938 5604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:22:46.0941 5604 BrSerWdm - ok
00:22:46.0948 5604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:22:46.0949 5604 BrUsbMdm - ok
00:22:46.0956 5604 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:22:46.0958 5604 BrUsbSer - ok
00:22:46.0967 5604 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
00:22:46.0971 5604 BTATH_A2DP - ok
00:22:46.0978 5604 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
00:22:46.0980 5604 BTATH_BUS - ok
00:22:46.0989 5604 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
00:22:46.0992 5604 BTATH_HCRP - ok
00:22:47.0000 5604 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
00:22:47.0002 5604 BTATH_LWFLT - ok
00:22:47.0011 5604 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
00:22:47.0014 5604 BTATH_RCP - ok
00:22:47.0025 5604 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
00:22:47.0029 5604 BtFilter - ok
00:22:47.0036 5604 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:22:47.0039 5604 BthEnum - ok
00:22:47.0046 5604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:22:47.0049 5604 BTHMODEM - ok
00:22:47.0057 5604 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:22:47.0060 5604 BthPan - ok
00:22:47.0071 5604 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:22:47.0080 5604 BTHPORT - ok
00:22:47.0086 5604 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:22:47.0087 5604 bthserv - ok
00:22:47.0095 5604 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:22:47.0098 5604 BTHUSB - ok
00:22:47.0099 5604 catchme - ok
00:22:47.0108 5604 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:22:47.0111 5604 cdfs - ok
00:22:47.0119 5604 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:22:47.0124 5604 cdrom - ok
00:22:47.0132 5604 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:22:47.0132 5604 CertPropSvc - ok
00:22:47.0139 5604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:22:47.0142 5604 circlass - ok
00:22:47.0152 5604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:22:47.0155 5604 CLFS - ok
00:22:47.0159 5604 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:22:47.0164 5604 clr_optimization_v2.0.50727_32 - ok
00:22:47.0168 5604 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:22:47.0172 5604 clr_optimization_v2.0.50727_64 - ok
00:22:47.0178 5604 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:22:47.0182 5604 clr_optimization_v4.0.30319_32 - ok
00:22:47.0186 5604 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:22:47.0190 5604 clr_optimization_v4.0.30319_64 - ok
00:22:47.0198 5604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:22:47.0200 5604 CmBatt - ok
00:22:47.0207 5604 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:22:47.0209 5604 cmdide - ok
00:22:47.0221 5604 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:22:47.0230 5604 CNG - ok
00:22:47.0238 5604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:22:47.0240 5604 Compbatt - ok
00:22:47.0248 5604 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:22:47.0251 5604 CompositeBus - ok
00:22:47.0256 5604 COMSysApp - ok
00:22:47.0264 5604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:22:47.0266 5604 crcdisk - ok
00:22:47.0275 5604 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:22:47.0276 5604 CryptSvc - ok
00:22:47.0288 5604 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:22:47.0298 5604 CSC - ok
00:22:47.0311 5604 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
00:22:47.0317 5604 CscService - ok
00:22:47.0329 5604 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:22:47.0334 5604 DcomLaunch - ok
00:22:47.0343 5604 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:22:47.0345 5604 defragsvc - ok
00:22:47.0352 5604 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:22:47.0355 5604 DfsC - ok
00:22:47.0365 5604 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:22:47.0367 5604 Dhcp - ok
00:22:47.0375 5604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:22:47.0377 5604 discache - ok
00:22:47.0385 5604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:22:47.0389 5604 Disk - ok
00:22:47.0397 5604 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:22:47.0398 5604 Dnscache - ok
00:22:47.0406 5604 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:22:47.0407 5604 dot3svc - ok
00:22:47.0416 5604 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
00:22:47.0419 5604 Dot4 - ok
00:22:47.0427 5604 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
00:22:47.0429 5604 Dot4Print - ok
00:22:47.0436 5604 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
00:22:47.0438 5604 dot4usb - ok
00:22:47.0446 5604 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:22:47.0447 5604 DPS - ok
00:22:47.0454 5604 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:22:47.0455 5604 drmkaud - ok
00:22:47.0472 5604 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:22:47.0485 5604 DXGKrnl - ok
00:22:47.0495 5604 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
00:22:47.0499 5604 e1cexpress - ok
00:22:47.0506 5604 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:22:47.0507 5604 EapHost - ok
00:22:47.0543 5604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:22:47.0572 5604 ebdrv - ok
00:22:47.0579 5604 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:22:47.0580 5604 EFS - ok
00:22:47.0589 5604 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:22:47.0598 5604 ehRecvr - ok
00:22:47.0602 5604 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:22:47.0605 5604 ehSched - ok
00:22:47.0617 5604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:22:47.0624 5604 elxstor - ok
00:22:47.0632 5604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:22:47.0634 5604 ErrDev - ok
00:22:47.0646 5604 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:22:47.0649 5604 EventSystem - ok
00:22:47.0658 5604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:22:47.0662 5604 exfat - ok
00:22:47.0670 5604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:22:47.0675 5604 fastfat - ok
00:22:47.0688 5604 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:22:47.0693 5604 Fax - ok
00:22:47.0700 5604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:22:47.0703 5604 fdc - ok
00:22:47.0710 5604 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:22:47.0710 5604 fdPHost - ok
00:22:47.0716 5604 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:22:47.0717 5604 FDResPub - ok
00:22:47.0724 5604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:22:47.0728 5604 FileInfo - ok
00:22:47.0735 5604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:22:47.0737 5604 Filetrace - ok
00:22:47.0749 5604 FLEXnet Licensing Service (d60ef46dc0e757fe5eb579db95b88954) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:22:47.0765 5604 FLEXnet Licensing Service - ok
00:22:47.0772 5604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:22:47.0775 5604 flpydisk - ok
00:22:47.0785 5604 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:22:47.0792 5604 FltMgr - ok
00:22:47.0809 5604 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:22:47.0816 5604 FontCache - ok
00:22:47.0821 5604 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:22:47.0823 5604 FontCache3.0.0.0 - ok
00:22:47.0831 5604 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:22:47.0834 5604 FsDepends - ok
00:22:47.0841 5604 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:22:47.0844 5604 Fs_Rec - ok
00:22:47.0854 5604 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:22:47.0859 5604 fvevol - ok
00:22:47.0866 5604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:22:47.0870 5604 gagp30kx - ok
00:22:47.0877 5604 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:22:47.0879 5604 GEARAspiWDM - ok
00:22:47.0893 5604 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:22:47.0898 5604 gpsvc - ok
00:22:47.0906 5604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:22:47.0909 5604 hcw85cir - ok
00:22:47.0919 5604 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:22:47.0926 5604 HdAudAddService - ok
00:22:47.0934 5604 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:22:47.0937 5604 HDAudBus - ok
00:22:47.0945 5604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:22:47.0947 5604 HidBatt - ok
00:22:47.0954 5604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:22:47.0958 5604 HidBth - ok
00:22:47.0965 5604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:22:47.0968 5604 HidIr - ok
00:22:47.0975 5604 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:22:47.0975 5604 hidserv - ok
00:22:47.0983 5604 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:22:47.0985 5604 HidUsb - ok
00:22:47.0992 5604 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:22:47.0992 5604 hkmsvc - ok
00:22:48.0001 5604 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:22:48.0002 5604 HomeGroupListener - ok
00:22:48.0010 5604 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:22:48.0012 5604 HomeGroupProvider - ok
00:22:48.0018 5604 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:22:48.0023 5604 hpqcxs08 - ok
00:22:48.0028 5604 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:22:48.0032 5604 hpqddsvc - ok
00:22:48.0040 5604 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:22:48.0043 5604 HpSAMD - ok
00:22:48.0058 5604 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:22:48.0068 5604 HTTP - ok
00:22:48.0076 5604 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:22:48.0078 5604 hwpolicy - ok
00:22:48.0085 5604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:22:48.0089 5604 i8042prt - ok
00:22:48.0100 5604 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:22:48.0107 5604 iaStorV - ok
00:22:48.0118 5604 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:22:48.0136 5604 idsvc - ok
00:22:48.0144 5604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:22:48.0147 5604 iirsp - ok
00:22:48.0162 5604 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:22:48.0168 5604 IKEEXT - ok
00:22:48.0208 5604 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
00:22:48.0233 5604 IntcAzAudAddService - ok
00:22:48.0241 5604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:22:48.0244 5604 intelide - ok
00:22:48.0251 5604 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:22:48.0254 5604 intelppm - ok
00:22:48.0261 5604 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
00:22:48.0262 5604 Intel® PROSet Monitoring Service - ok
00:22:48.0269 5604 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:22:48.0270 5604 IPBusEnum - ok
00:22:48.0278 5604 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:22:48.0281 5604 IpFilterDriver - ok
00:22:48.0294 5604 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:22:48.0299 5604 iphlpsvc - ok
00:22:48.0306 5604 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:22:48.0310 5604 IPMIDRV - ok
00:22:48.0318 5604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:22:48.0321 5604 IPNAT - ok
00:22:48.0334 5604 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
00:22:48.0343 5604 iPod Service - ok
00:22:48.0350 5604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:22:48.0352 5604 IRENUM - ok
00:22:48.0359 5604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:22:48.0362 5604 isapnp - ok
00:22:48.0371 5604 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:22:48.0378 5604 iScsiPrt - ok
00:22:48.0387 5604 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
00:22:48.0391 5604 JRAID - ok
00:22:48.0399 5604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:22:48.0402 5604 kbdclass - ok
00:22:48.0409 5604 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:22:48.0412 5604 kbdhid - ok
00:22:48.0419 5604 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:22:48.0419 5604 KeyIso - ok
00:22:48.0425 5604 KMService - ok
00:22:48.0433 5604 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:22:48.0437 5604 KSecDD - ok
00:22:48.0445 5604 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:22:48.0449 5604 KSecPkg - ok
00:22:48.0457 5604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:22:48.0459 5604 ksthunk - ok
00:22:48.0469 5604 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:22:48.0473 5604 KtmRm - ok
00:22:48.0482 5604 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:22:48.0489 5604 LanmanServer - ok
00:22:48.0497 5604 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:22:48.0501 5604 LanmanWorkstation - ok
00:22:48.0510 5604 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:22:48.0513 5604 lltdio - ok
00:22:48.0523 5604 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:22:48.0526 5604 lltdsvc - ok
00:22:48.0533 5604 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:22:48.0534 5604 lmhosts - ok
00:22:48.0543 5604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:22:48.0547 5604 LSI_FC - ok
00:22:48.0554 5604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:22:48.0558 5604 LSI_SAS - ok
00:22:48.0565 5604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:22:48.0569 5604 LSI_SAS2 - ok
00:22:48.0576 5604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:22:48.0580 5604 LSI_SCSI - ok
00:22:48.0588 5604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:22:48.0592 5604 luafv - ok
00:22:48.0599 5604 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:22:48.0601 5604 Mcx2Svc - ok
00:22:48.0607 5604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:22:48.0610 5604 megasas - ok
00:22:48.0620 5604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:22:48.0626 5604 MegaSR - ok
00:22:48.0633 5604 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:22:48.0636 5604 MEIx64 - ok
00:22:48.0641 5604 mi-raysat_3dsmax2011_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
00:22:48.0645 5604 mi-raysat_3dsmax2011_32 - ok
00:22:48.0685 5604 Microsoft SharePoint Workspace Audit Service - ok
00:22:48.0693 5604 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:22:48.0694 5604 MMCSS - ok
00:22:48.0702 5604 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:22:48.0706 5604 Modem - ok
00:22:48.0714 5604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:22:48.0718 5604 monitor - ok
00:22:48.0727 5604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:22:48.0732 5604 mouclass - ok
00:22:48.0741 5604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:22:48.0745 5604 mouhid - ok
00:22:48.0754 5604 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:22:48.0758 5604 mountmgr - ok
00:22:48.0767 5604 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:22:48.0773 5604 mpio - ok
00:22:48.0780 5604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:22:48.0784 5604 mpsdrv - ok
00:22:48.0798 5604 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:22:48.0804 5604 MpsSvc - ok
00:22:48.0813 5604 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:22:48.0817 5604 MRxDAV - ok
00:22:48.0826 5604 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:22:48.0830 5604 mrxsmb - ok
00:22:48.0840 5604 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:22:48.0846 5604 mrxsmb10 - ok
00:22:48.0854 5604 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:22:48.0858 5604 mrxsmb20 - ok
00:22:48.0865 5604 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:22:48.0868 5604 msahci - ok
00:22:48.0876 5604 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:22:48.0880 5604 msdsm - ok
00:22:48.0887 5604 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:22:48.0889 5604 MSDTC - ok
00:22:48.0898 5604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:22:48.0900 5604 Msfs - ok
00:22:48.0917 5604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:22:48.0919 5604 mshidkmdf - ok
00:22:48.0926 5604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:22:48.0928 5604 msisadrv - ok
00:22:48.0936 5604 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:22:48.0938 5604 MSiSCSI - ok
00:22:48.0944 5604 msiserver - ok
00:22:48.0951 5604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:22:48.0953 5604 MSKSSRV - ok
00:22:48.0959 5604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:22:48.0961 5604 MSPCLOCK - ok
00:22:48.0968 5604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:22:48.0969 5604 MSPQM - ok
00:22:48.0980 5604 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:22:48.0986 5604 MsRPC - ok
00:22:48.0995 5604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:22:48.0997 5604 mssmbios - ok
00:22:49.0003 5604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:22:49.0005 5604 MSTEE - ok
00:22:49.0011 5604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:22:49.0013 5604 MTConfig - ok
00:22:49.0021 5604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:22:49.0024 5604 Mup - ok
00:22:49.0034 5604 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\DRIVERS\mv91xx.sys
00:22:49.0041 5604 mv91xx - ok
00:22:49.0051 5604 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:22:49.0055 5604 napagent - ok
00:22:49.0065 5604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:22:49.0071 5604 NativeWifiP - ok
00:22:49.0080 5604 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
00:22:49.0086 5604 NAUpdate - ok
00:22:49.0104 5604 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:22:49.0117 5604 NDIS - ok
00:22:49.0125 5604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:22:49.0127 5604 NdisCap - ok
00:22:49.0135 5604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:22:49.0137 5604 NdisTapi - ok
00:22:49.0144 5604 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:22:49.0147 5604 Ndisuio - ok
00:22:49.0155 5604 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:22:49.0160 5604 NdisWan - ok
00:22:49.0168 5604 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:22:49.0171 5604 NDProxy - ok
00:22:49.0180 5604 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
00:22:49.0181 5604 Net Driver HPZ12 - ok
00:22:49.0188 5604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:22:49.0190 5604 NetBIOS - ok
00:22:49.0199 5604 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:22:49.0204 5604 NetBT - ok
00:22:49.0211 5604 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:22:49.0211 5604 Netlogon - ok
00:22:49.0221 5604 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:22:49.0224 5604 Netman - ok
00:22:49.0235 5604 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:22:49.0238 5604 netprofm - ok
00:22:49.0242 5604 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:22:49.0247 5604 NetTcpPortSharing - ok
00:22:49.0255 5604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:22:49.0258 5604 nfrd960 - ok
00:22:49.0268 5604 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:22:49.0270 5604 NlaSvc - ok
00:22:49.0278 5604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:22:49.0280 5604 Npfs - ok
00:22:49.0287 5604 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:22:49.0288 5604 nsi - ok
00:22:49.0295 5604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:22:49.0297 5604 nsiproxy - ok
00:22:49.0320 5604 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:22:49.0340 5604 Ntfs - ok
00:22:49.0348 5604 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:22:49.0349 5604 Null - ok
00:22:49.0357 5604 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:22:49.0360 5604 nusb3hub - ok
00:22:49.0368 5604 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:22:49.0371 5604 nusb3xhc - ok
00:22:49.0523 5604 nvlddmkm (0d4e03fda79691efd97ae5d7bb3a257d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:22:49.0573 5604 nvlddmkm - ok
00:22:49.0582 5604 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:22:49.0587 5604 nvraid - ok
00:22:49.0596 5604 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:22:49.0600 5604 nvstor - ok
00:22:49.0608 5604 nvsvc (2786b69ae9144c522e2f0ad44b8ce1ad) C:\Windows\system32\nvvsvc.exe
00:22:49.0609 5604 nvsvc - ok
00:22:49.0616 5604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:22:49.0620 5604 nv_agp - ok
00:22:49.0628 5604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:22:49.0632 5604 ohci1394 - ok
00:22:49.0637 5604 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:22:49.0642 5604 ose64 - ok
00:22:49.0690 5604 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:22:49.0737 5604 osppsvc - ok
00:22:49.0749 5604 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:22:49.0751 5604 p2pimsvc - ok
00:22:49.0762 5604 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:22:49.0765 5604 p2psvc - ok
00:22:49.0778 5604 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
00:22:49.0787 5604 PAC207 - ok
00:22:49.0795 5604 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:22:49.0798 5604 Parport - ok
00:22:49.0806 5604 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:22:49.0810 5604 partmgr - ok
00:22:49.0818 5604 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:22:49.0819 5604 PcaSvc - ok
00:22:49.0828 5604 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:22:49.0833 5604 pci - ok
00:22:49.0840 5604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:22:49.0842 5604 pciide - ok
00:22:49.0851 5604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:22:49.0856 5604 pcmcia - ok
00:22:49.0863 5604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:22:49.0867 5604 pcw - ok
00:22:49.0880 5604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:22:49.0891 5604 PEAUTH - ok
00:22:49.0911 5604 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:22:49.0921 5604 PeerDistSvc - ok
00:22:49.0928 5604 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:22:49.0931 5604 PerfHost - ok
00:22:49.0954 5604 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:22:49.0964 5604 pla - ok
00:22:49.0975 5604 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:22:49.0984 5604 PlugPlay - ok
00:22:49.0993 5604 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
00:22:49.0993 5604 Pml Driver HPZ12 - ok
00:22:50.0000 5604 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:22:50.0000 5604 PNRPAutoReg - ok
00:22:50.0010 5604 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:22:50.0011 5604 PNRPsvc - ok
00:22:50.0022 5604 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:22:50.0026 5604 PolicyAgent - ok
00:22:50.0035 5604 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:22:50.0041 5604 Power - ok
00:22:50.0049 5604 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:22:50.0053 5604 PptpMiniport - ok
00:22:50.0061 5604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:22:50.0065 5604 Processor - ok
00:22:50.0073 5604 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:22:50.0075 5604 ProfSvc - ok
00:22:50.0082 5604 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:22:50.0082 5604 ProtectedStorage - ok
00:22:50.0091 5604 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:22:50.0095 5604 Psched - ok
00:22:50.0103 5604 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
00:22:50.0106 5604 PxHlpa64 - ok
00:22:50.0127 5604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:22:50.0143 5604 ql2300 - ok
00:22:50.0152 5604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:22:50.0156 5604 ql40xx - ok
00:22:50.0166 5604 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:22:50.0168 5604 QWAVE - ok
00:22:50.0176 5604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:22:50.0178 5604 QWAVEdrv - ok
00:22:50.0185 5604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:22:50.0187 5604 RasAcd - ok
00:22:50.0195 5604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:22:50.0198 5604 RasAgileVpn - ok
00:22:50.0206 5604 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:22:50.0207 5604 RasAuto - ok
00:22:50.0215 5604 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:22:50.0219 5604 Rasl2tp - ok
00:22:50.0229 5604 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:22:50.0232 5604 RasMan - ok
00:22:50.0240 5604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:22:50.0244 5604 RasPppoe - ok
00:22:50.0252 5604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:22:50.0255 5604 RasSstp - ok
00:22:50.0265 5604 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:22:50.0272 5604 rdbss - ok
00:22:50.0280 5604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:22:50.0282 5604 rdpbus - ok
00:22:50.0289 5604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:22:50.0290 5604 RDPCDD - ok
00:22:50.0299 5604 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:22:50.0304 5604 RDPDR - ok
00:22:50.0311 5604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:22:50.0312 5604 RDPENCDD - ok
00:22:50.0320 5604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:22:50.0322 5604 RDPREFMP - ok
00:22:50.0331 5604 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:22:50.0335 5604 RDPWD - ok
00:22:50.0344 5604 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:22:50.0350 5604 rdyboost - ok
00:22:50.0357 5604 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:22:50.0358 5604 RemoteAccess - ok
00:22:50.0366 5604 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:22:50.0372 5604 RemoteRegistry - ok
00:22:50.0380 5604 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:22:50.0384 5604 RFCOMM - ok
00:22:50.0391 5604 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:22:50.0395 5604 RpcEptMapper - ok
00:22:50.0401 5604 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:22:50.0402 5604 RpcLocator - ok
00:22:50.0414 5604 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:22:50.0416 5604 RpcSs - ok
00:22:50.0424 5604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:22:50.0427 5604 rspndr - ok
00:22:50.0434 5604 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:22:50.0436 5604 s3cap - ok
00:22:50.0442 5604 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:22:50.0443 5604 SamSs - ok
00:22:50.0451 5604 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:22:50.0455 5604 sbp2port - ok
00:22:50.0607 5604 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) E:\Programmi Installati\Spybot - Search & Destroy\SDWinSec.exe
00:22:50.0627 5604 SBSDWSCService - ok
00:22:50.0638 5604 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:22:50.0646 5604 SCardSvr - ok
00:22:50.0654 5604 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:22:50.0656 5604 scfilter - ok
00:22:50.0673 5604 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:22:50.0693 5604 Schedule - ok
00:22:50.0700 5604 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:22:50.0701 5604 SCPolicySvc - ok
00:22:50.0709 5604 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:22:50.0715 5604 SDRSVC - ok
00:22:50.0722 5604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:22:50.0724 5604 secdrv - ok
00:22:50.0731 5604 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:22:50.0735 5604 seclogon - ok
00:22:50.0743 5604 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:22:50.0747 5604 SENS - ok
00:22:50.0754 5604 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:22:50.0757 5604 SensrSvc - ok
00:22:50.0765 5604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:22:50.0767 5604 Serenum - ok
00:22:50.0775 5604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:22:50.0779 5604 Serial - ok
00:22:50.0786 5604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:22:50.0789 5604 sermouse - ok
00:22:50.0800 5604 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:22:50.0804 5604 SessionEnv - ok
00:22:50.0811 5604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:22:50.0813 5604 sffdisk - ok
00:22:50.0820 5604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:22:50.0823 5604 sffp_mmc - ok
00:22:50.0830 5604 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:22:50.0832 5604 sffp_sd - ok
00:22:50.0840 5604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:22:50.0842 5604 sfloppy - ok
00:22:50.0851 5604 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:22:50.0854 5604 SharedAccess - ok
00:22:50.0864 5604 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:22:50.0872 5604 ShellHWDetection - ok
00:22:50.0880 5604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:22:50.0883 5604 SiSRaid2 - ok
00:22:50.0891 5604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:22:50.0894 5604 SiSRaid4 - ok
00:22:50.0902 5604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:22:50.0906 5604 Smb - ok
00:22:50.0914 5604 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:22:50.0917 5604 SNMPTRAP - ok
00:22:50.0924 5604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:22:50.0926 5604 spldr - ok
00:22:50.0938 5604 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:22:50.0945 5604 Spooler - ok
00:22:50.0984 5604 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:22:51.0015 5604 sppsvc - ok
00:22:51.0022 5604 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:22:51.0026 5604 sppuinotify - ok
00:22:51.0038 5604 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:22:51.0046 5604 srv - ok
00:22:51.0057 5604 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:22:51.0065 5604 srv2 - ok
00:22:51.0074 5604 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:22:51.0078 5604 srvnet - ok
00:22:51.0086 5604 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:22:51.0091 5604 SSDPSRV - ok
00:22:51.0098 5604 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:22:51.0102 5604 SstpSvc - ok
00:22:51.0110 5604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:22:51.0112 5604 stexstor - ok
00:22:51.0125 5604 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:22:51.0134 5604 stisvc - ok
00:22:51.0142 5604 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:22:51.0145 5604 storflt - ok
00:22:51.0152 5604 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
00:22:51.0154 5604 StorSvc - ok
00:22:51.0162 5604 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:22:51.0165 5604 storvsc - ok
00:22:51.0172 5604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:22:51.0174 5604 swenum - ok
00:22:51.0183 5604 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:22:51.0190 5604 SwitchBoard - ok
00:22:51.0200 5604 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:22:51.0208 5604 swprv - ok
00:22:51.0229 5604 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:22:51.0246 5604 SysMain - ok
00:22:51.0253 5604 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:22:51.0258 5604 TabletInputService - ok
00:22:51.0267 5604 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:22:51.0275 5604 TapiSrv - ok
00:22:51.0281 5604 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:22:51.0285 5604 TBS - ok
00:22:51.0309 5604 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:22:51.0334 5604 Tcpip - ok
00:22:51.0358 5604 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:22:51.0365 5604 TCPIP6 - ok
00:22:51.0373 5604 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:22:51.0376 5604 tcpipreg - ok
00:22:51.0384 5604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:22:51.0386 5604 TDPIPE - ok
00:22:51.0393 5604 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:22:51.0395 5604 TDTCP - ok
00:22:51.0403 5604 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:22:51.0407 5604 tdx - ok
00:22:51.0414 5604 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:22:51.0417 5604 TermDD - ok
00:22:51.0430 5604 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:22:51.0437 5604 TermService - ok
00:22:51.0444 5604 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:22:51.0447 5604 Themes - ok
00:22:51.0454 5604 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:22:51.0455 5604 THREADORDER - ok
00:22:51.0462 5604 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:22:51.0467 5604 TrkWks - ok
00:22:51.0471 5604 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:22:51.0474 5604 TrustedInstaller - ok
00:22:51.0482 5604 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:22:51.0485 5604 tssecsrv - ok
00:22:51.0493 5604 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:22:51.0496 5604 TsUsbFlt - ok
00:22:51.0505 5604 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:22:51.0509 5604 tunnel - ok
00:22:51.0516 5604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:22:51.0521 5604 uagp35 - ok
00:22:51.0531 5604 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:22:51.0537 5604 udfs - ok
00:22:51.0546 5604 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:22:51.0550 5604 UI0Detect - ok
00:22:51.0558 5604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:22:51.0561 5604 uliagpkx - ok
00:22:51.0569 5604 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:22:51.0572 5604 umbus - ok
00:22:51.0582 5604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:22:51.0585 5604 UmPass - ok
00:22:51.0594 5604 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
00:22:51.0601 5604 UmRdpService - ok
00:22:51.0610 5604 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:22:51.0617 5604 upnphost - ok
00:22:51.0624 5604 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:22:51.0628 5604 usbccgp - ok
00:22:51.0636 5604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:22:51.0641 5604 usbcir - ok
00:22:51.0650 5604 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:22:51.0652 5604 usbehci - ok
00:22:51.0663 5604 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:22:51.0670 5604 usbhub - ok
00:22:51.0677 5604 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:22:51.0679 5604 usbohci - ok
00:22:51.0687 5604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:22:51.0689 5604 usbprint - ok
00:22:51.0697 5604 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:22:51.0700 5604 usbscan - ok
00:22:51.0708 5604 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:22:51.0710 5604 USBSTOR - ok
00:22:51.0718 5604 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:22:51.0720 5604 usbuhci - ok
00:22:51.0727 5604 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:22:51.0731 5604 UxSms - ok
00:22:51.0737 5604 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:22:51.0738 5604 VaultSvc - ok
00:22:51.0746 5604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:22:51.0749 5604 vdrvroot - ok
00:22:51.0760 5604 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:22:51.0769 5604 vds - ok
00:22:51.0777 5604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:22:51.0779 5604 vga - ok
00:22:51.0786 5604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:22:51.0788 5604 VgaSave - ok
00:22:51.0797 5604 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:22:51.0803 5604 vhdmp - ok
00:22:51.0810 5604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:22:51.0812 5604 viaide - ok
00:22:51.0821 5604 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:22:51.0827 5604 vmbus - ok
00:22:51.0834 5604 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:22:51.0836 5604 VMBusHID - ok
00:22:51.0844 5604 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:22:51.0847 5604 volmgr - ok
00:22:51.0857 5604 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:22:51.0863 5604 volmgrx - ok
00:22:51.0873 5604 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:22:51.0877 5604 volsnap - ok
00:22:51.0886 5604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:22:51.0890 5604 vsmraid - ok
00:22:51.0912 5604 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:22:51.0926 5604 VSS - ok
00:22:51.0933 5604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:22:51.0936 5604 vwifibus - ok
00:22:51.0946 5604 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:22:51.0952 5604 W32Time - ok
00:22:51.0961 5604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:22:51.0963 5604 WacomPen - ok
00:22:51.0971 5604 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:22:51.0974 5604 WANARP - ok
00:22:51.0976 5604 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:22:51.0977 5604 Wanarpv6 - ok
00:22:51.0996 5604 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:22:52.0017 5604 WatAdminSvc - ok
00:22:52.0038 5604 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:22:52.0056 5604 wbengine - ok
00:22:52.0065 5604 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:22:52.0070 5604 WbioSrvc - ok
00:22:52.0080 5604 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:22:52.0087 5604 wcncsvc - ok
00:22:52.0094 5604 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:22:52.0097 5604 WcsPlugInService - ok
00:22:52.0105 5604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:22:52.0107 5604 Wd - ok
00:22:52.0121 5604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:22:52.0131 5604 Wdf01000 - ok
00:22:52.0138 5604 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:22:52.0142 5604 WdiServiceHost - ok
00:22:52.0144 5604 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:22:52.0146 5604 WdiSystemHost - ok
00:22:52.0155 5604 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:22:52.0162 5604 WebClient - ok
00:22:52.0170 5604 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:22:52.0176 5604 Wecsvc - ok
00:22:52.0183 5604 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:22:52.0186 5604 wercplsupport - ok
00:22:52.0194 5604 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:22:52.0197 5604 WerSvc - ok
00:22:52.0205 5604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:22:52.0206 5604 WfpLwf - ok
00:22:52.0214 5604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:22:52.0217 5604 WIMMount - ok
00:22:52.0218 5604 WinDefend - ok
00:22:52.0221 5604 WinHttpAutoProxySvc - ok
00:22:52.0231 5604 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:22:52.0238 5604 Winmgmt - ok
00:22:52.0263 5604 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:22:52.0284 5604 WinRM - ok
00:22:52.0295 5604 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:22:52.0299 5604 WinUsb - ok
00:22:52.0313 5604 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:22:52.0325 5604 Wlansvc - ok
00:22:52.0350 5604 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:22:52.0367 5604 wlidsvc - ok
00:22:52.0375 5604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:22:52.0377 5604 WmiAcpi - ok
00:22:52.0387 5604 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:22:52.0391 5604 wmiApSrv - ok
00:22:52.0393 5604 WMPNetworkSvc - ok
00:22:52.0400 5604 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:22:52.0403 5604 WPCSvc - ok
00:22:52.0411 5604 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:22:52.0415 5604 WPDBusEnum - ok
00:22:52.0422 5604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:22:52.0424 5604 ws2ifsl - ok
00:22:52.0431 5604 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:22:52.0436 5604 wscsvc - ok
00:22:52.0442 5604 WSearch - ok
00:22:52.0474 5604 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:22:52.0498 5604 wuauserv - ok
00:22:52.0507 5604 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:22:52.0510 5604 WudfPf - ok
00:22:52.0519 5604 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:22:52.0523 5604 WUDFRd - ok
00:22:52.0531 5604 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:22:52.0536 5604 wudfsvc - ok
00:22:52.0544 5604 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:22:52.0550 5604 WwanSvc - ok
00:22:52.0554 5604 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:22:52.0556 5604 \Device\Harddisk0\DR0 - ok
00:22:52.0558 5604 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
00:22:52.0559 5604 \Device\Harddisk1\DR1 - ok
00:22:52.0560 5604 Boot (0x1200) (492b86f2ae2a1bc05d54d024baf40b92) \Device\Harddisk0\DR0\Partition0
00:22:52.0561 5604 \Device\Harddisk0\DR0\Partition0 - ok
00:22:52.0562 5604 Boot (0x1200) (af578236e71b01da83490dc931719a92) \Device\Harddisk1\DR1\Partition0
00:22:52.0563 5604 \Device\Harddisk1\DR1\Partition0 - ok
00:22:52.0564 5604 Boot (0x1200) (b9125bb48cf8105c9118331b53d82ec1) \Device\Harddisk1\DR1\Partition1
00:22:52.0565 5604 \Device\Harddisk1\DR1\Partition1 - ok
00:22:52.0565 5604 ============================================================
00:22:52.0565 5604 Scan finished
00:22:52.0565 5604 ============================================================
00:22:52.0570 5864 Detected object count: 0
00:22:52.0570 5864 Actual detected object count: 0


aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-16 00:24:48
-----------------------------
00:24:48.428 OS Version: Windows x64 6.1.7601 Service Pack 1
00:24:48.428 Number of processors: 8 586 0x2A07
00:24:48.429 ComputerName: UTENTE-PC UserName: Utente
00:24:48.683 Initialize success
00:25:35.693 AVAST engine defs: 12041502
00:25:56.027 The log file has been saved successfully to "C:\Users\Utente\Desktop\aswMBR.txt"


What is the next step that I do?

I thank you again for your help.

I look forward to your reply.

Hello

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 15 April 2012 - 08:17 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 16 April 2012 - 05:22 PM

Hi,

I save the script in my desktop as CFScript.txt and drag it into ComboFix.exe, it's ok but at a certain moment the window show me that ComboFix has expired and that I can update the existing copy with a new copy, but to do this I must first remove the old copy. Now I haven't done this, because I'm not sure whether it is correct. If I cancel my copy of ComboFix to update as it's written, no danger that any viruses or malware are released?
If the answer is no, I will continue to perform the steps of the previous post.
Thanks again for your help.

Edited by VashTheStampede, 16 April 2012 - 05:23 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 16 April 2012 - 09:17 PM

yes go ahead and allow it to update


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 17 April 2012 - 03:55 PM

Hi,

I perform the script and this is the ComboFix Log:

ComboFix 12-04-17.01 - Utente 17/04/2012 22:40:12.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.16364.13504 [GMT 2:00]
Eseguito da: C:\Users\Utente\Desktop\ComboFix.exe
Opzioni usate :: C:\Users\Utente\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Creati Da 2012-03-17 al 2012-04-17 )))))))))))))))))))))))))))))))))))


2012-04-17 20:42:15 . 2012-04-17 20:42:15 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-16 18:07:04 . 2012-04-16 18:07:04 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2012-04-13 17:35:54 . 2012-03-14 03:27:40 8669240 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{00C5D263-65B2-4876-A7B4-D60DA768326C}\mpengine.dll
2012-04-12 01:00:55 . 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-04-12 01:00:55 . 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 01:00:54 . 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 01:00:19 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 01:00:19 . 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-12 01:00:19 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 01:00:18 . 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-04-12 01:00:18 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-04-12 01:00:18 . 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 01:00:18 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 19:58:44 . 2012-04-11 19:58:50 -------- d-----w- C:\Program Files\iTunes
2012-04-11 19:58:44 . 2012-04-11 19:58:44 -------- d-----w- C:\Program Files\iPod
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-01 22:30:53 . 2011-04-27 20:44:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-23 08:18:36 . 2011-03-31 14:27:45 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-02-17 06:38:26 . 2012-03-14 21:02:02 1031680 ----a-w- C:\Windows\system32\rdpcore.dll
2012-02-17 05:34:22 . 2012-03-14 21:02:02 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 . 2012-03-14 21:02:02 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-02-17 04:57:32 . 2012-03-14 21:02:02 23552 ----a-w- C:\Windows\system32\drivers\tdtcp.sys
2012-02-10 06:36:07 . 2012-03-14 21:02:21 1544192 ----a-w- C:\Windows\system32\DWrite.dll
2012-02-10 05:38:43 . 2012-03-14 21:02:21 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 . 2012-03-14 21:02:21 3145728 ----a-w- C:\Windows\system32\win32k.sys
2012-01-25 06:38:39 . 2012-03-14 21:02:03 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-01-25 06:38:38 . 2012-03-14 21:02:03 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-01-25 06:33:30 . 2012-03-14 21:02:03 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="E:\Programmi Installati\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 14:07:20 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 02:09:52 113288]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2010-01-19 02:27:56 43632]
"avgnt"="E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 12:39:09 281768]
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 16:33:36 150528]
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 01:41:12 49208]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 13:02:04 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 00:10:38 86016]
R2 SkypeUpdate;Skype Updater;E:\Programmi Installati\Updater\Updater.exe [2012-02-29 06:50:48 158856]
R3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;E:\Programmi Installati\Office14\GROOVE.EXE [2011-06-12 09:43:28 51740536]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 19:20:56 174440]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]
R3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [x]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 12:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 14:18:52 52896]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe [x]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 12:39:22 490280]
S2 SBSDWSCService;SBSD Security Center Service;E:\Programmi Installati\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 13:31:10 1153368]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contenuto della cartella 'Scheduled Tasks'

2012-04-17 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000Core.job
- C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-23 20:00:00 . 2011-11-23 20:00:37]

2012-04-17 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000UA.job
- C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-23 20:00:00 . 2011-11-23 20:00:37]

2012-04-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000Core.job
- C:\Users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 23:02:19 . 2011-04-10 23:02:19]

2012-04-17 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932923347-2004413485-1034368658-1000UA.job
- C:\Users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-10 23:02:19 . 2011-04-10 23:02:19]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11:32:36 11545192]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 09:01:16 319488]

------- Scansione supplementare -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel
IE: I&nvia a OneNote
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\qw6dy4me.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 0


While ComboFix was running, the script is disappired, this is normal?
Now the computer seems to be fine, I have no problem in the operation.
The problems that I had when I connect external devices like USB sticks or external HD to my pc, seems resolved, but do I do anything to be sure that these external devices are clean?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 17 April 2012 - 06:35 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 18 April 2012 - 04:10 PM

Hi,

this is the extra combofix report:

ActiveState Komodo Edit 7.0.1
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader X (10.1.3) - Italiano
Adobe Story
Adobe Widget Browser
AdunanzA
Advertising Center
AIO_Scan
Apple Application Support
Apple Software Update
Autodesk 3ds Max 2011 32-bit
Autodesk Backburner 2008.1
Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
Autodesk Material Library 2011
Avira AntiVir Personal - Free Antivirus
BufferChm
Copy
D3DX10
Destinations
DeviceDiscovery
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
DolbyFiles
F4100
F4100_Help
Facebook Video Calling 1.2.0.159
Google Chrome
GPBaseService2
High-Definition Video Playback 10
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IETester v0.4.10 (remove only)
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 31
JMicron JMB36X Driver
Junk Mail filter update
MarketResearch
marvell 91xx console driver
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 it)
Mozilla Firefox 7.0.1 (x86 it)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Installer
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
PDF Settings CS5
PDFCreator
PxMergeModule
QuickTime
RealFlow
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TopStyle 4
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
V-Ray for 3dsmax 2011 for x86
VLC media player 2.0.1
WebReg
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger

Have you noticed something strange from the log files?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 18 April 2012 - 04:29 PM

Hello


Nope thing have been looking very good




Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 VashTheStampede

VashTheStampede
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 18 April 2012 - 06:18 PM

Hi Gringo,

I did what you told me. Thanks for being so clear in your explanations :)

- MBAM log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versione database: v2012.04.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Utente :: UTENTE-PC [amministratore]

19/04/2012 00:56:37
mbam-log-2012-04-19 (00-56-37).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 199527
Tempo impiegato: 42 secondi

Processi rilevati in memoria: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1916 -> Verrà eliminato al riavvio.

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Verrà eliminato al riavvio.

(fine)



- Hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:07:03, on 19/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\Pac207\Monitor.exe
E:\Programmi Installati\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Programmi Installati\mozilla\firefox.exe
E:\Programmi Installati\mozilla\plugin-container.exe
E:\Programmi Installati\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programmi Installati\Adobe CS5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avgnt] "E:\Programmi Installati\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Programmi Installati\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programmi Installati\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - E:\Programmi Installati\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Programmi Installati\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - E:\Programmi Installati\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Programmi Installati\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11713 bytes

Fortunately I have no problem running the computer.

MBAM found two files that eliminated, but I do not know if they were dangerous.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 18 April 2012 - 06:36 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users