LPava

October 18, 2012

MBAM scan is fine (log below) and after some hours of use the computer shows no signs of troubles. Problem solved (as mush as possible)?

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.17.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

asus :: ASUS-PC [administrator]

18/10/2012 01:30:28

mbam-log-2012-10-18 (01-30-28).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 229338

Time elapsed: 10 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

October 17, 2012

Last log. Looks better if I'm not mistaken

RogueKiller V8.1.1 [10/01/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : asus [Admin rights]

Mode : Scan -- Date : 10/17/2012 20:38:33

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe -> KILLED [TermProc]

[sUSP PATH] NDSPCShowServer.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe -> KILLED [TermProc]

[sUSP PATH] FACEBO~1.EXE -- C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-170201479-1053690467-1054435267-1001[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND

[sTARTUP][sUSP PATH] Facebook Messenger.lnk @asus : C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] 5275c8427b66ee1565afcdf4f9f41c9e

[bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062328 | Size: 119235 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289257472 | Size: 335700 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[11].txt >>

RKreport[10].txt ; RKreport[11].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ;

RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;

RKreport[9].txt

October 17, 2012

Sorry for the delay. The computer now is running apparently with no issues, MBAM detected nothing while it seems RogueKiller still shows some problems.

Here are the logs:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.17.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

asus :: ASUS-PC [administrator]

17/10/2012 17:55:50

mbam-log-2012-10-17 (17-55-50).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 229608

Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

RogueKiller V8.1.1 [10/01/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : asus [Admin rights]

Mode : Scan -- Date : 10/17/2012 19:57:28

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe -> KILLED [TermProc]

[sUSP PATH] NDSPCShowServer.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe -> KILLED [TermProc]

[sUSP PATH] FACEBO~1.EXE -- C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-170201479-1053690467-1054435267-1001[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND

[sTARTUP][sUSP PATH] Facebook Messenger.lnk @asus : C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{75f7c80c-e64f-6965-76da-2a4093bf3abd}\U --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] 5275c8427b66ee1565afcdf4f9f41c9e

[bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062328 | Size: 119235 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289257472 | Size: 335700 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[8].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

October 17, 2012

ComboFix ran smoothly, hope that everything is fine now.

Log is below, some lines are in italian, hope it's not a problem otherwise I'd translate it

ComboFix 12-10-17.03 - asus 17/10/2012 17:08:47.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4001.2214 [GMT 2:00]

Eseguito da: c:\users\asus\Desktop\ComboFix.exe

AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Creato nuovo punto di ripristino

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Your Product\Uninstall

c:\program files (x86)\Your Product\Uninstall\IRIMG1.JPG

c:\program files (x86)\Your Product\Uninstall\IRIMG2.JPG

c:\program files (x86)\Your Product\Uninstall\uninstall.dat

c:\program files (x86)\Your Product\Uninstall\uninstall.xml

c:\programdata\FullRemove.exe

.

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_NVSvc

.

((((((((((((((((((((((((( Files Creati Da 2012-09-17 al 2012-10-17 )))))))))))))))))))))))))))))))))))

.

2012-10-14 08:44 . 2012-10-14 08:44 -------- d-----w- c:\program files (x86)\Adobe Media Player

2012-10-14 08:40 . 2012-10-14 08:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-10-10 08:58 . 2012-10-10 08:58 -------- d-----w- c:\program files (x86)\Common Files\Comodo

2012-10-09 06:44 . 2012-10-09 06:44 -------- d-----w- C:\found.000

2012-10-06 14:20 . 2012-10-06 14:20 -------- d-----w- c:\program files (x86)\2K Sports

2012-09-28 10:36 . 2012-09-28 10:36 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2012-09-27 14:08 . 2012-09-27 14:08 -------- d-----w- c:\programdata\Canneverbe Limited

2012-09-27 14:07 . 2012-09-27 14:07 -------- d-----w- c:\program files (x86)\CDBurnerXP

2012-09-25 16:29 . 2012-09-25 16:32 -------- d-----w- c:\users\asus\AppData\Roaming\Origin

2012-09-25 16:29 . 2012-09-28 10:25 -------- d-----w- c:\program files (x86)\Origin Games

2012-09-25 16:29 . 2012-09-28 10:52 -------- d-----w- c:\users\asus\AppData\Local\Origin

2012-09-25 16:23 . 2012-09-28 10:54 -------- d-----w- c:\programdata\Origin

2012-09-25 16:23 . 2012-09-28 10:54 -------- d-----w- c:\programdata\Electronic Arts

2012-09-25 16:23 . 2012-09-25 16:29 -------- d-----w- c:\program files (x86)\Origin

2012-09-23 08:21 . 2012-09-23 08:23 -------- d-----w- c:\program files\CCleaner

2012-09-20 08:43 . 2012-09-20 08:43 -------- d-----w- C:\temp

2012-09-20 07:57 . 2012-10-12 10:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-20 07:57 . 2012-10-12 10:01 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-20 07:57 . 2012-09-20 07:57 -------- d-----w- c:\windows\system32\Macromed

2012-09-20 07:52 . 2012-09-20 07:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-09-18 16:14 . 2012-09-18 16:14 -------- d-----w- c:\windows\Sun

2012-09-18 16:14 . 2012-09-18 16:14 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-18 16:13 . 2012-09-18 16:13 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-18 16:13 . 2012-09-18 16:13 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-18 16:13 . 2012-09-18 16:13 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-18 16:13 . 2012-09-18 16:13 -------- d-----w- c:\program files (x86)\Java

2012-09-18 08:05 . 2012-09-18 08:05 -------- d-----w- c:\users\Default\AppData\Local\Google

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-20 08:27 . 2012-08-17 10:33 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-09-14 03:17 . 2012-08-24 14:54 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-09-08 12:33 . 2012-09-04 14:37 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-09-08 12:33 . 2012-09-04 14:22 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-09-08 08:50 . 2012-09-04 14:22 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-09-07 15:04 . 2012-08-25 10:02 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-06 21:26 . 2012-09-06 21:26 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-09-04 14:37 . 2012-09-04 14:22 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-09-04 14:19 . 2012-09-04 14:22 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-08-30 19:14 . 2012-09-09 10:16 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-08-30 19:14 . 2011-03-17 15:48 971624 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-08-30 19:14 . 2011-03-17 15:48 2725224 ----a-w- c:\windows\system32\nvapi64.dll

2012-08-30 19:14 . 2011-03-17 15:48 247144 ----a-w- c:\windows\system32\nvinitx.dll

2012-08-30 19:14 . 2011-03-17 15:48 202600 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-08-30 16:18 . 2010-12-05 10:13 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-08-30 16:18 . 2010-12-05 10:13 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-08-30 16:18 . 2010-12-05 10:13 865640 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-08-30 16:18 . 2010-12-05 10:13 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-08-30 16:18 . 2010-12-05 10:13 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-08-30 16:18 . 2010-12-05 10:13 3487434 ----a-w- c:\windows\system32\nvcoproc.bin

2012-08-30 16:18 . 2010-12-05 10:13 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-08-30 16:18 . 2010-12-05 10:12 3266920 ----a-w- c:\windows\system32\nvsvc64.dll

2012-08-30 16:17 . 2010-12-05 10:13 6198120 ----a-w- c:\windows\system32\nvcpl.dll

2012-08-28 15:37 . 2012-08-28 15:37 108368 ----a-r- c:\users\asus\AppData\Roaming\Microsoft\Installer\{FEC1DF97-E716-4CD8-A55B-75C373912D35}\ARPPRODUCTICON.exe

2012-08-28 15:02 . 2012-08-28 15:04 10752 ----a-w- c:\windows\system32\E_GCINST.DLL

2012-08-28 15:02 . 2012-08-28 15:03 88064 ----a-w- c:\windows\system32\E_IBCBGGE.DLL

2012-08-28 15:02 . 2012-08-28 15:03 118784 ----a-w- c:\windows\system32\E_ILMGGE.DLL

2012-08-25 01:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-08-25 01:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-08-24 01:14 . 2012-08-24 01:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-08-24 01:14 . 2012-08-24 01:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-08-24 01:14 . 2012-08-24 01:14 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 01:14 . 2012-08-24 01:14 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 01:14 . 2012-08-24 01:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-08-24 01:14 . 2012-08-24 01:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-08-24 01:14 . 2012-08-24 01:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-08-24 01:14 . 2012-08-24 01:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-08-24 01:14 . 2012-08-24 01:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-08-24 01:14 . 2012-08-24 01:14 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-08-24 01:14 . 2012-08-24 01:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-08-24 01:14 . 2012-08-24 01:14 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 01:14 . 2012-08-24 01:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-08-24 01:14 . 2012-08-24 01:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-08-24 01:14 . 2012-08-24 01:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-08-24 01:14 . 2012-08-24 01:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 01:14 . 2012-08-24 01:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-24 01:14 . 2012-08-24 01:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 01:14 . 2012-08-24 01:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-08-24 01:14 . 2012-08-24 01:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-08-24 01:14 . 2012-08-24 01:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-08-24 01:14 . 2012-08-24 01:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-08-24 01:14 . 2012-08-24 01:14 222208 ----a-w- c:\windows\system32\msls31.dll

2012-08-24 01:14 . 2012-08-24 01:14 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 01:14 . 2012-08-24 01:14 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 01:14 . 2012-08-24 01:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-08-24 01:14 . 2012-08-24 01:14 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 01:14 . 2012-08-24 01:14 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 01:14 . 2012-08-24 01:14 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-08-24 01:14 . 2012-08-24 01:14 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-08-24 01:14 . 2012-08-24 01:14 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-08-24 01:14 . 2012-08-24 01:14 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-08-24 01:14 . 2012-08-24 01:14 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-08-24 01:14 . 2012-08-24 01:14 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-08-24 01:14 . 2012-08-24 01:14 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 01:14 . 2012-08-24 01:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 01:14 . 2012-08-24 01:14 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 01:14 . 2012-08-24 01:14 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 01:14 . 2012-08-24 01:14 197120 ----a-w- c:\windows\system32\msrating.dll

2012-08-24 01:14 . 2012-08-24 01:14 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 01:14 . 2012-08-24 01:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 01:14 . 2012-08-24 01:14 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-08-24 01:14 . 2012-08-24 01:14 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-08-24 01:14 . 2012-08-24 01:14 149504 ----a-w- c:\windows\system32\occache.dll

2012-08-24 01:14 . 2012-08-24 01:14 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-08-24 01:14 . 2012-08-24 01:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-08-24 01:14 . 2012-08-24 01:14 12288 ----a-w- c:\windows\system32\mshta.exe

2012-08-24 01:14 . 2012-08-24 01:14 114176 ----a-w- c:\windows\system32\admparse.dll

2012-08-24 01:14 . 2012-08-24 01:14 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-08-24 01:14 . 2012-08-24 01:14 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 01:14 . 2012-08-24 01:14 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-08-24 01:14 . 2012-08-24 01:14 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 01:14 . 2012-08-24 01:14 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-08-24 01:14 . 2012-08-24 01:14 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-08-24 01:14 . 2012-08-24 01:14 82432 ----a-w- c:\windows\system32\icardie.dll

2012-08-24 01:14 . 2012-08-24 01:14 697344 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 01:14 . 2012-08-24 01:14 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 01:14 . 2012-08-24 01:14 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-08-24 01:14 . 2012-08-24 01:14 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-08-24 01:14 . 2012-08-24 01:14 448512 ----a-w- c:\windows\system32\html.iec

2012-08-24 01:14 . 2012-08-24 01:14 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-08-24 01:14 . 2012-08-24 01:14 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-08-24 01:14 . 2012-08-24 01:14 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-08-24 01:14 . 2012-08-24 01:14 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-24 01:14 . 2012-08-24 01:14 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-08-24 01:14 . 2012-08-24 01:14 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-08-24 01:14 . 2012-08-24 01:14 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 01:14 . 2012-08-24 01:14 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-08-24 01:14 . 2012-08-24 01:14 160256 ----a-w- c:\windows\system32\wextract.exe

2012-08-24 01:14 . 2012-08-24 01:14 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 01:14 . 2012-08-24 01:14 103936 ----a-w- c:\windows\system32\inseng.dll

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"GoogleChromeAutoLaunch_3C776F0E4C9D4C175BD7848BC811E09D"="c:\users\asus\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-10-10 1239064]

"Spotify Web Helper"="c:\users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-23 1193176]

"PCShowServer"="c:\users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe" [2012-04-17 525680]

"Facebook Update"="c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-29 138096]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]

"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]

"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-17 222504]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"tvncontrol"="c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe" [2012-09-28 1815040]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

.

c:\users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-23 27112840]

Facebook Messenger.lnk - c:\users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe [2012-9-5 247728]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-3-17 548528]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-3-17 12862]

Start GeekBuddy.lnk - c:\program files (x86)\COMODO\GeekBuddy\launcher.exe [2012-10-5 49360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Servizio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 116648]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 250808]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]

R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 116648]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-03-11 22696]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-06 283200]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\Comodo\launcher_service.exe [2012-10-05 70352]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-08-28 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-08-28 128512]

S2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-09-28 1815040]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-19 210944]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-19 49664]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-10-06 42392]

.

--- Altri Servizi/Drivers In Memoria ---

.

*NewlyCreated* - WS2IFSL

.

Contenuto della cartella 'Scheduled Tasks'

.

2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 10:01]

.

2012-09-02 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-08-27 15:07]

.

2012-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-170201479-1053690467-1054435267-1001Core.job

- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 10:32]

.

2012-10-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-170201479-1053690467-1054435267-1001UA.job

- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-23 10:32]

.

2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-13 09:13]

.

2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-13 09:13]

.

2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-170201479-1053690467-1054435267-1001Core.job

- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 09:08]

.

2012-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-170201479-1053690467-1054435267-1001UA.job

- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 09:08]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-10-02 07:42 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-10-02 07:42 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-10-02 07:42 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-10-02 07:42 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-03 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-03 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-03 417304]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Toolbar-Locked - (no file)

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe

c:\windows\AsScrPro.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Ora fine scansione: 2012-10-17 17:26:42 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2012-10-17 15:26

.

Pre-Run: 2.420.563.968 byte disponibili

Post-Run: 5.951.270.912 byte disponibili

.

- - End Of File - - 27AF19997428C67056D9D2309A877554

October 17, 2012

Thanks again for the super fast help.

Seems I've been infected with a nasty thing though I try to be as careful as possible and never had any other infections. Any ideas on how could it be possible?

I will try with the procedure you explained at the moment, but I'm also planning to re-install the OS as soon as possible. Will my computer be considered secure then?

I'll also let you know when the cleanup is over.

October 17, 2012

Thanks for the reply. Rogue Killer detected ZeroAccess and redirected me to a page with instructions on how to get rid of it, but I'll wait for your advice before proceeding.

Here is the log:

RogueKiller V8.1.1 [10/01/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : asus [Admin rights]

Mode : Scan -- Date : 10/17/2012 16:18:48

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] PCShowServerPMWrapper.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe -> KILLED [TermProc]

[sUSP PATH] FACEBO~1.EXE -- C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> KILLED [TermThr]

[sUSP PATH] NDSPCShowServer.exe -- C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe -> KILLED [TermThr]

¤¤¤ Registry Entries : 9 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-170201479-1053690467-1054435267-1001[...]\Run : PCShowServer ("C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe") -> FOUND

[sTARTUP][sUSP PATH] Facebook Messenger.lnk @asus : C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\Windows\Installer\{75f7c80c-e64f-6965-76da-2a4093bf3abd}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{75f7c80c-e64f-6965-76da-2a4093bf3abd}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{75f7c80c-e64f-6965-76da-2a4093bf3abd}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] 5275c8427b66ee1565afcdf4f9f41c9e

[bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062328 | Size: 119235 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289257472 | Size: 335700 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

October 17, 2012

Hello everyone,

starting few days ago chrome has started opening new tabs on his own containing ads. MBAB and Comodo do detect something, apparently a malware in C:\windos\installer subfolders, but they're not able to stop it since new tabs are still opening and running scans the infected objects till there.

These are DDS logs:

DDS (Ver_2012-10-14.05) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421

Run by asus at 15:40:29 on 2012-10-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4001.1256 [GMT 2:00]

.

AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\FBAgent.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe

C:\Windows\system32\conhost.exe

C:\ExpressGateUtil\VAWinService.exe

C:\Windows\AsScrPro.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\asus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIGGE.EXE

C:\Users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe

C:\Program Files (x86)\COMODO\GeekBuddy\unit.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\asus\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\asus\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Users\asus\AppData\Roaming\Spotify\spotify.exe

C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [AdobeBridge] <no file>

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"

mRun: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe" -controlservice -slave

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

StartupFolder: C:\Users\asus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\asus\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\asus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\asus\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{4AD4A989-9A2C-4143-A9FD-C4BF8F9F14E9} : DHCPNameServer = 8.8.8.8

TCP: Interfaces\{5273DF40-0ABA-4EAA-AC68-3ECA7400C849} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D3BB08C6-90EC-4C7E-902C-780E8E819DD4} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D3BB08C6-90EC-4C7E-902C-780E8E819DD4}\051667166616D6D246F677E6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D3BB08C6-90EC-4C7E-902C-780E8E819DD4}\46C696E6B6 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{D3BB08C6-90EC-4C7E-902C-780E8E819DD4}\A516E6F6C6C616 : DHCPNameServer = 193.70.152.15 193.70.152.25

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

x64-mStart Page = hxxp://asus.msn.com

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll

x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"

x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-9-20 30056]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-3-11 22696]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 577824]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 43248]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-9-6 283200]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-3-17 379520]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [2012-10-5 70352]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-8-28 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-8-28 128512]

R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-9-28 1815040]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-14 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-14 676936]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-20 1258856]

R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-27 241488]

R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-3-17 67664]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-17 2656280]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-21 77312]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-9-8 129024]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2010-11-20 210944]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2010-11-20 49664]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-25 25928]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-17 56344]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2010-7-14 7821312]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-17 333928]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-10-6 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Servizio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-13 116648]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-20 250808]

S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-3-17 267480]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-8-11 44032]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-17 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-13 116648]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-20 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-24 59392]

S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-24 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-10-10 08:58:55 -------- d-----w- C:\Program Files (x86)\Common Files\Comodo

2012-10-09 06:44:19 -------- d-sh--w- C:\found.000

2012-10-06 14:20:34 -------- d-----w- C:\Program Files (x86)\2K Sports

2012-09-28 10:36:13 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2012-09-27 14:08:07 -------- d-----w- C:\ProgramData\Canneverbe Limited

2012-09-25 16:29:42 -------- d-----w- C:\Users\asus\AppData\Roaming\Origin

2012-09-25 16:29:40 -------- d-----w- C:\Program Files (x86)\Origin Games

2012-09-25 16:29:39 -------- d-----w- C:\Users\asus\AppData\Local\Origin

2012-09-25 16:23:56 -------- d-----w- C:\ProgramData\Origin

2012-09-25 16:23:53 -------- d-----w- C:\ProgramData\Electronic Arts

2012-09-25 16:23:46 -------- d-----w- C:\Program Files (x86)\Origin

2012-09-23 08:21:56 -------- d-----w- C:\Program Files\CCleaner

2012-09-20 08:43:08 -------- d-----w- C:\temp

2012-09-20 07:57:05 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-20 07:57:05 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-20 07:52:48 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-09-18 16:13:58 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-18 16:13:58 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-09-18 16:13:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

.

==================== Find3M ====================

.

2012-09-20 08:27:18 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-09-08 12:33:54 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-09-08 12:33:54 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-09-08 08:50:56 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-06 21:26:06 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-09-04 14:37:23 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-09-04 14:19:57 3360624 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-08-30 16:18:05 865640 ----a-w- C:\Windows\System32\nv3dappshext.dll

2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-08-30 16:18:05 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-08-30 16:18:04 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll

2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll

2012-08-28 15:02:37 88064 ----a-w- C:\Windows\System32\E_IBCBGGE.DLL

2012-08-28 15:02:37 118784 ----a-w- C:\Windows\System32\E_ILMGGE.DLL

2012-08-28 15:02:37 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL

2012-08-25 01:37:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-08-25 01:37:19 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-08-23 11:09:39 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2012-08-23 11:09:39 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

.

============= FINISH: 15:43:20,21 ===============

DDS (Ver_2012-10-14.05)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 17/08/2012 12:32:40

System Uptime: 17/10/2012 04:26:53 (11 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | N53SV

Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 1880/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 2,435 GiB free.

D: is FIXED (NTFS) - 328 GiB total, 162,317 GiB free.

E: is CDROM ()

F: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

??? ActiveX ?? Windows Live Mesh ???? ??????? ???????

????? Messenger

?????? ??????? ?? Windows Live

??????? Windows Live Mesh ActiveX ???

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe InDesign CS5

Adobe Media Player

Adobe Photoshop CS6

Adobe Photoshop Lightroom 4.1 64-bit

Aggiornamenti NVIDIA 1.10.8

Alcor Micro USB Card Reader

America's Army 3

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS Power4Gear Hybrid

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Video Magic

ASUS Virtual Camera

ASUS WebStorage

ASUS_Screensaver

AsusVibe2.0

ATK Package

µTorrent

BlackBerry Desktop Software 6.1

calibre

CCleaner

CDBurnerXP

COMODO Internet Security

Complemento Messenger

Complément Messenger

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

CyberLink PowerDVD 10

D3DX10

DAEMON Tools Lite

EndNote X5

EPSON Scan

EPSON SX125 Series Printer Uninstall

ETDWare PS/2-x64 7.0.5.16_WHQL

ExpressGate Cloud

Facebook Messenger 2.1.4631.0

Fast Boot

FIFA 13

Finale SongWriter 2012

Fresco Logic USB3.0 Host Controller

Galeria de Fotografias do Windows Live

Galerie de photos Windows Live

Galería fotográfica de Windows Live

GeekBuddy

Google Chrome

Google Drive

Google Update Helper

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Intel® Turbo Boost Technology Monitor

Intel® Wireless Display

IrfanView (remove only)

Java 7 Update 7

Java Auto Updater

JDownloader 0.9

Junk Mail filter update

Malwarebytes Anti-Malware versione 1.65.0.1400

Mesh Runtime

Messenger ????

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)

Microsoft .NET Framework 4 Client Profile ITA Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

Native Instruments B4 II

Nuance PDF Reader

NVIDIA 3D Vision Controller Driver

NVIDIA Driver del controller 3D Vision 306.23

NVIDIA Driver grafico 306.23

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Update Components

Origin

Pannello di controllo NVIDIA 306.23

PDF Settings CS5

PDF Settings CS6

PunkBuster Services

Raccolta foto di Windows Live

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

ResearchSoft Direct Export Helper

S?????? f?t???af??? t?? Windows Live

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Sky Go Player

Skype™ 5.10

SonicMaster

SopCast 3.5.0

Spotify

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??

Steam

syncables desktop SE

Trend Micro Titanium Internet Security

TunnelBear 1.0.31

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

USB2.0 UVC 2M WebCam

VLC media player 2.0.2

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Fotogalerie

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

WinRAR 4.20 (64-bit)

Wireless Console 3

Your Product

.

==== End Of File ===========================

Thanks to everyone with the patience of helping me!

Sign In

LPava

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by LPava

Malware infection in C:\windows\installer

Malware infection in C:\windows\installer

Malware infection in C:\windows\installer

Malware infection in C:\windows\installer

Malware infection in C:\windows\installer

Malware infection in C:\windows\installer

Malware infection in C:\windows\installer

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information