Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrendMicro's HijackThis log.


  • This topic is locked This topic is locked
21 replies to this topic

#1 cocutzamisca

cocutzamisca

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Onesti
  • Local time:06:46 PM

Posted 01 August 2009 - 01:58 AM

I proceeded with a first step in scanning and quarantine some malware guided by another staff member in another topic that is closed. Referred from here: http://www.bleepingcomputer.com/forums/t/243575/am-i-still-infected/ ~ OB I have two HijackThis logs one before the removal and one after the malware was quarantined. So here's the first one:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:00, on 22/07/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\taskeng.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
D:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
D:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
D:\Program Files\ProcessTamer\ProcessTamerTray.exe
D:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Windows\system32\msfeedssync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - D:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - D:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [avast!] "D:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [MobileConnect] D:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Monitor] D:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] D:\PROGRA~1\MICROS~4\Office14\GROOVEMN.EXE
O4 - HKLM\..\Run: [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SmartRAM] "D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Yahoo! Messenger] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: ProcessTamer.lnk = D:\Program Files\ProcessTamer\ProcessTamerTray.exe
O4 - Global Startup: OfficeSAS.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res:///105
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Linked &Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Linked &Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1247596668028
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://test.update.microsoft.com/microsoft...b?1247998414449
O17 - HKLM\System\CCS\Services\Tcpip\..\{F48D132D-50DC-425A-8CE3-9EE3C75D7589}: NameServer = 193.230.161.3 193.230.161.4
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - D:\Program Files\WOT\WOT.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - D:\Windows\system32\ibmpmsvc.exe
O23 - Service: ISservice - Unknown owner - D:\Program Files\IObit\IObit Security 360\ISsrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: tp4serv - Lenovo Group Limited - D:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - D:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 7947 bytes

MENTION:I cannot run the DDS tools because they're not supported on windows 7.I run windows 7 RC build 7100.If you need any further info on this please ask.Thank you very much for your time.

Edited by Orange Blossom, 01 August 2009 - 07:24 AM.

cocutzamisca

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:46 AM

Posted 10 August 2009 - 12:02 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 cocutzamisca

cocutzamisca
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Onesti
  • Local time:06:46 PM

Posted 10 August 2009 - 02:40 PM

It's ok about the delay answer.The thing is the DDS tools are not compatibile with my os I run new windows 7 RC build 7100 so manny of the tools like the DDS and SAS not working with it.I performed the steps described but the command prompt window of the DDS tell it is not supported by my OS.There are a lot of services running on my machine I don't know what to do with them,they slow down my machine .I had a malware the reference link is in my first post,the malware is quarantined,but the advanced system care(my registry cleaner) warns me about my system running services that may be hijacked and advice me to post content on analisys.If you think it is necesary I'll post that log.Thanks for replay.
cocutzamisca

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:46 PM

Posted 13 August 2009 - 11:00 AM

A HiJack This team member should be with you soon. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:46 PM

Posted 13 August 2009 - 03:21 PM

Hi cocutzamisca,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

------------------------------------------------

Windows 7 is a new operating system so some tools do not work on it. If that happens here then let me know.

Let's try these two tools to check out the PC.

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
      Extra.txt <-- Will be minimized
    Then

    We need to scan for Rootkits with GMER
    • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Thanks :thumbup2:

Edited by m0le, 14 August 2009 - 06:47 AM.

Posted Image
m0le is a proud member of UNITE

#6 cocutzamisca

cocutzamisca
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Onesti
  • Local time:06:46 PM

Posted 14 August 2009 - 05:45 AM

Ki,mOle,I'm cocutzamisca and thanks for your time here.Here are the OTL logs:OTL logfile created on: 8/14/2009 1:07:26 PM - Run 1
OTL by OldTimer - Version 3.0.10.6 Folder = D:\Users\Nicoleta\Downloads
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

638.99 Mb Total Physical Memory | 285.31 Mb Available Physical Memory | 44.65% Memory free
1.62 Gb Paging File | 0.63 Gb Available in Paging File | 38.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 11.04 Gb Total Space | 2.26 Gb Free Space | 20.48% Space Free | Partition Type: NTFS
Drive D: | 36.62 Gb Total Space | 28.45 Gb Free Space | 77.69% Space Free | Partition Type: NTFS
Drive E: | 26.86 Gb Total Space | 11.45 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 24.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLETA-PC
Current User Name: Nicoleta
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/06/01 02:02:06 | 00,036,400 | ---- | M] (Lenovo) -- D:\Windows\System32\ibmpmsvc.exe
PRC - [2009/02/05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/11/09 23:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/04 12:52:18 | 00,014,336 | ---- | M] (Vodafone) -- D:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009/04/22 08:19:35 | 00,049,152 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\taskhost.exe
PRC - [2009/02/05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/04/22 08:19:02 | 02,607,616 | ---- | M] (Microsoft Corporation) -- D:\Windows\Explorer.EXE
PRC - [2009/02/05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/06/30 09:55:40 | 02,329,224 | ---- | M] (IObit) -- D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/02/05 23:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/04/20 19:07:26 | 00,337,216 | ---- | M] (BillP Studios) -- D:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/08/03 13:36:14 | 00,419,088 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/07/04 12:52:14 | 02,072,576 | ---- | M] (Vodafone) -- D:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009/08/13 17:20:23 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/19 14:23:24 | 00,202,064 | ---- | M] (IObit) -- D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2009/08/13 00:28:46 | 00,286,016 | ---- | M] () -- D:\Program Files\BitTorrent_DNA\dna.exe
PRC - [2007/08/18 20:12:28 | 00,217,088 | ---- | M] () -- D:\Program Files\ProcessTamer\ProcessTamerTray.exe
PRC - [2009/08/03 13:36:16 | 00,232,720 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/04/22 08:19:43 | 01,124,352 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/08/14 10:01:37 | 15,529,496 | ---- | M] (Doctor Web, Ltd.) -- D:\Users\Nicoleta\Downloads\launch.exe
PRC - [2008/09/15 14:31:56 | 00,116,024 | ---- | M] (Doctor Web, Ltd.) -- D:\Users\Nicoleta\AppData\Local\Temp\RarSFX1\75m53m.exe
PRC - [2009/06/30 16:54:00 | 02,094,320 | ---- | M] () -- D:\Users\Nicoleta\AppData\Local\Temp\RarSFX1\fe8n9.exe
PRC - [2009/05/26 21:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/22 08:19:42 | 00,256,000 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/07/31 14:00:47 | 00,307,704 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/14 12:59:17 | 00,513,536 | ---- | M] (OldTimer Tools) -- D:\Users\Nicoleta\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/22 08:19:51 | 00,027,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\appidsvc.dll -- (AppIDSvc [On_Demand | Stopped])
SRV - [2009/02/05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2007/02/06 23:33:40 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- D:\Windows\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2009/02/05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/04/22 08:19:54 | 00,088,064 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\AxInstSV.dll -- (AxInstSV [On_Demand | Stopped])
SRV - [2009/04/22 08:19:55 | 00,076,288 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\bdesvc.dll -- (BDESVC [Unknown | Stopped])
SRV - [2009/04/04 23:05:06 | 00,067,424 | ---- | M] (Microsoft Corporation) -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/04/22 08:20:13 | 00,218,624 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\defragsvc.dll -- (defragsvc [On_Demand | Stopped])
SRV - [2009/04/22 08:20:14 | 00,252,928 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dhcpcore.dll -- (Dhcp [Auto | Running])
SRV - [2009/04/22 08:19:00 | 00,556,544 | ---- | M] (Microsoft Corporation) -- D:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2009/04/22 08:19:00 | 00,094,720 | ---- | M] (Microsoft Corporation) -- D:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2009/04/22 08:22:15 | 01,086,976 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wevtsvc.dll -- (eventlog [Auto | Running])
SRV - [2009/04/22 08:20:30 | 00,797,184 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\FntCache.dll -- (FontCache [On_Demand | Stopped])
SRV - [2009/04/04 23:04:57 | 00,043,888 | ---- | M] (Microsoft Corporation) -- D:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/04/22 08:20:46 | 00,197,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ListSvc.dll -- (HomeGroupListener [On_Demand | Stopped])
SRV - [2009/04/22 08:21:43 | 00,164,864 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\provsvc.dll -- (HomeGroupProvider [On_Demand | Running])
SRV - [2007/06/01 02:02:06 | 00,036,400 | ---- | M] (Lenovo) -- D:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2009/04/04 23:04:34 | 00,879,456 | ---- | M] (Microsoft Corporation) -- D:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/22 08:20:42 | 00,019,968 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/08/03 13:36:16 | 00,232,720 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2009/04/04 23:04:35 | 00,129,896 | ---- | M] (Microsoft Corporation) -- D:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/04/22 08:21:42 | 00,269,824 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\pnrpsvc.dll -- (p2pimsvc [On_Demand | Running])
SRV - [2009/04/22 08:21:40 | 01,004,032 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\peerdistsvc.dll -- (PeerDistSvc [On_Demand | Stopped])
SRV - [2009/04/22 08:21:42 | 00,020,480 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg [On_Demand | Stopped])
SRV - [2009/04/22 08:21:42 | 00,269,824 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\pnrpsvc.dll -- (PNRPsvc [On_Demand | Running])
SRV - [2009/04/22 08:22:10 | 00,119,808 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\umpo.dll -- (Power [Auto | Running])
SRV - [2009/04/22 08:21:46 | 00,043,520 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper [Unknown | Running])
SRV - [2009/04/22 08:21:49 | 00,025,600 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc [On_Demand | Stopped])
SRV - [2009/04/22 08:19:20 | 03,179,520 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\sppsvc.exe -- (sppsvc [Auto | Stopped])
SRV - [2009/04/22 08:22:02 | 00,053,760 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\sppuinotify.dll -- (sppuinotify [On_Demand | Stopped])
SRV - [2009/04/22 08:22:07 | 00,037,888 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\themeservice.dll -- (Themes [Auto | Running])
SRV - [2008/07/04 12:52:18 | 00,014,336 | ---- | M] (Vodafone) -- D:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService [Auto | Running])
SRV - [2009/04/22 08:22:12 | 00,151,040 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wbiosrvc.dll -- (WbioSrvc [On_Demand | Stopped])
SRV - [2009/04/22 08:20:52 | 00,680,448 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2009/04/22 08:19:43 | 01,124,352 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2009/04/22 08:22:25 | 00,185,344 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wwansvc.dll -- (WwanSvc [On_Demand | Stopped])
SRV - [2008/11/09 23:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/04/22 06:50:20 | 00,162,816 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci [On_Demand | Stopped])
DRV - [2008/01/19 04:30:50 | 00,108,032 | ---- | M] (Intel Corporation) -- D:\Windows\System32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])
DRV - [2009/04/22 06:13:47 | 00,009,728 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi [On_Demand | Stopped])
DRV - [2009/04/22 08:24:35 | 00,422,992 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx [On_Demand | Stopped])
DRV - [2009/04/22 08:24:29 | 00,297,552 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci [On_Demand | Stopped])
DRV - [2009/04/22 08:24:21 | 00,146,512 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320 [On_Demand | Stopped])
DRV - [2009/04/22 05:11:54 | 01,035,776 | ---- | M] (LSI Corp) -- D:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2009/04/22 08:24:08 | 00,070,736 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx [On_Demand | Stopped])
DRV - [2009/04/22 08:24:04 | 00,014,416 | ---- | M] (Acer Laboratories Inc.) -- D:\Windows\system32\DRIVERS\aliide.sys -- (aliide [On_Demand | Stopped])
DRV - [2009/04/22 06:08:28 | 00,052,736 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM [On_Demand | Stopped])
DRV - [2009/04/22 08:24:13 | 00,077,904 | ---- | M] (AMD) -- D:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata [On_Demand | Stopped])
DRV - [2009/04/22 08:24:21 | 00,159,312 | ---- | M] (AMD Technologies Inc.) -- D:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs [On_Demand | Stopped])
DRV - [2009/04/22 08:24:04 | 00,023,120 | ---- | M] (AMD) -- D:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata [Boot | Running])
DRV - [2009/04/22 06:35:06 | 00,050,176 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\drivers\appid.sys -- (AppID [On_Demand | Stopped])
DRV - [2009/04/22 08:24:12 | 00,076,368 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\DRIVERS\arc.sys -- (arc [On_Demand | Stopped])
DRV - [2009/04/22 08:24:19 | 00,086,608 | ---- | M] (Adaptec, Inc.) -- D:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas [On_Demand | Stopped])
DRV - [2009/02/05 23:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- D:\Windows\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 23:06:59 | 00,051,792 | ---- | M] (ALWIL Software) -- D:\Windows\System32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2009/02/05 23:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- D:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2009/02/05 23:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- D:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 23:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- D:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007/02/06 23:38:32 | 01,133,568 | ---- | M] (ATI Technologies Inc.) -- D:\Windows\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/04/22 05:01:07 | 00,430,080 | ---- | M] (Broadcom Corporation) -- D:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv [On_Demand | Stopped])
DRV - [2009/04/22 05:01:07 | 00,229,888 | ---- | M] (Broadcom Corporation) -- D:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])
DRV - [2009/04/22 05:51:15 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- D:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2009/04/22 05:51:15 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- D:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2009/04/22 07:53:34 | 00,272,128 | ---- | M] (Brother Industries Ltd.) -- D:\Windows\System32\Drivers\Brserid.sys -- (Brserid [On_Demand | Stopped])
DRV - [2009/04/22 05:51:16 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- D:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm [On_Demand | Stopped])
DRV - [2009/04/22 05:51:17 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- D:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm [On_Demand | Stopped])
DRV - [2009/04/22 05:51:17 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- D:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2009/04/22 08:24:04 | 00,015,952 | ---- | M] (CMD Technology, Inc.) -- D:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide [On_Demand | Stopped])
DRV - [2009/04/22 08:23:29 | 00,369,056 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\Drivers\cng.sys -- (CNG [Boot | Running])
DRV - [2009/04/22 06:43:54 | 00,031,232 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\DRIVERS\CompositeBus.sys -- (CompositeBus [On_Demand | Running])
DRV - [2009/04/22 06:21:35 | 00,032,768 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\discache.sys -- (discache [System | Running])
DRV - [2009/04/22 05:01:09 | 00,159,232 | ---- | M] (Intel Corporation) -- D:\Windows\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/04/22 05:01:07 | 03,100,160 | ---- | M] (Broadcom Corporation) -- D:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv [On_Demand | Stopped])
DRV - [2009/04/22 08:24:23 | 00,453,712 | ---- | M] (Emulex) -- D:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor [On_Demand | Stopped])
DRV - [2009/04/22 08:24:05 | 00,045,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\FsDepends.sys -- (FsDepends [On_Demand | Stopped])
DRV - [2009/04/22 05:52:05 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- D:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir [On_Demand | Stopped])
DRV - [2009/04/22 06:16:45 | 00,021,504 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt [On_Demand | Stopped])
DRV - [2009/04/22 08:24:08 | 00,067,152 | ---- | M] (Hewlett-Packard Company) -- D:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD [On_Demand | Stopped])
DRV - [2008/03/17 11:05:30 | 00,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Running])
DRV - [2009/04/22 08:23:53 | 00,013,904 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy [Boot | Running])
DRV - [2009/04/22 08:24:21 | 00,332,368 | ---- | M] (Intel Corporation) -- D:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV [On_Demand | Stopped])
DRV - [2007/06/01 02:01:30 | 00,021,424 | ---- | M] (Lenovo.) -- D:\Windows\System32\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
DRV - [2009/04/22 08:24:02 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- D:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp [On_Demand | Stopped])
DRV - [2009/04/22 08:24:16 | 00,133,200 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg [Boot | Running])
DRV - [2009/04/22 08:24:14 | 00,095,824 | ---- | M] (LSI Corporation) -- D:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC [On_Demand | Stopped])
DRV - [2009/04/22 08:24:12 | 00,089,168 | ---- | M] (LSI Corporation) -- D:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS [On_Demand | Stopped])
DRV - [2009/04/22 08:24:06 | 00,054,864 | ---- | M] (LSI Corporation) -- D:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2 [On_Demand | Stopped])
DRV - [2009/04/22 08:24:13 | 00,096,848 | ---- | M] (LSI Corporation) -- D:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI [On_Demand | Stopped])
DRV - [2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2009/04/22 08:23:59 | 00,030,800 | ---- | M] (LSI Corporation) -- D:\Windows\system32\DRIVERS\megasas.sys -- (megasas [On_Demand | Stopped])
DRV - [2009/04/22 08:24:20 | 00,236,112 | ---- | M] (LSI Corporation, Inc.) -- D:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR [On_Demand | Stopped])
DRV - [2009/04/22 06:49:31 | 00,004,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf [On_Demand | Stopped])
DRV - [2009/04/22 06:45:25 | 00,012,288 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig [On_Demand | Stopped])
DRV - [2009/04/22 06:51:14 | 00,027,136 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\DRIVERS\ndiscap.sys -- (NdisCap [On_Demand | Stopped])
DRV - [2009/04/22 08:24:05 | 00,044,624 | ---- | M] (IBM Corporation) -- D:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960 [On_Demand | Stopped])
DRV - [2008/01/19 05:55:26 | 00,030,720 | ---- | M] (National Semiconductor Corporation) -- D:\Windows\System32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])
DRV - [2009/04/22 08:24:14 | 00,117,328 | ---- | M] (NVIDIA Corporation) -- D:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid [On_Demand | Stopped])
DRV - [2009/04/22 08:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) -- D:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor [On_Demand | Stopped])
DRV - [2009/04/22 08:24:04 | 00,042,576 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\pcw.sys -- (pcw [Boot | Running])
DRV - [2009/04/22 08:23:56 | 01,383,504 | ---- | M] (QLogic Corporation) -- D:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300 [On_Demand | Stopped])
DRV - [2009/04/22 08:23:49 | 00,105,552 | ---- | M] (QLogic Corporation) -- D:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx [On_Demand | Stopped])
DRV - [2009/04/22 06:53:30 | 00,049,152 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\DRIVERS\AgileVpn.sys -- (RasAgileVpn [On_Demand | Running])
DRV - [2009/04/22 07:01:13 | 00,018,432 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\DRIVERS\rdpbus.sys -- (rdpbus [On_Demand | Running])
DRV - [2009/04/22 07:00:12 | 00,007,168 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\rdprefmp.sys -- (RDPREFMP [System | Running])
DRV - [2009/04/22 08:23:55 | 00,173,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\rdyboost.sys -- (rdyboost [Boot | Running])
DRV - [2009/04/22 06:26:30 | 00,005,632 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap [On_Demand | Stopped])
DRV - [2009/04/22 06:32:05 | 00,026,624 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\DRIVERS\scfilter.sys -- (scfilter [Unknown | Stopped])
DRV - [2009/04/22 03:51:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- D:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2009/04/22 08:23:45 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- D:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2 [On_Demand | Stopped])
DRV - [2009/04/22 08:23:49 | 00,077,904 | ---- | M] (Silicon Integrated Systems) -- D:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4 [On_Demand | Stopped])
DRV - [2009/04/22 08:23:43 | 00,021,072 | ---- | M] (Promise Technology) -- D:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor [On_Demand | Stopped])
DRV - [2009/04/22 08:23:47 | 00,040,912 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt [Boot | Running])
DRV - [2009/04/22 08:23:44 | 00,028,240 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc [On_Demand | Stopped])
DRV - [2009/04/22 06:50:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\umpass.sys -- (UmPass [On_Demand | Stopped])
DRV - [2009/04/22 08:23:44 | 00,032,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot [Boot | Running])
DRV - [2009/04/22 08:23:52 | 00,158,288 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp [On_Demand | Stopped])
DRV - [2009/04/22 08:23:42 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) -- D:\Windows\system32\DRIVERS\viaide.sys -- (viaide [On_Demand | Stopped])
DRV - [2009/04/22 08:23:55 | 00,175,824 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus [On_Demand | Stopped])
DRV - [2009/04/22 06:26:29 | 00,017,920 | ---- | M] (Microsoft Corporation) -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID [On_Demand | Stopped])
DRV - [2009/04/22 08:23:52 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- D:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid [On_Demand | Stopped])
DRV - [2009/04/22 06:50:28 | 00,019,968 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\vwifibus.sys -- (vwifibus [On_Demand | Stopped])
DRV - [2009/04/22 06:52:25 | 00,009,728 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\DRIVERS\wfplwf.sys -- (WfpLwf [System | Running])
DRV - [2009/04/22 08:23:43 | 00,019,024 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drivers\wimmount.sys -- (WIMMount [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157






IE - HKU\S-1-5-21-2033308608-3020347244-3435433440-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2033308608-3020347244-3435433440-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll File not found
IE - HKU\S-1-5-21-2033308608-3020347244-3435433440-1000\S-1-5-21-2033308608-3020347244-3435433440-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://it.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official"
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.2
FF - prefs.js..extensions.enabledItems: {705c24c0-5c7b-11d9-9669-0800200c9a66}:1.3.0
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.9.1
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1
FF - prefs.js..extensions.enabledItems: lolifoxFierrMOD@ArturOsinski-Virtual_ManPL:1.0.0.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.2
FF - prefs.js..extensions.enabledItems: sxipper@sxip.com:2.2.2
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.8.3
FF - prefs.js..extensions.enabledItems: twittytunes@extras.foxytunes.com:0.5.4
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414
FF - prefs.js..extensions.enabledItems: {fc76dc89-03b7-47fe-ab1d-b317b062bba8}:1.0.15809
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: D:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/22 11:55:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009/08/12 17:26:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009/08/13 17:20:46 | 00,000,000 | ---D | M]

[2009/08/12 17:26:44 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Extensions
[2009/08/12 17:26:44 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/14 11:26:15 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions
[2009/08/12 21:06:16 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/13 00:05:05 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/08/13 00:08:22 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/08/12 23:43:58 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/13 00:07:38 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{705c24c0-5c7b-11d9-9669-0800200c9a66}
[2009/08/12 23:37:40 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/08/13 00:04:18 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/12 23:56:03 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009/08/12 23:46:45 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/08/13 00:01:53 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2009/08/13 00:13:15 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\{fc76dc89-03b7-47fe-ab1d-b317b062bba8}
[2009/08/12 23:39:02 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\lolifoxFierrMOD@ArturOsinski-Virtual_ManPL
[2009/08/12 23:36:03 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\personas@christopher.beard
[2009/08/12 23:39:27 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\sxipper@sxip.com
[2009/08/13 09:53:12 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\twitternotifier@naan.net
[2009/08/12 23:56:32 | 00,000,000 | ---D | M] -- D:\Users\Nicoleta\AppData\Roaming\mozilla\Firefox\Profiles\ml7zfkzr.default\extensions\twittytunes@extras.foxytunes.com
[2009/08/14 11:26:15 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions
[2009/08/12 17:15:05 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/13 17:20:51 | 00,000,000 | ---D | M] -- D:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/31 14:00:47 | 00,023,032 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/31 14:00:47 | 00,134,648 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/08/30 00:47:44 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/08/13 17:20:24 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/31 14:00:47 | 00,065,528 | ---- | M] (mozilla.org) -- D:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/03/08 12:35:22 | 00,001,534 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/09/10 14:15:22 | 00,001,412 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\demauro.xml
[2008/09/19 20:07:44 | 00,000,744 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-it.xml
[2008/04/16 07:08:20 | 00,001,706 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/29 10:17:30 | 00,001,182 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml
[2007/12/10 13:20:36 | 00,000,649 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: (824 bytes) - D:\Windows\System32\drivers\etc\Hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] D:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] D:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] D:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2033308608-3020347244-3435433440-1000..\Run: [BitTorrent DNA] D:\Program Files\BitTorrent_DNA\dna.exe ()
O4 - HKU\S-1-5-21-2033308608-3020347244-3435433440-1000..\Run: [Messenger (Yahoo!)] D:\Programmi\Yahoo!\Messenger\YahooMessenger.exe File not found
O4 - HKU\S-1-5-21-2033308608-3020347244-3435433440-1000..\Run: [SmartRAM] D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: D:\Users\Nicoleta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ProcessTamer.lnk = D:\Program Files\ProcessTamer\ProcessTamerTray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\Windows\System32\Ati2evxx.dll (ATI Technologies Inc.)
O30 - LSA: Security Packages - (pku2u) - D:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/22 11:25:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/20 18:42:25 | 00,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 15:32:19 | 00,000,095 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{270cd2bd-8742-11de-9925-00d059d9afe1}\Shell - "" = AutoRun
O33 - MountPoints2\{270cd2bd-8742-11de-9925-00d059d9afe1}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- [2007/08/17 15:35:00 | 00,204,800 | R--- | M] (Vodafone)
O33 - MountPoints2\{3d8e48bb-8794-11de-8a14-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3d8e48bb-8794-11de-8a14-806e6f6e6963}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- [2007/08/17 15:35:00 | 00,204,800 | R--- | M] (Vodafone)
O33 - MountPoints2\{ec666280-8760-11de-b2ef-00d059d9afe1}\Shell - "" = AutoRun
O33 - MountPoints2\{ec666280-8760-11de-b2ef-00d059d9afe1}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- [2007/08/17 15:35:00 | 00,204,800 | R--- | M] (Vodafone)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- [2007/08/17 15:35:00 | 00,204,800 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - D:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/14 13:08:27 | 00,001,176 | ---- | C] () -- D:\Users\Nicoleta\Desktop\DrWeb.csv
[2009/08/13 17:20:46 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\deploytk.dll
[2009/08/13 17:20:46 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaws.exe
[2009/08/13 17:20:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaw.exe
[2009/08/13 17:20:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\java.exe
[2009/08/13 17:20:14 | 00,000,000 | ---D | C] -- D:\Program Files\Java
[2009/08/13 14:55:08 | 00,002,755 | ---- | C] () -- D:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2009/08/13 14:54:48 | 00,000,000 | ---D | C] -- D:\ProgramData\Vodafone
[2009/08/13 14:30:17 | 85,940,661 | ---- | C] () -- D:\Users\Nicoleta\Desktop\setup_vmc10523RP11.exe
[2009/08/13 13:06:42 | 10,974,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieframe.dll
[2009/08/13 13:06:40 | 05,954,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.dll
[2009/08/13 13:06:01 | 00,299,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wmpdxm.dll
[2009/08/13 09:32:54 | 02,053,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iertutil.dll
[2009/08/13 09:31:48 | 01,550,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tquery.dll
[2009/08/13 09:31:45 | 01,400,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssrch.dll
[2009/08/13 09:31:42 | 00,381,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sxs.dll
[2009/08/13 09:31:41 | 00,429,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SearchIndexer.exe
[2009/08/13 09:31:39 | 00,666,624 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssvp.dll
[2009/08/13 09:31:37 | 00,337,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssph.dll
[2009/08/13 09:31:35 | 00,811,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\user32.dll
[2009/08/13 09:31:34 | 00,164,352 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SearchProtocolHost.exe
[2009/08/13 09:31:32 | 00,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssphtb.dll
[2009/08/13 09:31:31 | 00,710,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\ndis.sys
[2009/08/13 09:31:29 | 00,529,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\comctl32.dll
[2009/08/13 09:31:27 | 00,805,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cdosys.dll
[2009/08/13 09:31:26 | 00,086,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SearchFilterHost.exe
[2009/08/13 09:31:24 | 01,267,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\tcpip.sys
[2009/08/13 09:31:23 | 00,059,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msscntrs.dll
[2009/08/13 09:31:22 | 02,323,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[2009/08/13 09:31:20 | 00,304,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\gdi32.dll
[2009/08/13 03:02:08 | 00,000,000 | ---D | C] -- D:\Windows\Panther
[2009/08/13 02:06:01 | 00,000,000 | ---D | C] -- D:\Windows\SoftwareDistribution
[2009/08/13 02:03:19 | 00,000,000 | ---D | C] -- D:\Windows\Prefetch
[2009/08/13 02:02:55 | 50,252,1856 | -HS- | C] () -- D:\hiberfil.sys
[2009/08/13 00:47:55 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\vlc
[2009/08/13 00:40:39 | 00,001,037 | ---- | C] () -- D:\Users\Public\Desktop\VLC media player.lnk
[2009/08/13 00:39:47 | 00,000,000 | ---D | C] -- D:\Program Files\VideoLAN
[2009/08/13 00:28:59 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\BitTorrent
[2009/08/13 00:28:49 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\BitTorrent DNA
[2009/08/13 00:28:46 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\BitTorrent DNA
[2009/08/13 00:28:46 | 00,000,000 | ---D | C] -- D:\Program Files\BitTorrent_DNA
[2009/08/13 00:28:45 | 00,000,000 | ---D | C] -- D:\Program Files\BitTorrent
[2009/08/12 23:06:13 | 00,000,382 | ---- | C] () -- D:\Windows\tasks\AWC AutoSweep.job
[2009/08/12 22:08:58 | 00,000,376 | ---- | C] () -- D:\Windows\tasks\AWC Startup.job
[2009/08/12 22:08:36 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\IObit
[2009/08/12 22:08:35 | 00,000,000 | ---D | C] -- D:\Program Files\IObit
[2009/08/12 22:00:49 | 24,281,536 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MRT.exe
[2009/08/12 21:45:33 | 00,000,000 | ---D | C] -- D:\Users\Public\Documents\Malwarebytes' Anti-Malware.v1.38.Multilingual_Incl.Keygen
[2009/08/12 21:40:45 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\Macromedia
[2009/08/12 21:38:16 | 00,000,490 | ---- | C] () -- D:\Windows\tasks\Malwarebytes' Scheduled Update for Nicoleta.job
[2009/08/12 21:32:40 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\Yahoo
[2009/08/12 21:29:37 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\Malwarebytes
[2009/08/12 21:29:32 | 00,000,992 | ---- | C] () -- D:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/12 21:29:28 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/12 21:29:25 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2009/08/12 21:29:25 | 00,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2009/08/12 21:29:24 | 00,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2009/08/12 21:26:11 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\WinRAR
[2009/08/12 21:25:52 | 00,000,000 | ---D | C] -- D:\Program Files\WinRAR
[2009/08/12 21:25:32 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\Yahoo!
[2009/08/12 21:25:32 | 00,000,000 | ---D | C] -- D:\ProgramData\Yahoo! Companion
[2009/08/12 21:19:59 | 00,000,000 | ---D | C] -- D:\ProgramData\Yahoo!
[2009/08/12 21:19:51 | 00,000,000 | ---D | C] -- D:\Program Files\Yahoo!
[2009/08/12 21:16:50 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\Free-backup.info
[2009/08/12 21:01:58 | 00,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight
[2009/08/12 20:59:52 | 00,000,000 | ---D | C] -- D:\Program Files\BillP Studios
[2009/08/12 20:58:58 | 00,001,084 | ---- | C] () -- D:\Users\Nicoleta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ProcessTamer.lnk
[2009/08/12 20:58:12 | 00,000,046 | ---- | C] () -- D:\Windows\System32\DonationCoder_processtamer_InstallInfo.dat
[2009/08/12 20:58:12 | 00,000,046 | ---- | C] () -- D:\Users\Nicoleta\AppData\Local\DonationCoder_processtamer_InstallInfo.dat
[2009/08/12 20:58:05 | 00,000,000 | ---D | C] -- D:\ProgramData\DonationCoder
[2009/08/12 20:58:05 | 00,000,000 | ---D | C] -- D:\Program Files\ProcessTamer
[2009/08/12 20:45:39 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\Adobe
[2009/08/12 20:43:17 | 00,000,000 | ---D | C] -- D:\Program Files\VS Revo Group
[2009/08/12 20:42:26 | 00,000,796 | ---- | C] () -- D:\Users\Nicoleta\Desktop\My exe - collegamento.lnk
[2009/08/12 20:16:36 | 00,000,010 | ---- | C] () -- D:\Windows\WININIT.INI
[2009/08/12 19:53:16 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\Vodafone
[2009/08/12 19:47:43 | 00,000,000 | ---D | C] -- D:\ProgramData\InstallShield
[2009/08/12 19:46:57 | 00,000,000 | ---D | C] -- D:\Windows\pss
[2009/08/12 19:45:01 | 00,101,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- D:\Windows\System32\drivers\ewusbmdm.sys
[2009/08/12 19:41:22 | 00,000,000 | ---D | C] -- D:\Program Files\Vodafone
[2009/08/12 19:38:39 | 00,008,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SpOrder.dll
[2009/08/12 19:38:29 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\{9E6B02FE-9E80-401C-9E0F-325BDC23D68D}
[2009/08/12 17:39:06 | 00,680,010 | ---- | C] () -- D:\Windows\System32\perfh010.dat
[2009/08/12 17:39:06 | 00,335,478 | ---- | C] () -- D:\Windows\System32\perfi010.dat
[2009/08/12 17:39:06 | 00,124,008 | ---- | C] () -- D:\Windows\System32\perfc010.dat
[2009/08/12 17:39:06 | 00,037,536 | ---- | C] () -- D:\Windows\System32\perfd010.dat
[2009/08/12 17:37:03 | 00,000,000 | ---D | C] -- D:\Windows\it-IT
[2009/08/12 17:36:31 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\NeoSmart_Technologies
[2009/08/12 17:36:22 | 00,000,000 | ---D | C] -- D:\Windows\System32\XPSViewer
[2009/08/12 17:36:20 | 00,000,000 | ---D | C] -- D:\Windows\System32\drivers\it-IT
[2009/08/12 17:36:19 | 00,000,000 | ---D | C] -- D:\Windows\System32\0410
[2009/08/12 17:35:54 | 00,000,000 | ---D | C] -- D:\Windows\System32\it
[2009/08/12 17:33:09 | 00,000,000 | ---D | C] -- D:\Program Files\NeoSmart Technologies
[2009/08/12 17:26:48 | 00,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2009/08/12 17:26:33 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\Mozilla
[2009/08/12 17:26:32 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\Mozilla
[2009/08/12 17:25:04 | 00,027,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\volsnap.sys.mui
[2009/08/12 17:25:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\usbport.sys.mui
[2009/08/12 17:25:04 | 00,011,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\usbhub.sys.mui
[2009/08/12 17:25:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\vhdmp.sys.mui
[2009/08/12 17:25:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\tpm.sys.mui
[2009/08/12 17:25:04 | 00,003,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\portcls.sys.mui
[2009/08/12 17:25:04 | 00,003,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\umbus.sys.mui
[2009/08/12 17:25:04 | 00,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\wd.sys.mui
[2009/08/12 17:25:03 | 00,003,584 | ---- | C] (SCM Microsystems, Inc.) -- D:\Windows\System32\drivers\it-IT\pscr.sys.mui
[2009/08/12 17:25:03 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\serscan.sys.mui
[2009/08/12 17:24:57 | 00,004,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\pcmcia.sys.mui
[2009/08/12 17:24:56 | 00,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\vwifibus.sys.mui
[2009/08/12 17:24:55 | 00,003,072 | ---- | C] (VIA Technologies, Inc. ) -- D:\Windows\System32\drivers\it-IT\getn62.sys.mui
[2009/08/12 17:24:55 | 00,003,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\rndismpx.sys.mui
[2009/08/12 17:24:55 | 00,003,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\rndismp6.sys.mui
[2009/08/12 17:24:54 | 00,033,280 | ---- | C] (Marvell) -- D:\Windows\System32\drivers\it-IT\yk62x86.sys.mui
[2009/08/12 17:24:54 | 00,012,800 | ---- | C] (Broadcom Corporation) -- D:\Windows\System32\drivers\it-IT\k57nd60x.sys.mui
[2009/08/12 17:24:53 | 00,022,016 | ---- | C] (Intel Corporation) -- D:\Windows\System32\drivers\it-IT\e1e6032.sys.mui
[2009/08/12 17:24:53 | 00,018,944 | ---- | C] (Intel Corporation) -- D:\Windows\System32\drivers\it-IT\E1G60I32.sys.mui
[2009/08/12 17:24:53 | 00,012,800 | ---- | C] (Broadcom Corporation) -- D:\Windows\System32\drivers\it-IT\b57nd60x.sys.mui
[2009/08/12 17:24:53 | 00,005,120 | ---- | C] (Intel Corporation) -- D:\Windows\System32\drivers\it-IT\e100b325.sys.mui
[2009/08/12 17:24:52 | 00,037,888 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\mpio.sys.mui
[2009/08/12 17:24:52 | 00,022,016 | ---- | C] (Intel Corporation) -- D:\Windows\System32\drivers\it-IT\e1y6032.sys.mui
[2009/08/12 17:24:52 | 00,011,776 | ---- | C] (Intel Corporation) -- D:\Windows\System32\drivers\it-IT\e1q6032.sys.mui
[2009/08/12 17:24:52 | 00,011,776 | ---- | C] (Intel Corporation) -- D:\Windows\System32\drivers\it-IT\e1k6032.sys.mui
[2009/08/12 17:24:52 | 00,011,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\serial.sys.mui
[2009/08/12 17:24:52 | 00,011,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\i8042prt.sys.mui
[2009/08/12 17:24:52 | 00,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\msdsm.sys.mui
[2009/08/12 17:24:52 | 00,005,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\sermouse.sys.mui
[2009/08/12 17:24:52 | 00,005,632 | ---- | C] (Broadcom Corporation) -- D:\Windows\System32\drivers\it-IT\bcm4sbxp.sys.mui
[2009/08/12 17:24:52 | 00,004,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\mouclass.sys.mui
[2009/08/12 17:24:52 | 00,003,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\parport.sys.mui
[2009/08/12 17:24:52 | 00,003,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\ataport.sys.mui
[2009/08/12 17:24:52 | 00,003,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\scsiport.sys.mui
[2009/08/12 17:24:52 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\parvdm.sys.mui
[2009/08/12 17:24:52 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\MTConfig.sys.mui
[2009/08/12 17:24:52 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\mouhid.sys.mui
[2009/08/12 17:24:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\amdide.sys.mui
[2009/08/12 17:24:50 | 00,016,896 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\afd.sys.mui
[2009/08/12 17:24:45 | 00,030,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\bfe.dll.mui
[2009/08/12 17:24:45 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\wdf01000.sys.mui
[2009/08/12 17:24:45 | 00,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\ws2ifsl.sys.mui
[2009/08/12 17:24:43 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\usbrpm.sys.mui
[2009/08/12 17:24:42 | 00,046,592 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\tcpip.sys.mui
[2009/08/12 17:24:42 | 00,008,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\tunnel.sys.mui
[2009/08/12 17:24:42 | 00,003,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\modem.sys.mui
[2009/08/12 17:24:38 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\srv.sys.mui
[2009/08/12 17:24:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\fvevol.sys.mui
[2009/08/12 17:24:37 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\scfilter.sys.mui
[2009/08/12 17:24:34 | 00,005,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\rdbss.sys.mui
[2009/08/12 17:24:33 | 00,016,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\pacer.sys.mui
[2009/08/12 17:24:33 | 00,003,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\RNDISMP.sys.mui
[2009/08/12 17:24:33 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\qwavedrv.sys.mui
[2009/08/12 17:24:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\partmgr.sys.mui
[2009/08/12 17:24:28 | 00,067,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\ntfs.sys.mui
[2009/08/12 17:24:28 | 00,015,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\nwifi.sys.mui
[2009/08/12 17:24:27 | 00,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\ndis.sys.mui
[2009/08/12 17:24:27 | 00,003,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\ndisuio.sys.mui
[2009/08/12 17:24:24 | 00,006,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\ndiscap.sys.mui
[2009/08/12 17:24:21 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\mountmgr.sys.mui
[2009/08/12 17:24:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\luafv.sys.mui
[2009/08/12 17:24:19 | 00,003,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\ipnat.sys.mui
[2009/08/12 17:24:16 | 00,038,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\http.sys.mui
[2009/08/12 17:24:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\fltmgr.sys.mui
[2009/08/12 17:24:05 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\volmgrx.sys.mui
[2009/08/12 17:23:59 | 00,011,264 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\System32\drivers\it-IT\BrSerIb.sys.mui
[2009/08/12 17:23:59 | 00,011,264 | ---- | C] (Agere Systems) -- D:\Windows\System32\drivers\it-IT\ltmdmnt.sys.mui
[2009/08/12 17:23:59 | 00,009,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\pci.sys.mui
[2009/08/12 17:23:59 | 00,006,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\IPMIDrv.sys.mui
[2009/08/12 17:23:59 | 00,004,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\kbdclass.sys.mui
[2009/08/12 17:23:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\vdrvroot.sys.mui
[2009/08/12 17:23:59 | 00,004,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\isapnp.sys.mui
[2009/08/12 17:23:59 | 00,003,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\mssmbios.sys.mui
[2009/08/12 17:23:59 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\VIAAGP.SYS.mui
[2009/08/12 17:23:59 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\ULIAGPKX.SYS.mui
[2009/08/12 17:23:59 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\SISAGP.SYS.mui
[2009/08/12 17:23:59 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\pnpmem.sys.mui
[2009/08/12 17:23:59 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\NV_AGP.SYS.mui
[2009/08/12 17:23:59 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\kbdhid.sys.mui
[2009/08/12 17:23:59 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\AMDAGP.SYS.mui
[2009/08/12 17:23:59 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\AGP440.sys.mui
[2009/08/12 17:23:58 | 00,004,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\wacompen.sys.mui
[2009/08/12 17:23:58 | 00,004,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\hdaudbus.sys.mui
[2009/08/12 17:23:58 | 00,003,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\HdAudio.sys.mui
[2009/08/12 17:23:58 | 00,003,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\hidbth.sys.mui
[2009/08/12 17:23:58 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\Dot4usb.sys.mui
[2009/08/12 17:23:58 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\disk.sys.mui
[2009/08/12 17:23:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\viac7.sys.mui
[2009/08/12 17:23:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\processr.sys.mui
[2009/08/12 17:23:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\intelppm.sys.mui
[2009/08/12 17:23:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\amdppm.sys.mui
[2009/08/12 17:23:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\amdk8.sys.mui
[2009/08/12 17:23:57 | 00,011,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\ohci1394.sys.mui
[2009/08/12 17:23:57 | 00,011,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\1394ohci.sys.mui
[2009/08/12 17:23:57 | 00,011,264 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\System32\drivers\it-IT\BrSerId.sys.mui
[2009/08/12 17:23:57 | 00,010,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\acpi.sys.mui
[2009/08/12 17:23:57 | 00,009,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\battc.sys.mui
[2009/08/12 17:23:57 | 00,008,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\bthport.sys.mui
[2009/08/12 17:23:57 | 00,004,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\bthpan.sys.mui
[2009/08/12 17:23:57 | 00,003,584 | ---- | C] (ATI Technologies Inc.) -- D:\Windows\System32\drivers\it-IT\atikmdag.sys.mui
[2009/08/12 17:23:57 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\UAGP35.SYS.mui
[2009/08/12 17:23:57 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\GAGP30KX.SYS.mui
[2009/08/12 17:23:57 | 00,002,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\BTHUSB.SYS.mui
[2009/08/12 17:23:57 | 00,002,560 | ---- | C] (Brother Industries Ltd.) -- D:\Windows\System32\drivers\it-IT\BrParwdm.sys.mui
[2009/08/12 17:23:57 | 00,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\cdrom.sys.mui
[2009/08/12 17:23:57 | 00,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\it-IT\bthenum.sys.mui
[2009/08/12 17:16:38 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\WinPatrol
[2009/08/12 17:15:42 | 00,000,000 | ---D | C] -- D:\Windows\System32\Macromed
[2009/08/12 17:14:59 | 00,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2009/08/12 17:12:24 | 00,057,560 | ---- | C] () -- D:\Users\Nicoleta\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/12 17:00:57 | 00,000,000 | ---D | C] -- D:\Windows\System32\ReinstallBackups
[2009/08/12 17:00:38 | 00,000,000 | -H-D | C] -- D:\Program Files\InstallShield Installation Information
[2009/08/12 16:59:55 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\InstallShield
[2009/08/12 16:59:00 | 00,000,000 | ---D | C] -- D:\Program Files\Phildec
[2009/08/12 16:58:59 | 00,000,000 | ---D | C] -- D:\Program Files\FGLMax
[2009/08/12 16:58:58 | 00,000,000 | ---D | C] -- D:\Program Files\Driver
[2009/08/12 16:58:57 | 00,000,000 | ---D | C] -- D:\Program Files\CPanel
[2009/08/12 16:58:57 | 00,000,000 | ---D | C] -- D:\Program Files\BIN
[2009/08/12 16:39:59 | 00,023,152 | ---- | C] (ALWIL Software) -- D:\Windows\System32\drivers\aswRdr.sys
[2009/08/12 16:39:58 | 00,051,376 | ---- | C] (ALWIL Software) -- D:\Windows\System32\drivers\aswTdi.sys
[2009/08/12 16:39:55 | 00,097,480 | ---- | C] (ALWIL Software) -- D:\Windows\System32\AvastSS.scr
[2009/08/12 16:39:54 | 00,114,768 | ---- | C] (ALWIL Software) -- D:\Windows\System32\drivers\aswSP.sys
[2009/08/12 16:39:54 | 00,020,560 | ---- | C] (ALWIL Software) -- D:\Windows\System32\drivers\aswFsBlk.sys
[2009/08/12 16:39:26 | 01,256,296 | ---- | C] (ALWIL Software) -- D:\Windows\System32\aswBoot.exe
[2009/08/12 16:39:26 | 01,060,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MFC71.dll
[2009/08/12 16:39:26 | 00,380,928 | ---- | C] () -- D:\Windows\System32\actskin4.ocx
[2009/08/12 16:39:26 | 00,051,792 | ---- | C] (ALWIL Software) -- D:\Windows\System32\drivers\aswMonFlt.sys
[2009/08/12 16:39:23 | 00,000,000 | ---D | C] -- D:\Program Files\Alwil Software
[2009/08/12 16:37:26 | 00,000,000 | ---D | C] -- D:\Windows\System32\Adobe
[2009/08/12 16:32:45 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\Macrovision
[2009/08/12 16:29:44 | 01,731,378 | -H-- | C] () -- D:\Users\Nicoleta\AppData\Local\IconCache.db
[2009/08/12 16:24:06 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\Programs
[2009/08/12 16:23:56 | 00,000,000 | ---D | C] -- D:\ProgramData\Macrovision
[2009/08/12 16:23:12 | 00,000,000 | -HSD | C] -- D:\Windows\Installer
[2009/08/12 16:23:10 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\Downloaded Installations
[2009/08/12 16:17:43 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\ElevatedDiagnostics
[2009/08/12 16:16:32 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\Identities
[2009/08/12 16:16:16 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\VirtualStore
[2009/08/12 16:16:14 | 00,000,000 | -HSD | C] -- D:\Users\Nicoleta\Documents\My Videos
[2009/08/12 16:16:14 | 00,000,000 | -HSD | C] -- D:\Users\Nicoleta\Documents\My Pictures
[2009/08/12 16:16:14 | 00,000,000 | -HSD | C] -- D:\Users\Nicoleta\Documents\My Music
[2009/08/12 16:16:14 | 00,000,000 | -HSD | C] -- D:\Users\Nicoleta\AppData\Local\Temporary Internet Files
[2009/08/12 16:16:14 | 00,000,000 | -HSD | C] -- D:\Users\Nicoleta\AppData\Local\History
[2009/08/12 16:16:14 | 00,000,000 | -HSD | C] -- D:\Users\Nicoleta\AppData\Local\Application Data
[2009/08/12 16:16:13 | 00,000,000 | --SD | C] -- D:\Users\Nicoleta\AppData\Roaming\Microsoft
[2009/08/12 16:16:13 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Roaming\Media Center Programs
[2009/08/12 16:16:13 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\Temp
[2009/08/12 16:16:13 | 00,000,000 | ---D | C] -- D:\Users\Nicoleta\AppData\Local\Microsoft
[2009/08/12 16:14:19 | 00,000,000 | -HSD | C] -- D:\Recovery
[2009/08/12 15:23:46 | 00,000,000 | -HSD | C] -- D:\RECYCLER
[2009/08/12 14:58:27 | 00,000,000 | -HSD | C] -- D:\System Volume Information
[2009/08/05 16:14:00 | 00,000,976 | ---- | C] () -- D:\Users\Nicoleta\Desktop\Shortcut to MICROSOFT.OFFICE.2010.v14.0.4302.1000.BETA.1.VOLUME.X86-64.ENGLISH-WZT.lnk
[2009/08/04 21:40:03 | 16,976,487 | ---- | C] () -- D:\Users\Public\Documents\Win7Updates_x86.zip
[2009/04/22 08:58:02 | 00,000,403 | ---- | C] () -- D:\Windows\win.ini
[2009/04/22 08:58:02 | 00,000,219 | ---- | C] () -- D:\Windows\system.ini
[2009/04/22 06:50:07 | 00,073,216 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/04/22 06:40:32 | 00,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2008/04/28 13:26:24 | 00,013,312 | ---- | C] () -- D:\Windows\System32\CallSimReader.dll
[2008/04/28 13:26:20 | 00,055,808 | ---- | C] () -- D:\Windows\System32\SimReader.dll

========== Files - Modified Within 30 Days ==========

[2009/08/14 13:08:27 | 00,001,176 | ---- | M] () -- D:\Users\Nicoleta\Desktop\DrWeb.csv
[2009/08/14 09:27:18 | 01,516,556 | ---- | M] () -- D:\Windows\System32\PerfStringBackup.INI
[2009/08/14 09:27:18 | 00,680,010 | ---- | M] () -- D:\Windows\System32\perfh010.dat
[2009/08/14 09:27:18 | 00,607,190 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2009/08/14 09:27:18 | 00,124,008 | ---- | M] () -- D:\Windows\System32\perfc010.dat
[2009/08/14 09:27:18 | 00,103,568 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2009/08/14 09:24:32 | 00,013,200 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/14 09:24:32 | 00,013,200 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/14 09:17:46 | 00,000,382 | ---- | M] () -- D:\Windows\tasks\AWC AutoSweep.job
[2009/08/14 09:17:08 | 00,000,376 | ---- | M] () -- D:\Windows\tasks\AWC Startup.job
[2009/08/14 09:16:51 | 00,000,006 | -H-- | M] () -- D:\Windows\tasks\SA.DAT
[2009/08/14 09:16:28 | 00,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2009/08/14 09:16:21 | 50,252,1856 | -HS- | M] () -- D:\hiberfil.sys
[2009/08/13 17:24:05 | 01,731,378 | -H-- | M] () -- D:\Users\Nicoleta\AppData\Local\IconCache.db
[2009/08/13 17:20:22 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaws.exe
[2009/08/13 17:20:21 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaw.exe
[2009/08/13 17:20:21 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\java.exe
[2009/08/13 17:20:20 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\deploytk.dll
[2009/08/13 17:00:12 | 00,002,577 | ---- | M] () -- D:\Windows\System32\config.nt
[2009/08/13 14:55:08 | 00,002,755 | ---- | M] () -- D:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2009/08/13 14:42:38 | 00,265,464 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/08/13 14:11:48 | 00,000,490 | ---- | M] () -- D:\Windows\tasks\Malwarebytes' Scheduled Update for Nicoleta.job
[2009/08/13 02:08:18 | 00,028,965 | ---- | M] () -- D:\Windows\System32\license.rtf
[2009/08/13 00:40:39 | 00,001,037 | ---- | M] () -- D:\Users\Public\Desktop\VLC media player.lnk
[2009/08/12 22:26:50 | 00,000,976 | ---- | M] () -- D:\Users\Nicoleta\Desktop\Shortcut to MICROSOFT.OFFICE.2010.v14.0.4302.1000.BETA.1.VOLUME.X86-64.ENGLISH-WZT.lnk
[2009/08/12 21:29:32 | 00,000,992 | ---- | M] () -- D:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/12 20:58:58 | 00,001,084 | ---- | M] () -- D:\Users\Nicoleta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ProcessTamer.lnk
[2009/08/12 20:58:12 | 00,000,046 | ---- | M] () -- D:\Windows\System32\DonationCoder_processtamer_InstallInfo.dat
[2009/08/12 20:58:12 | 00,000,046 | ---- | M] () -- D:\Users\Nicoleta\AppData\Local\DonationCoder_processtamer_InstallInfo.dat
[2009/08/12 20:42:26 | 00,000,796 | ---- | M] () -- D:\Users\Nicoleta\Desktop\My exe - collegamento.lnk
[2009/08/12 20:16:36 | 00,000,010 | ---- | M] () -- D:\Windows\WININIT.INI
[2009/08/12 19:38:39 | 00,008,464 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\SpOrder.dll
[2009/08/12 17:35:18 | 00,335,478 | ---- | M] () -- D:\Windows\System32\perfi010.dat
[2009/08/12 17:35:18 | 00,037,536 | ---- | M] () -- D:\Windows\System32\perfd010.dat
[2009/08/12 17:26:48 | 00,000,000 | ---- | M] () -- D:\Windows\nsreg.dat
[2009/08/12 17:12:24 | 00,057,560 | ---- | M] () -- D:\Users\Nicoleta\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/04 22:00:05 | 16,976,487 | ---- | M] () -- D:\Users\Public\Documents\Win7Updates_x86.zip
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2009/07/29 17:49:16 | 24,281,536 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MRT.exe
[2009/07/25 09:09:12 | 05,954,048 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtml.dll
[2009/07/25 09:08:01 | 10,974,208 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieframe.dll
[2009/07/18 06:28:21 | 00,299,520 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wmpdxm.dll
< End of report >
And the second log:OTL Extras logfile created on: 8/14/2009 1:07:26 PM - Run 1
OTL by OldTimer - Version 3.0.10.6 Folder = D:\Users\Nicoleta\Downloads
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

638.99 Mb Total Physical Memory | 285.31 Mb Available Physical Memory | 44.65% Memory free
1.62 Gb Paging File | 0.63 Gb Available in Paging File | 38.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 11.04 Gb Total Space | 2.26 Gb Free Space | 20.48% Space Free | Partition Type: NTFS
Drive D: | 36.62 Gb Total Space | 28.45 Gb Free Space | 77.69% Space Free | Partition Type: NTFS
Drive E: | 26.86 Gb Total Space | 11.45 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 24.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICOLETA-PC
Current User Name: Nicoleta
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- D:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2033308608-3020347244-3435433440-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\BitTorrent\bittorrent.exe" = D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"EasyBCD" = EasyBCD 1.7.2
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"Power Management Driver" = ThinkPad Power Management Driver
"Process Tamer_is1" = Process Tamer 2.09.01
"Revo Uninstaller" = Revo Uninstaller 1.83
"VLC media player" = VLC media player 1.0.1
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2033308608-3020347244-3435433440-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0
"BitTorrent DNA" = BitTorrent DNA

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/12/2009 3:56:54 PM | Computer Name = Nicoleta-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/12/2009 3:57:04 PM | Computer Name = Nicoleta-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/13/2009 2:53:49 AM | Computer Name = Nicoleta-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\Windows\SoftwareDistribution\Download\db7f424bdee91b9e8f0fca26121ec29b\BIT378D.tmp
failed, 00000026.

Error - 8/13/2009 3:33:11 AM | Computer Name = Nicoleta-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\Windows\SoftwareDistribution\Download\db7f424bdee91b9e8f0fca26121ec29b\BIT378D.tmp
failed, 00000026.

Error - 8/13/2009 8:49:33 AM | Computer Name = Nicoleta-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/13/2009 8:50:19 AM | Computer Name = Nicoleta-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/13/2009 8:50:51 AM | Computer Name = Nicoleta-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/13/2009 9:48:21 AM | Computer Name = Nicoleta-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

[ Application Events ]
Error - 8/12/2009 5:22:07 PM | Computer Name = Nicoleta-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 8/12/2009 5:22:10 PM | Computer Name = Nicoleta-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 8/12/2009 5:22:10 PM | Computer Name = Nicoleta-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 8/12/2009 5:22:10 PM | Computer Name = Nicoleta-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 8/12/2009 5:22:10 PM | Computer Name = Nicoleta-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 8/13/2009 5:38:48 AM | Computer Name = Nicoleta-PC | Source = Application Hang | ID = 1002
Description = Il programma firefox.exe versione 1.9.0.3498 non interagisce piu con
Windows ed e stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Centro operativo nel Pannello
di controllo. ID processo: 468 Ora di avvio: 01ca1be2ba3f4320 Ora di chiusura: 6279

Percorso
applicazione: D:\Program Files\Mozilla Firefox\firefox.exe ID segnalazione: 0c3a0db1-87ed-11de-a6e4-00d059d9afe1


Error - 8/13/2009 5:44:32 AM | Computer Name = Nicoleta-PC | Source = Application Hang | ID = 1002
Description = Il programma firefox.exe versione 1.9.0.3498 non interagisce piu con
Windows ed e stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Centro operativo nel Pannello
di controllo. ID processo: d68 Ora di avvio: 01ca1bf9fc5e5910 Ora di chiusura: 271

Percorso
applicazione: D:\Program Files\Mozilla Firefox\firefox.exe ID segnalazione: db3db211-87ed-11de-a6e4-00d059d9afe1


Error - 8/13/2009 7:32:02 AM | Computer Name = Nicoleta-PC | Source = VSS | ID = 8194
Description =

Error - 8/13/2009 10:05:50 AM | Computer Name = Nicoleta-PC | Source = Application Hang | ID = 1002
Description = Il programma YahooMessenger.exe versione 9.0.0.2162 non interagisce
piu con Windows ed e stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Centro operativo nel Pannello
di controllo. ID processo: 9f0 Ora di avvio: 01ca1c0d817b7c20 Ora di chiusura: 1112

Percorso
applicazione: D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ID segnalazione:
57eb49e1-8812-11de-8c9b-00d059d9afe1

Error - 8/14/2009 2:18:49 AM | Computer Name = Nicoleta-PC | Source = RasClient | ID = 20227
Description =

[ System Events ]
Error - 8/12/2009 5:22:12 PM | Computer Name = Nicoleta-PC | Source = Service Control Manager | ID = 7031
Description = Il servizio Windows Search e stato arrestato in modo imprevisto. Questo
problema si e verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite
tra 30000 millisecondi: Riavvia il servizio.

Error - 8/12/2009 5:22:42 PM | Computer Name = Nicoleta-PC | Source = Service Control Manager | ID = 7032
Description = Tentativo di eseguire un'azione di correzione (Riavvia il servizio)
dopo l'arresto imprevista del servizio Windows Search. Tentativo non riuscito per
l'errore: %%1056

Error - 8/13/2009 2:15:14 AM | Computer Name = Nicoleta-PC | Source = volmgr | ID = 262190
Description = Impossibile inizializzare i dettagli arresto anomalo del sistema.

Error - 8/13/2009 2:15:23 AM | Computer Name = Nicoleta-PC | Source = volmgr | ID = 262190
Description = Impossibile inizializzare i dettagli arresto anomalo del sistema.

Error - 8/13/2009 3:55:38 AM | Computer Name = Nicoleta-PC | Source = DCOM | ID = 10010
Description =

Error - 8/14/2009 2:16:13 AM | Computer Name = Nicoleta-PC | Source = volsnap | ID = 393245
Description = Le copie shadow del volume D: sono state interrotte durante il rilevamento.

Error - 8/14/2009 2:16:13 AM | Computer Name = Nicoleta-PC | Source = volsnap | ID = 393245
Description = Le copie shadow del volume E: sono state interrotte durante il rilevamento.

Error - 8/14/2009 5:51:09 AM | Computer Name = Nicoleta-PC | Source = DCOM | ID = 10005
Description =

Error - 8/14/2009 5:51:08 AM | Computer Name = Nicoleta-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
servizio Copia shadow del volume.

Error - 8/14/2009 5:51:08 AM | Computer Name = Nicoleta-PC | Source = Service Control Manager | ID = 7000
Description = Il servizio Copia shadow del volume non e stato avviato per il seguente
errore: %%1053


< End of report >
Now the GMER log:GMER 1.0.15.15020 [x4w41uio.exe] - http://www.gmer.net
Rootkit scan 2009-08-14 13:26:36
Windows 6.1.7100


---- System - GMER 1.0.15 ----

INT 0x30 \SystemRoot\system32\halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282EC94
INT 0x38 \SystemRoot\system32\halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8281FC6C

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 828864A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 828A6952 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 96D6FC9D 28 Bytes [8F, F6, F1, EB, 96, 39, 9C, ...]
.text peauth.sys 96D6FCC1 28 Bytes [8F, F6, F1, EB, 96, 39, 9C, ...]
? D:\Users\Nicoleta\AppData\Local\Temp\vrC81OVs.sys Impossibile trovare il file specificato. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[612] @ D:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] D:\Program Files\Yahoo!\Messenger\yui.dll
IAT D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1824] @ D:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75394A2D] D:\Windows\system32\apphelp.dll (Libreria client compatibilita applicazione/Microsoft Corporation)
IAT D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1824] @ D:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75394A2D] D:\Windows\system32\apphelp.dll (Libreria client compatibilita applicazione/Microsoft Corporation)
IAT D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1824] @ D:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75394A2D] D:\Windows\system32\apphelp.dll (Libreria client compatibilita applicazione/Microsoft Corporation)
IAT D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1824] @ D:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75394A2D] D:\Windows\system32\apphelp.dll (Libreria client compatibilita applicazione/Microsoft Corporation)
IAT D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1824] @ D:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75394A2D] D:\Windows\system32\apphelp.dll (Libreria client compatibilita applicazione/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 841163B8
Device \FileSystem\Ntfs \Ntfs 85DA65E8
Device \FileSystem\Ntfs \Ntfs 851CFBF8
Device \FileSystem\Ntfs \Ntfs 842B2528
Device \FileSystem\Ntfs \Ntfs 85955E78
Device \Driver\ACPI_HAL \Device\00000044 halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
cocutzamisca

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:46 PM

Posted 14 August 2009 - 07:24 PM

Hello Cocutzamisca, :)

Those two logs look fine.

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Back to the logs

I've had a look at the topic you were working on with garmanma and some minor malware was removed. Nothing else of interest though.

What symptoms are you experiencing now?


Let's try a different tool to look at the services that are running.

Please download and run Process Explorer

If Process explorer won't execute rename it Iexplore.exe

Under File and Save As, create a log and post here

copy and paste the log into your next reply


Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 cocutzamisca

cocutzamisca
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Onesti
  • Local time:06:46 PM

Posted 15 August 2009 - 07:55 AM

You probably know already that I had some malware.Right now it is in quarantine.BUT,I have malwarebytes pro,with IP protection enabled and it warns me about my IP being infected,be more exactly the container with the drivers updated for my IP is infected with trojan click 25800 and I don't know what to do about this because the drivers are from my ISP's site.The ''process explorer'' link is a ''bad request'' can you post new link?Thank you for your time.I know about bittorent stuff,but I didn't get anything illegal only some music and games for personal use only,nothing pirated,nothing bad or virused,no cracked software,no pirated music or movies.I know about the riskof pirated stuff,don't worry,I'm old enough to know the laws.Thanks again.
cocutzamisca

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:46 PM

Posted 15 August 2009 - 12:06 PM

Try this link. Microsoft appeared to have zipped the file now.
Posted Image
m0le is a proud member of UNITE

#10 cocutzamisca

cocutzamisca
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Onesti
  • Local time:06:46 PM

Posted 16 August 2009 - 02:26 AM

Process PID CPU Description Company Name
System Idle Process 0 76.24
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4 0.99
smss.exe 256 Gestione sessioni di Windows Microsoft Corporation
csrss.exe 384 Processo runtime client server Microsoft Corporation
wininit.exe 424 Applicazione di avvio di Windows Microsoft Corporation
services.exe 492 Applicazione Servizi e Controller Microsoft Corporation
svchost.exe 644 Processo host per servizi di Windows Microsoft Corporation
WmiPrvSE.exe 1564 WMI Provider Host Microsoft Corporation
ibmpmsvc.exe 712 ThinkPad Power Management Service Lenovo
svchost.exe 752 Processo host per servizi di Windows Microsoft Corporation
svchost.exe 868 Processo host per servizi di Windows Microsoft Corporation
audiodg.exe 1676 Isolamento grafico dispositivo audio Windows Microsoft Corporation
svchost.exe 952 3.96 Processo host per servizi di Windows Microsoft Corporation
dwm.exe 1228 Gestione finestre desktop Microsoft Corporation
svchost.exe 992 Processo host per servizi di Windows Microsoft Corporation
taskeng.exe 748 Modulo di gestione dell'Utilita di pianificazione Microsoft Corporation
AWC.exe 1696 Advanced SystemCare 3 IObit
svchost.exe 1092 Processo host per servizi di Windows Microsoft Corporation
svchost.exe 1236 Processo host per servizi di Windows Microsoft Corporation
aswUpdSv.exe 1280 avast! Antivirus updating service ALWIL Software
ashServ.exe 1300 avast! antivirus service ALWIL Software
spoolsv.exe 1504 Applicazione sottosistema spooler Microsoft Corporation
svchost.exe 1540 Processo host per servizi di Windows Microsoft Corporation
svchost.exe 1640 Processo host per servizi di Windows Microsoft Corporation
is360srv.exe 1704 IObit
svchost.exe 1788 Processo host per servizi di Windows Microsoft Corporation
svchost.exe 1852 Processo host per servizi di Windows Microsoft Corporation
YahooAUService.exe 1916 AutoUpater Service Module Yahoo! Inc.
VMCService.exe 1956 VMCService Vodafone
taskhost.exe 328 Processo host per attivita di Windows Microsoft Corporation
ashWebSv.exe 2340 avast! Web Scanner ALWIL Software
ashMaiSv.exe 2640 avast! e-Mail Scanner Service ALWIL Software
SearchIndexer.exe 2940 Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 3688 Processo host per servizi di Windows Microsoft Corporation
svchost.exe 4024 Processo host per servizi di Windows Microsoft Corporation
mbamservice.exe 4064 Malwarebytes' Anti-Malware Malwarebytes Corporation
svchost.exe 824 Processo host per servizi di Windows Microsoft Corporation
wmpnetwk.exe 3100 Servizio di condivisione in rete Windows Media Player Microsoft Corporation
lsass.exe 500 Local Security Authority Process Microsoft Corporation
lsm.exe 508 Servizio Gestione sessioni locali Microsoft Corporation
csrss.exe 436 Processo runtime client server Microsoft Corporation
winlogon.exe 520 Applicazione Accesso a Windows Microsoft Corporation
explorer.exe 1112 0.99 Esplora risorse Microsoft Corporation
ashDisp.exe 2176 avast! service GUI component ALWIL Software
WinPatrol.exe 2184 WinPatrol System Monitor BillP Studios
mbamgui.exe 2192 Malwarebytes' Anti-Malware Malwarebytes Corporation
MobileConnect.exe 2200 1.98 MobileConnect Vodafone
jusched.exe 2212 Java™ Platform SE binary Sun Microsystems, Inc.
is360tray.exe 2220 IObit
YahooMessenger.exe 2228 1.98 Yahoo! Messenger Yahoo! Inc.
Sup_SmartRAM.exe 2236 7.92 Smart RAM IObit
dna.exe 2248
ISUSPM.exe 2256 Macrovision Software Manager Macrovision Corporation
ProcessTamerTray.exe 2264 0.99 ProcessTamerTray
firefox.exe 3372 0.99 Firefox Mozilla Corporation
procexp.exe 2656 2.97 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Some of the services have strange colours,this colours means something?Thanks.
cocutzamisca

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:46 PM

Posted 16 August 2009 - 01:57 PM

There's no problems on that log either. It's all looking very good :thumbup2: .

I am wondering what a registry cleaner is doing flagging up malware....?

Please post your registry cleaner's log here. Registry cleaners are not recommended on Bleeping Computer. This article explains why.
Posted Image
m0le is a proud member of UNITE

#12 cocutzamisca

cocutzamisca
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Onesti
  • Local time:06:46 PM

Posted 16 August 2009 - 02:52 PM

It only warns about some services that may be hijacked not having malware.Security analyser is telling me that.I use advanced windows care from iobit and before any clean process it is scheduled to create restore points.The thing that worries me more is that malwarebytes telling that my IP being infected.I have a dial-up connection and the IP is not fixed,so every time it finds a IP number infected it warns me about it.Also,Dr.Web.Cure.It said the container that has my dial-up modem drivers it is infected with trojan click 25800.Those drivers are from my ISP's site,they are updated drivers for my internet connection.I have the same problem in windows xp too,because I use exactly the same dial-up modem and drivers as in windows 7.I wonder if it is only a false positive or a real infection.I didn't had problems before updated the drivers. Here's my log:It is only a suggestion. Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 22:45:11, on 16.08.2009
Platform: Windows Vista (WinNT 6.1)
MSIE: Internet Explorer v8.0 (8.0.7100.0)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\taskeng.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\IObit\IObit Security 360\is360tray.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
D:\Program Files\BitTorrent_DNA\dna.exe
D:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
D:\Program Files\ProcessTamer\ProcessTamerTray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SmartRAM] "D:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [ISUSPM] "D:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [avast!] "D:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MobileConnect] D:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IObit Security 360] D:\Program Files\IObit\IObit Security 360\IS360tray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: (Ati HotKey Poller) - ATI Technologies Inc. - D:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - D:\Windows\system32\ibmpmsvc.exe
O23 - Service: IS360service - IObit - D:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: (MBAMService) - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - D:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
And here's a live report with posibilities to fix :http://live.iobit.com/report.php?PHPSESSID=59625cee25789b1615068c0cf77dcbdf Thank you for your time.
cocutzamisca

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:46 PM

Posted 16 August 2009 - 05:18 PM

Can you run your own MBAM Pro for me and post the log it produces.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#14 cocutzamisca

cocutzamisca
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Onesti
  • Local time:06:46 PM

Posted 17 August 2009 - 02:22 AM

Malwarebytes' Anti-Malware 1.40
Versione del database: 2551
Windows 6.1.7100

13.08.2009 00:15:58
mbam-log-2009-08-13 (00-15-58).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 76714
Tempo trascorso: 11 minute(s), 19 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
D:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
D:\Program Files\Driver\Driver.DLL (Trojan.Downloader) -> Quarantined and deleted successfully.
This is the first scan log with quarantined drivers.It was quick scan.If you need complete scan of all drivers Let me know.
cocutzamisca

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:46 PM

Posted 17 August 2009 - 02:22 PM

The date on this MBAM log is the 13th of August.

Can you run it for me on full scan now and post the log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users