Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Update blocked [Closed]


  • This topic is locked This topic is locked

#1
Enrico_57

Enrico_57

    New Member

  • Member
  • Pip
  • 2 posts
Hello to all !

This is my first post, so forgive me for any mistake.

I have a Lenvo T60 laptop, Windows XP pro SP3; Symantec Endpoint Protection.

Few days ago, I have found that Automatic Updates are running SVCHOST at 100% CPU. Also trying to get updates from MS sites, with Windows Update site, gives the result of a grreen bar going up and down forever. No other symptom, I can download updates for SEP, and all security tools.

I am not sure that I have infection; anyway, any fix that on Microsoft Community was suggested had no result; someone told it could be a malware infection.

So, I ran Microsoft Offline Scanner (boot from CD): nothing found; Avira Rescue (boot from CD): nothing found; Conficker removal tool from Symantec and F-Secure: no conficker; TDSS Killer from Kaspersky: nothing found. And yes, I ran HiJackThis, all is OK.

Here is my OTL log:

OTL logfile created on: 03/09/2013 16.32.01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user 1\Documenti\Utilities\Varie
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 77,37% Memory free
4,32 Gb Paging File | 3,87 Gb Available in Paging File | 89,49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 55,89 Gb Total Space | 21,01 Gb Free Space | 37,59% Space Free | Partition Type: NTFS

Computer Name: LENOVO-T60 | User Name: user 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/03 16.25.25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user 1\Documenti\Utilities\Varie\OTL.exe
PRC - [2013/08/18 08.27.52 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Programmi\Java\jre7\bin\jqs.exe
PRC - [2011/05/03 14.01.10 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Programmi\File comuni\Symantec Shared\ccApp.exe
PRC - [2011/05/03 14.01.10 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
PRC - [2011/05/03 14.01.08 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/05/03 14.01.08 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/05/03 14.01.08 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Programmi\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/11/05 02.29.00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Programmi\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/11/05 02.29.00 | 000,053,248 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/09/17 18.54.24 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/09/17 18.51.38 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/09/17 18.51.06 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/09/17 18.46.16 | 000,237,568 | ---- | M] (Lenovo ) -- C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/09/17 18.46.06 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/07/27 18.05.00 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/04/26 14.46.32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/07 15.37.22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/01 15.50.44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/11/24 14.51.18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/04/13 20.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 18.34.46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/08/16 19.07.00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/07/15 07.13.22 | 000,360,533 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2006/07/14 16.52.48 | 000,045,056 | ---- | M] () -- C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/07/04 04.05.00 | 000,229,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2006/06/29 22.57.50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2006/03/13 17.38.56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006/02/14 07.17.28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/02 06.20.00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (No Company Name) ==========

MOD - [2013/07/12 18.10.56 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fce142e7009d7cd587b5d8fbc20f5448\UIAutomationProvider.ni.dll
MOD - [2013/07/12 18.10.27 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll
MOD - [2013/07/12 18.09.43 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e729dd9b653def0664bf0efcf22dc112\PresentationFramework.Luna.ni.dll
MOD - [2013/07/12 18.09.08 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\98081ec306b59320c26f94983fec7a89\PresentationCore.ni.dll
MOD - [2013/07/12 18.08.32 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\37136d6a9a5a7c5d7816d7e0ef3c4d45\WindowsBase.ni.dll
MOD - [2013/07/12 18.08.01 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll
MOD - [2013/07/12 18.07.20 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/07/12 17.58.54 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2011/04/30 12.57.37 | 000,034,816 | ---- | M] () -- C:\Programmi\Google\Google Desktop Search\gzlib.dll
MOD - [2010/11/05 02.29.00 | 000,081,920 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\IT-IT\PWMUIAux.resources.dll
MOD - [2010/11/05 02.29.00 | 000,060,416 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\IT\PWRMGRRO.DLL
MOD - [2010/11/05 02.29.00 | 000,053,248 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe
MOD - [2010/11/05 02.29.00 | 000,042,496 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\IT\PWRMGRRT.DLL
MOD - [2010/09/17 19.24.00 | 000,046,592 | ---- | M] () -- C:\Programmi\ThinkPad\ConnectUtilities\Res\IT\GUIHlprRes.dll
MOD - [2010/09/17 19.23.50 | 000,229,376 | ---- | M] () -- C:\Programmi\ThinkPad\ConnectUtilities\Res\IT\IconRes.dll
MOD - [2010/09/17 19.23.28 | 000,077,824 | ---- | M] () -- C:\Programmi\ThinkPad\ConnectUtilities\Res\IT\SvcHlprRes.dll
MOD - [2006/07/14 16.52.48 | 000,045,056 | ---- | M] () -- C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2006/07/04 18.11.00 | 000,057,344 | ---- | M] () -- C:\Programmi\ThinkVantage\PrdCtr\IT\LPRESMGR.DLL
MOD - [2006/06/29 22.57.50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2006/02/23 19.22.00 | 000,057,344 | ---- | M] () -- C:\Programmi\ThinkPad\Utilities\IT\EZMAPRES.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/08/18 08.27.52 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programmi\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/05/03 14.01.10 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Programmi\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/05/03 14.01.10 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/05/03 14.01.10 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/05/03 14.01.08 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/05/03 14.01.08 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programmi\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/11/05 02.29.00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programmi\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/11/05 02.29.00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/09/17 18.46.16 | 000,237,568 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 18.46.06 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/09/07 16.05.51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programmi\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/04/07 15.37.22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programmi\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 13.02.16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programmi\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/06/12 11.55.48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- c:\Programmi\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/03/04 11.34.12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programmi\File comuni\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 18.34.46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programmi\File comuni\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/16 19.07.00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/07/15 07.13.22 | 000,360,533 | ---- | M] (Atheros) [On_Demand | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2006/07/14 16.52.48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programmi\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/06/29 22.57.50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2006/05/31 15.43.04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/10/25 10.34.24 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/10/22 04.24.18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Installshield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/30 18.20.50 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/08/29 10.00.00 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programmi\File comuni\Symantec Shared\VirusDefs\20130830.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/29 10.00.00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/29 10.00.00 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/29 10.00.00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programmi\File comuni\Symantec Shared\VirusDefs\20130830.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/27 23.52.20 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/05/03 14.01.14 | 000,043,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2011/05/03 14.01.10 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/05/03 14.01.10 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/05/03 14.01.10 | 000,099,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2011/05/03 14.01.10 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2011/05/03 14.01.10 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/12/22 10.42.37 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010/11/11 03.36.18 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/11/11 03.36.18 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2010/11/11 03.36.18 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2010/11/11 03.36.16 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/11/05 02.29.00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2010/11/05 02.29.00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/06/16 14.44.38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 14.44.38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/06/02 15.49.20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/06/02 15.49.20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/06/02 15.49.18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/05/12 21.22.04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/05/12 19.04.02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2006/08/16 19.07.00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/08/02 18.54.00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/02 18.54.00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/07/13 06.43.16 | 000,508,672 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/07/08 15.34.50 | 000,054,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/05/31 15.22.26 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/31 15.17.36 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/03/13 17.05.54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programmi\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006/02/02 06.20.00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 06.20.00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 06.20.00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 06.20.00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 06.20.00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 06.20.00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 06.20.00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 13.02.50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 13.02.10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/09/28 18.07.02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2001/08/30 23.06.50 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\Google: "URL" = http://www.google.co...f8&oe=utf8&q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.70.2.29:3128

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BFDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3%7D:1.3.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.google.it...-8&oe=utf-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programmi\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.8\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2013/08/22 22.22.52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.8\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2013/08/22 22.22.41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.12\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2013/02/03 10.38.33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.12\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins

[2013/06/25 18.04.44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user 1\Dati applicazioni\Mozilla\Extensions
[2013/08/25 11.19.56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user 1\Dati applicazioni\Mozilla\Firefox\Profiles\atcduk7q.default\extensions
[2011/03/04 18.05.56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user 1\Dati applicazioni\Mozilla\Firefox\Profiles\atcduk7q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/21 15.49.50 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Documents and Settings\user 1\Dati applicazioni\Mozilla\Firefox\Profiles\atcduk7q.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2013/08/25 11.19.55 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\user 1\Dati applicazioni\Mozilla\Firefox\Profiles\atcduk7q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/22 22.22.35 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2013/08/22 22.22.52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2013/01/24 21.09.36 | 007,174,192 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\agcore.dll
[2013/01/24 21.09.36 | 003,526,704 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\coreclr.dll
[2013/01/24 21.09.36 | 000,245,344 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\Microsoft.VisualBasic.dll
[2013/01/24 21.09.36 | 001,690,672 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\mscorlib.dll
[2013/01/24 21.09.36 | 000,009,776 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\mscorrc.dll
[2013/01/24 21.09.36 | 001,210,416 | ---- | M] ( Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\npctrl.dll
[2013/01/24 21.09.36 | 000,800,304 | ---- | M] ( Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\npctrlui.dll
[2013/01/08 02.06.20 | 004,012,648 | ---- | M] () -- C:\Programmi\mozilla firefox\plugins\nppdf.dll
[2013/01/24 21.09.36 | 000,557,640 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Core.dll
[2013/01/24 21.09.36 | 000,239,168 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\system.dll
[2013/01/24 21.09.36 | 000,227,896 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Net.dll
[2013/01/24 21.09.36 | 000,434,264 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Runtime.Serialization.dll
[2013/01/24 21.09.36 | 000,517,720 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.ServiceModel.dll
[2013/01/24 21.09.36 | 000,071,760 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.ServiceModel.Web.dll
[2013/01/24 21.09.36 | 000,129,616 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Windows.Browser.dll
[2013/01/24 21.09.36 | 001,927,248 | ---- | M] ( Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Windows.dll
[2013/01/24 21.09.36 | 000,030,296 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Windows.RuntimeHost.dll
[2013/01/24 21.09.36 | 000,320,056 | ---- | M] (Microsoft Corporation) -- C:\Programmi\mozilla firefox\plugins\System.Xml.dll
[2013/05/10 01.49.12 | 000,001,606 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\amazon-it.xml
[2013/05/10 01.49.12 | 000,002,465 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2013/05/10 01.49.12 | 000,000,957 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2013/05/10 01.49.12 | 000,001,030 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2013/05/10 01.49.12 | 000,001,395 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2013/05/10 01.49.12 | 000,001,166 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2004/08/19 23.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ACTray] C:\Programmi\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Programmi\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Programmi\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Programmi\File comuni\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programmi\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Programmi\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programmi\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programmi\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\AutorunsDisabled [2011/01/12 00.01.31 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Cerca con Google - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Traduci parola in italiano - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Link a ritroso - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Pagine simili - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Versione cache della pagina - C:\Programmi\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmi\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Intranet locale)
O15 - HKCU\..Trusted Ranges: GD ([http] in Intranet locale)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6972728-43DE-4937-9FD4-98AF1C86D061}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programmi\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programmi\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Programmi\Lenovo\AwayTask\AwayNotify.dll) - C:\Programmi\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/27 21.00.02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 20.48.31 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/08/30 18.16.02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/29 12.25.29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/08/28 19.05.13 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution OLD
[2013/08/22 22.22.34 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[2013/08/22 20.51.34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user 1\Dati applicazioni\ElevatedDiagnostics
[2013/08/22 20.50.08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/08/21 05.22.36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2013/08/18 08.27.43 | 000,000,000 | ---D | C] -- C:\Programmi\Java
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/02 21.39.09 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013/09/02 21.38.34 | 000,009,962 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2013/09/02 21.37.49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/02 21.37.42 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/01 09.33.47 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\user 1\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/01 08.23.15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/30 18.20.50 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/08/30 18.20.50 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2013/08/30 18.20.50 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/08/30 18.20.50 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/08/29 15.28.32 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/29 23.10.09 | 3211,186,176 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/12 18.57.12 | 000,635,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
[2013/04/08 20.44.43 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\user 1\Impostazioni locali\Dati applicazioni\recently-used.xbel
[2012/02/17 08.34.36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/22 11.45.01 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\user 1\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 15.16.20 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\user 1\Impostazioni locali\Dati applicazioni\fusioncache.dat

========== ZeroAccess Check ==========

[2006/01/27 21.11.17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/05/29 09.41.31 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12.51.43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20.13.58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/22 10.42.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Lenovo
[2012/12/19 16.22.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Avaya
[2010/12/22 10.42.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Downloaded Installations
[2013/08/22 20.51.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\ElevatedDiagnostics
[2011/02/03 17.14.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\InterVideo
[2013/03/10 15.23.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Leadertech
[2011/01/14 14.49.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Lenovo
[2012/06/30 11.42.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Oracle
[2010/12/25 19.28.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Scooter Software
[2010/12/21 15.58.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Softland
[2010/12/21 15.09.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\ThinkVantage
[2013/02/03 10.38.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user 1\Dati applicazioni\Thunderbird

========== Purity Check ==========



< End of report >


Have you any other suggestion ?

Thanks,

Enrico

Edited by Enrico_57, 03 September 2013 - 08:46 AM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Enrico,

Sorry for the delay.

Nothing in the way or malware leaping out at me there.

Let's do a bit of a clean up and run another scan just to have a different look at things.

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:


    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
Next

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
So when you return please post
  • OTL.txt
  • FRST.txt

  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP