Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove Trojan (Unruy)


  • This topic is locked This topic is locked
33 replies to this topic

#1 pacuvio

pacuvio

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 06 September 2010 - 12:57 PM

Hello, I'm new on this forum. While searching on google I have read some threads where people have been helped with similar infections, so I hope you can help me too.

Few days ago my laptop has been infected; I've tried to remove the infection by running some free softwares, but some trojans have resisted so far.
I'm not a big expert on computers, so forgive me if I say (or I have already done) something stupid; a couple of details that may (but also may not..) be useful:

- at the time of infection I had AVGfree and Malwarebites' Antimalware on my computer. I've tried to fix the problem with them, and after several attempts they removed all but a couple of trojans, apparently named "Unruy" and found in
C:\\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXE and SMSS.EXE

- I've then tried to remove them with the help of other antivirus/antimalware etc, like Ad-Aware, Avast!Free, SpyBot, Spyware Doctor (I hope I didn't mess up things too much!). Basically they find the trojans, try to delete them on reboot but without succeding (same thing happened before with Malwarebites').

- I've tried to directly access the files in order to rename/delete them, but the system refuses to do this since they are being used by other processes (in safe mode as well)

- In the meantime I also installed Windows Updates (ok, maybe it was not the best moment..); after several refused connections (I guess because IE was configured by some of these infections to connect through a proxy, when I removed these settings it worked) the updates were installed, but on the following reboot I got a blue screen twice. I then used the "last good configuration" to restart the system normally. Maybe this is another story, but I just wanted let you know..

I paste below the dds.tex, two more files are attached as requested.
Thank you for any help!
cheers

Lucio


DDS (Ver_10-03-17.01) - NTFSx86
Run by Lucio at 16.41.14,52 on 06/09/2010
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1033.18.2047.1061 [GMT 1:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
SP: Spyware Doctor with AntiVirus *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
C:\Windows\System32\ACEngSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lucio\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.asus.com
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [avast5] c:\progra~1\avast5\avastUI.exe /nogui
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0
IE: {4B21E152-BA59-4ebf-B522-8C55B265EE1A}
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {82KQZD-KETGBH-Y9B4AV-9NGMHA} - c:\windows\system32\winsrv32.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\lucio\appdata\roaming\mozilla\firefox\profiles\1r65a636.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\lucio\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\lucio\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-4 218592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-3 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-3 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-3 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2010-9-3 40384]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-9-4 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-9-4 1142224]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast5\AvastSvc.exe [2010-9-3 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast5\AvastSvc.exe [2010-9-3 40384]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-18 4247552]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
R3 WCPU;WCPU;c:\program files\p4g\WCPU.sys [2008-12-23 11120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-6 133104]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;"c:\program files\postgresql\8.3\bin\pg_ctl.exe" runservice -w -n "pgsql-8.3" -d "c:\program files\postgresql\8.3\data\" --> c:\program files\postgresql\8.3\bin\pg_ctl.exe [?]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\common files\creative labs shared\service\AL1Licensing.exe [2008-12-24 79360]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-24 450944]

=============== Created Last 30 ================

2010-09-04 23:44:02 52840 ----a-w- c:\windows\system32\drivers\klrazobj.sys
2010-09-04 20:20:25 0 d-----w- c:\windows\system32\MpEngineStore
2010-09-04 20:03:34 259999780 ----a-w- c:\windows\MEMORY.DMP
2010-09-04 19:33:19 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-09-04 19:33:19 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-09-04 19:33:19 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-09-04 19:32:57 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-09-04 19:32:57 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-09-04 19:32:39 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-09-04 19:32:23 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-09-04 19:32:07 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-09-04 19:32:07 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-09-04 19:31:45 818688 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-09-04 19:31:45 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-09-04 19:31:45 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-09-04 19:31:45 213896 ----a-w- c:\windows\system32\drivers\netio.sys
2010-09-04 19:31:45 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-09-04 19:31:45 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-09-04 19:31:45 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-09-04 19:31:44 85504 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2010-09-04 19:31:44 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2010-09-04 19:31:44 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2010-09-04 19:31:44 317440 ----a-w- c:\windows\system32\BFE.DLL
2010-09-04 19:31:16 97792 ----a-w- c:\windows\system32\cabview.dll
2010-09-04 18:27:20 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-04 18:27:20 0 d-----w- c:\program files\Spybot
2010-09-04 16:56:39 20 ----a-w- c:\users\lucio\defogger_reenable
2010-09-04 15:43:21 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-09-04 15:43:21 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-04 15:43:21 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-09-04 15:43:13 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-04 15:43:13 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-09-04 15:43:13 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-09-04 15:43:13 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-04 15:43:11 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-09-04 15:43:11 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-04 15:42:50 0 d-----w- c:\program files\common files\PC Tools
2010-09-04 15:42:49 0 d-----w- c:\users\lucio\appdata\roaming\PC Tools
2010-09-04 15:42:49 0 d-----w- c:\programdata\PC Tools
2010-09-04 15:42:49 0 d-----w- c:\program files\Spyware Doctor
2010-09-04 15:42:47 0 d---a-w- c:\programdata\TEMP
2010-09-04 15:40:59 0 d-----w- c:\programdata\Google Updater
2010-09-03 16:30:09 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-03 16:29:22 38848 ----a-w- c:\windows\avastSS.scr
2010-09-03 16:29:12 0 d-----w- c:\programdata\Alwil Software
2010-09-03 16:29:12 0 d-----w- c:\program files\Avast5
2010-09-03 14:50:28 0 d-----w- c:\programdata\Lavasoft
2010-09-02 20:15:17 0 d-sh--w- c:\users\lucio\.COMMgr

==================== Find3M ====================

2010-09-06 15:20:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-03-26 20:14:54 64447 ----a-w- c:\program files\hminstalllog.txt
2010-02-07 01:55:13 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-07 01:55:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-07 01:55:11 86016 ----a-w- c:\windows\inf\infstor.dat
2009-01-10 20:14:37 174 --sha-w- c:\program files\desktop.ini
2008-12-23 10:12:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16.43.46,79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 PM

Posted 13 September 2010 - 12:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 pacuvio

pacuvio
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 14 September 2010 - 08:32 AM

Hi myrti, thanks for you reply and your help!
I paste below the two files as requested.
A quick question: during the time we are trying to fix the problem should I avoid to install updates of windows, antivirus and other programs as well?
cheers

lucio


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

OTL logfile created on: 13/09/2010 23.48.50 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Lucio\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62,97 Gb Total Space | 21,01 Gb Free Space | 33,36% Space Free | Partition Type: NTFS
Drive D: | 41,98 Gb Total Space | 34,54 Gb Free Space | 82,27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUCIO_ASUS
Current User Name: Lucio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/13 23.34.08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Lucio\Desktop\OTL.exe
PRC - [2010/09/08 17.39.46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/08 17.39.46 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/07 17.12.02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Avast5\AvastUI.exe
PRC - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Avast5\AvastSvc.exe
PRC - [2010/07/17 15.06.17 | 010,570,032 | ---- | M] (SmartVoip) -- C:\Program Files\SmartVoip\smartvoip.exe
PRC - [2010/05/25 20.22.09 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
PRC - [2010/05/11 12.51.52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/15 12.50.36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12.09.22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/01/12 19.10.32 | 000,083,440 | ---- | M] (Google) -- C:\Users\Lucio\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2008/12/23 01.52.44 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/13 10.49.42 | 000,413,696 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/03/07 08.08.40 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007/02/06 04.13.14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007/01/18 06.41.34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007/01/18 05.26.36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007/01/18 03.34.22 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2006/12/29 02.17.50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2006/12/21 09.03.38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006/12/19 03.26.26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006/11/01 08.40.16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2005/07/07 01.43.42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 23.34.08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Lucio\Desktop\OTL.exe
MOD - [2010/02/26 08.16.18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006/11/02 11.44.49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 11.38.57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17.11.59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/15 12.50.36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12.09.22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/08 09.48.55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2008/12/24 23.56.09 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service)
SRV - [2008/12/23 02.09.01 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/02/13 10.49.42 | 000,413,696 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/02/06 04.13.14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006/12/29 02.17.50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2006/11/01 08.40.16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\cvbuyo.sys -- (tqvpcock)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipswuio.sys -- (ipswuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 16.52.25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16.52.03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16.47.46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16.47.30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 16.47.07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/29 11.06.14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/06 03.24.34 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/26 15.47.34 | 004,247,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/09/02 03.09.24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/09 23.25.56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2008/02/12 11.16.20 | 000,450,944 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV - [2007/04/25 14.32.42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2007/02/08 06.01.12 | 000,205,568 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2007/01/23 13.18.32 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 11.03.28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 10.40.20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/19 08.19.00 | 004,453,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/01/03 01.37.48 | 000,011,120 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\P4G\WCPU.sys -- (WCPU)
DRV - [2006/12/28 10.17.18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006/12/19 03.12.22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/12/14 09.11.58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/12/01 05.55.00 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2006/11/22 11.35.00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/22 07.48.54 | 000,181,304 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/21 03.55.16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/10 05.01.54 | 000,307,712 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/11/09 01.44.20 | 000,015,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys -- (lvupdtio)
DRV - [2006/11/02 11.51.45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11.51.38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11.51.34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11.51.32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11.51.25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11.51.25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 11.51.00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11.50.45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11.50.41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11.50.35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11.50.35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11.50.35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11.50.24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11.50.19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11.50.17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11.50.17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 11.50.16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11.50.13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11.50.11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11.50.10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11.50.10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11.50.10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11.50.10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 11.50.09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11.50.09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11.50.07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11.50.05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11.50.05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11.50.04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11.50.03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11.49.59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11.49.56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11.49.53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 11.49.30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 11.49.28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 11.49.20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 10.58.52 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2006/11/02 10.55.04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 10.25.24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10.24.47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10.24.46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10.24.45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10.24.44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10.24.44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09.36.50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09.30.54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/28 10.29.10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/10/11 05.33.00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/10/06 02.07.46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2005/08/02 02.45.00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/01/06 23.42.00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3462998669-1995678075-2130207941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKU\S-1-5-21-3462998669-1995678075-2130207941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKU\S-1-5-21-3462998669-1995678075-2130207941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3462998669-1995678075-2130207941-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3462998669-1995678075-2130207941-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3462998669-1995678075-2130207941-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 15.17.43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 17.39.47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 17.39.47 | 000,000,000 | ---D | M]

[2010/08/19 12.39.10 | 000,000,000 | ---D | M] -- C:\Users\Lucio\AppData\Roaming\Mozilla\Extensions
[2010/09/13 23.34.51 | 000,000,000 | ---D | M] -- C:\Users\Lucio\AppData\Roaming\Mozilla\Firefox\Profiles\1r65a636.default\extensions
[2010/06/15 22.56.23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lucio\AppData\Roaming\Mozilla\Firefox\Profiles\1r65a636.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/28 22.21.23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucio\AppData\Roaming\Mozilla\Firefox\Profiles\1r65a636.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010/09/01 23.26.03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/11 21.16.16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2006/09/26 14.03.14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010/07/25 21.19.13 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/07/25 21.19.13 | 000,000,825 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\hoepli.xml
[2010/07/25 21.19.13 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/07/25 21.19.13 | 000,000,953 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2006/09/18 23.41.30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKU\Lucio_Asus_postgres..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Lucio_Asus_postgreuser..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3462998669-1995678075-2130207941-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Java Plug-in 1.4.2_02)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su2...15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 151.99.0.100 151.99.125.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lucio\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lucio\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Lucio\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: VolPanel - hkey= - key= - C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {82KQZD-KETGBH-Y9B4AV-9NGMHA} - C:\Windows\system32\winsrv32.exe
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C5733401-185C-16EF-561E-6053962DBC74} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/13 23.34.04 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Lucio\Desktop\OTL.exe
[2010/09/05 01.44.02 | 000,052,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\klrazobj.sys
[2010/09/04 22.20.25 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/09/04 21.32.57 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/09/04 21.32.57 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/09/04 21.32.39 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/09/04 21.32.07 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/09/04 21.32.07 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/09/04 21.31.45 | 000,213,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/09/04 21.31.45 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/09/04 21.31.45 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/09/04 21.31.44 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/09/04 21.31.44 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/09/04 20.27.20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot
[2010/09/04 20.27.20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/04 17.43.21 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/09/04 17.43.21 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/09/04 17.43.13 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/09/04 17.43.13 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/09/04 17.43.11 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/09/04 17.42.50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/04 17.42.49 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/09/04 17.42.49 | 000,000,000 | ---D | C] -- C:\Users\Lucio\AppData\Roaming\PC Tools
[2010/09/04 17.42.49 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/09/04 17.42.47 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/09/04 17.40.59 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2010/09/03 18.30.43 | 000,000,000 | ---D | C] -- C:\Users\Lucio\AppData\Roaming\InstallShield
[2010/09/03 18.30.11 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/03 18.30.11 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/03 18.30.10 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/03 18.30.10 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/03 18.30.09 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/03 18.29.22 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/03 18.29.22 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/03 18.29.12 | 000,000,000 | ---D | C] -- C:\Program Files\Avast5
[2010/09/03 18.29.12 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/03 17.14.45 | 000,000,000 | ---D | C] -- C:\Users\Lucio\AppData\Local\Sunbelt Software
[2010/09/03 16.50.28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/02 22.39.36 | 000,000,000 | ---D | C] -- C:\Users\Lucio\AppData\Local\VirtualStore
[2010/09/02 22.15.23 | 000,000,000 | ---D | C] -- C:\Users\Lucio\AppData\Local\exolwxfce
[2010/09/02 22.15.17 | 000,000,000 | -HSD | C] -- C:\Users\Lucio\.COMMgr
[2010/08/24 15.30.30 | 000,000,000 | ---D | C] -- C:\Users\Lucio\Desktop\eneaC
[2010/08/24 00.29.08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/22 03.20.28 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/19 13.29.52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/13 23.51.52 | 003,932,160 | ---- | M] () -- C:\Users\Lucio\NTUSER.DAT
[2010/09/13 23.47.01 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462998669-1995678075-2130207941-1000UA.job
[2010/09/13 23.34.08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Lucio\Desktop\OTL.exe
[2010/09/13 23.27.00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/13 23.24.51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/13 23.24.48 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 23.24.47 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 21.26.21 | 000,661,166 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/13 21.26.21 | 000,152,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/13 21.26.21 | 000,004,880 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/13 14.50.10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/09/12 01.47.00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462998669-1995678075-2130207941-1000Core.job
[2010/09/12 00.12.08 | 000,112,128 | ---- | M] () -- C:\Users\Lucio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/11 23.56.24 | 000,002,361 | ---- | M] () -- C:\Users\Lucio\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/09/11 21.26.59 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/11 20.24.33 | 000,000,241 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/09/11 02.05.08 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010/09/11 02.05.01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/11 02.04.33 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 02.04.31 | 342,059,364 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/10 18.18.59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/10 17.04.33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/10 17.03.42 | 003,087,081 | -H-- | M] () -- C:\Users\Lucio\AppData\Local\IconCache.db
[2010/09/08 17.38.44 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/08 12.44.49 | 000,035,291 | ---- | M] () -- C:\Users\Lucio\AppData\Roaming\nvModes.001
[2010/09/07 17.12.17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 17.11.54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 16.52.25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 16.52.03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 16.47.46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 16.47.30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 16.47.07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/06 17.13.45 | 000,001,356 | ---- | M] () -- C:\Users\Lucio\AppData\Local\d3d9caps.dat
[2010/09/05 01.44.02 | 000,052,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\klrazobj.sys
[2010/09/04 21.32.57 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/09/04 21.32.57 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/09/04 21.32.39 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/09/04 21.32.07 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/09/04 21.32.07 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/09/04 21.31.45 | 000,213,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/09/04 21.31.45 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/09/04 21.31.45 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/09/04 21.31.44 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/09/04 21.31.44 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/09/04 21.30.50 | 000,000,171 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/09/04 18.56.52 | 000,000,020 | ---- | M] () -- C:\Users\Lucio\defogger_reenable
[2010/09/03 18.30.11 | 000,001,608 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/03 18.25.58 | 008,092,476 | ---- | M] () -- C:\Users\Lucio\AppData\Local\prvlcl.dat
[2010/09/03 12.42.05 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/09/03 12.20.10 | 000,001,692 | ---- | M] () -- C:\Users\Lucio\Documents\cc_20100903_111941.reg
[2010/09/03 02.27.43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/03 02.27.43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/19 12.26.01 | 000,014,312 | ---- | M] () -- C:\Users\Lucio\Documents\cc_20100819_122544.reg
[2010/08/19 00.55.34 | 000,000,705 | ---- | M] () -- C:\Users\Lucio\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/10 17.32.17 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/04 22.03.34 | 342,059,364 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/04 18.56.39 | 000,000,020 | ---- | C] () -- C:\Users\Lucio\defogger_reenable
[2010/09/04 17.43.21 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/09/04 17.43.13 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/09/04 17.43.13 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/09/04 17.43.11 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/09/04 17.40.57 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/09/03 21.53.25 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/03 18.30.11 | 000,001,608 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/03 12.19.45 | 000,001,692 | ---- | C] () -- C:\Users\Lucio\Documents\cc_20100903_111941.reg
[2010/09/03 02.27.43 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/09/03 02.27.43 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/08/19 19.30.37 | 008,092,476 | ---- | C] () -- C:\Users\Lucio\AppData\Local\prvlcl.dat
[2010/08/19 12.25.48 | 000,014,312 | ---- | C] () -- C:\Users\Lucio\Documents\cc_20100819_122544.reg
[2010/05/28 00.38.04 | 000,000,012 | ---- | C] () -- C:\Users\Lucio\AppData\Roaming\vqdlkr.dat
[2010/03/26 22.14.54 | 000,064,447 | ---- | C] () -- C:\Program Files\hminstalllog.txt
[2010/01/04 23.58.05 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009/08/10 12.01.05 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/04/13 19.32.16 | 000,000,171 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/03/05 06.54.58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/04 00.45.38 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/01/24 16.45.01 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009/01/24 16.45.01 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009/01/17 12.19.38 | 000,001,356 | ---- | C] () -- C:\Users\Lucio\AppData\Local\d3d9caps.dat
[2008/12/26 14.00.03 | 000,000,152 | ---- | C] () -- C:\Windows\wsdebug.ini
[2008/12/26 13.59.57 | 000,000,072 | ---- | C] () -- C:\Windows\sbwin.ini
[2008/12/26 13.11.50 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/24 23.51.21 | 000,108,544 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2008/12/24 23.51.21 | 000,069,120 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2008/12/24 23.51.03 | 000,026,582 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2008/12/24 23.51.03 | 000,001,328 | ---- | C] () -- C:\ProgramData\CfgBennu.ini
[2008/12/24 23.51.03 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2008/12/24 23.50.58 | 000,021,396 | R--- | C] () -- C:\Windows\System32\kschimp.ini
[2008/12/23 04.50.29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/12/23 04.49.23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/12/23 04.32.59 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/12/23 00.27.14 | 000,112,128 | ---- | C] () -- C:\Users\Lucio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/22 23.52.17 | 000,035,291 | ---- | C] () -- C:\Users\Lucio\AppData\Roaming\nvModes.001
[2008/12/22 23.52.15 | 000,035,291 | ---- | C] () -- C:\Users\Lucio\AppData\Roaming\nvModes.dat
[2007/04/18 11.06.01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006/12/05 23.05.06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 14.35.32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09.40.29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/23 07.30.20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/11/02 11.49.52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 11.49.52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2006/11/02 11.49.36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/12/23 01.53.51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/12/23 01.53.51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/12/23 01.53.51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/12/23 01.53.51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11.46.03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11.46.03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2006/11/02 11.51.25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 11.51.25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 11.46.11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 11.46.11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< MD5 for: NVRAID.SYS >
[2006/11/02 11.50.24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 11.50.24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 11.50.13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 11.50.13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: SCECLI.DLL >
[2006/11/02 11.46.12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 11.46.12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/25 23.16.49 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2010/03/25 23.16.49 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006/11/02 11.47.18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/12/23 01.39.25 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 12.34.05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 12.34.05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 12.34.05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12.34.08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12.34.08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/09/07 16.47.07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/07 16.47.30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 16.47.46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 16.52.03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 16.52.25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/04 21.31.44 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/09/05 01.44.02 | 000,052,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\klrazobj.sys
[2010/09/04 21.33.19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/09/04 21.33.19 | 000,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/09/04 21.33.19 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/09/04 21.31.45 | 000,213,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/09/04 21.31.45 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/09/04 21.31.45 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2010/09/04 21.31.45 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%



OTL Extras logfile created on: 13/09/2010 23.48.50 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Lucio\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62,97 Gb Total Space | 21,01 Gb Free Space | 33,36% Space Free | Partition Type: NTFS
Drive D: | 41,98 Gb Total Space | 34,54 Gb Free Space | 82,27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUCIO_ASUS
Current User Name: Lucio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3462998669-1995678075-2130207941-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{141AB76C-5541-4698-851F-5F7B7B1D42EF}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D743744-ED6B-4C3F-92C4-4955B617F6EE}" = rport=137 | protocol=17 | dir=out | app=system |
"{1DF0D2F7-1671-4598-AD47-4C91E473CD4F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3A689AB6-2037-47B7-9291-8C8EF4956AE6}" = lport=138 | protocol=17 | dir=in | app=system |
"{48E70B65-3A4C-4517-9086-66FCC777D55D}" = lport=445 | protocol=6 | dir=in | app=system |
"{66EC2EB5-A889-43B7-AB39-5A223D1E383E}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{8D4062E2-42B8-44F8-924E-8BD5949F2C73}" = rport=138 | protocol=17 | dir=out | app=system |
"{9B149954-AE9E-4929-97A8-2D44444EDD03}" = lport=137 | protocol=17 | dir=in | app=system |
"{ADE46A47-6CDD-4704-B962-3EC8ADDD71F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C65AEABC-93F3-4D68-AE95-A146414BF1C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D6F00A78-03D8-4CAB-BC3B-3DCE7FC77E8E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D94C47B7-24A5-44FF-AF90-F50334E0F227}" = lport=139 | protocol=6 | dir=in | app=system |
"{F3D568E5-4769-467D-ADA5-274A20371595}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0011A028-8AA5-4D19-A2C2-0BDF2529DA2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{03CF664E-FBA5-4031-BC06-4D39493428FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{041E0EC4-84DA-478D-A1AD-F25A90FCA4D5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{057C24F3-9091-49BF-853E-3B96DF5862D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{057E312D-2AF1-4EF6-B3FD-C0229C0C10C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{064291CD-6613-487C-BA10-8C8441F03256}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0651D8EE-A58F-49C0-87FD-8E33B534D726}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08D25C96-5AD4-471A-A4BD-B746A276D77E}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{0C7808BA-54FE-41A3-8FC3-DDF9B1F031C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11795B39-1A51-4520-BCAF-FF5DA85A1D20}" = protocol=17 | dir=in | app=c:\program files\voipcheap\voipcheapcom.exe |
"{118C2A21-7237-41D6-A04D-FB6D912643C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1369137B-927B-45AC-9FAD-358DFCB27509}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{154EE1B7-D5AC-4025-A17C-F373D8849282}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{15D60611-87A4-4FC7-B220-0DBBBB879933}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1619FE25-0656-4368-B480-1E0C11E0C6DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16A1DBD5-B0BE-4708-9E71-DD90D0BD96DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16C80D25-A4AB-400A-A357-46FF51E5A7F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16EA2EA4-5394-4A0A-849C-67497DC81860}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1849CC12-0E4A-48E8-969C-A7E3A072C3C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18C3B278-C166-4E51-AB28-63CB09994A36}" = protocol=6 | dir=in | app=c:\program files\voipcheap\voipcheapcom.exe |
"{19101B56-BDB6-4E17-B362-14CC9B644A12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{195D5CC7-0F29-4932-B78A-2DB54BF2489B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19728B35-0B26-4884-9E29-666E76E13CFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AD92320-5D5B-46C9-BB38-CB7D707318B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DF16A28-04FA-4110-B31A-7E1DA1E233D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F3F325D-98FB-4BD6-8C89-1C6C5D3BE580}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2071853B-4FC3-49CD-8978-D1BAAD7D0B96}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{2378F18E-A46C-486E-B374-F2B4135048A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24A5DA0C-32C5-4763-85FD-664CC334AFC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{253000EB-2887-408C-BADD-FE341208D011}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{258C0AFC-226F-4A08-A547-CDC329F13EB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2783A5FB-3082-41D2-B545-F90A4B7EB07A}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{278ECC29-BED5-4117-9EBA-3DC9EEB2B7FA}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{28472D3E-1DE5-443B-8F50-8882D9B58755}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{28AE1E5A-342A-4F65-8BF6-C202C304951D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B8A023A-E3F2-4146-A061-DFF1814F72D3}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{2D41BF8B-0D5E-461D-92FB-A7441F59507E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2DE73B70-210A-4722-8C75-D6319F234625}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E9D81DC-9307-4337-8FCF-76E0CB107110}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2F5B6D36-0BFA-443F-8F81-EE3AF4277BAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31CEDB0D-0F28-455C-A7B9-825AF054C76F}" = protocol=6 | dir=in | app=c:\users\lucio\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{33042817-EC07-490D-9A5D-49F9AA298600}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{346A09B5-92F8-4F13-B294-0811B4D5BBF0}" = protocol=17 | dir=in | app=c:\users\lucio\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{353C7386-57B0-4A5B-B8DE-A12FAEE20746}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3547B6D5-CB0C-4527-A17C-61BD2CB6ECC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A70D8A9-C8FC-400B-B4F8-E15AB08F812C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A7E000F-B1D2-4093-9FD5-BC5600E6180D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B07C9C6-3065-4254-85B3-32821D8A8E07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BC07BFA-050D-4B92-A05F-B962552EBA4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BE2C3C7-C3CB-4945-ADA5-1BC466E12EFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C343120-F783-4926-94CB-1312C6A180CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DC5C84E-A07F-4604-B3E3-755C167A39B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ED90D4C-E338-4819-952E-66D3F9D6DC35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EF7B63A-3AF1-4716-9632-4C5192AB3F6B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3F24057B-22F0-4B79-B764-247F8D9A1D75}" = protocol=17 | dir=in | app=c:\users\lucio\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{3F288E9A-FBD0-4A3E-838D-5674D88613C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{418C489B-222A-4251-8A65-BB7203145F33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4376F21A-A0C6-4936-B4DB-7FD86DA19EF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43F825F4-CE9C-49BC-8B1D-AD9A4F4F6B61}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4727B45F-2E63-44FF-9063-39424058C53C}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{4A219433-21EE-43A9-BDDD-852320A9FE86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52DF512A-0EED-4B7F-8962-881083B94900}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52EED3B7-CDDB-451E-84BE-E9B741608D03}" = protocol=6 | dir=in | app=c:\program files\smartvoip\smartvoip.exe |
"{54144B07-D86C-432E-AB0B-4DF04D832CC6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{547E60C8-8C67-4C01-9DE7-0A5B482A4BA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{558E4696-855B-4065-B4FF-C71B972BFBBE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{580F6FE6-4624-4B6D-991C-EA68F303134A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CEBFF44-B758-448D-8E4C-D017408C8F8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D357C2D-9F0C-4743-A8ED-7AF2664836A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E2376EB-244B-4430-8BB6-D00CB821608A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FF4809A-ADBA-43A7-B61B-DB96796BCD03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61D047E0-5A5C-4EBF-97E4-EC244554C928}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{630B1C15-EC4F-439A-BC4A-B95AC63FCF05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{630D97BB-1951-4238-BCAE-4B7850B234D4}" = protocol=17 | dir=in | app=c:\users\lucio\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{690CBC76-492C-4265-A56A-7EE1CF9637C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A1BB76F-9559-4B95-AA37-FF7A4C8DA9A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C486223-F319-48F1-9C6B-7F2EBF086B40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DF3DF07-8A2F-4E52-A907-59FAEF46E894}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72092875-9806-4524-BBD6-746216005880}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72A1377E-4BEE-4414-8636-FAA1786ECE9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77D74C48-5F3B-4ADD-9E92-ECCC03038869}" = protocol=6 | dir=in | app=c:\users\lucio\appdata\roaming\dropbox\bin\dropbox.exe |
"{78C1A25A-E663-464E-80E4-2D6369B45779}" = protocol=6 | dir=in | app=c:\users\lucio\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{79350E50-6B28-4768-B53C-4A716078C731}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B9A7B6E-BE12-4AE3-B1F7-7B4540025283}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DA9BE15-82DD-4C4B-90E5-C0553E4C5A10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DCD2077-A5C7-4D60-B2A8-E1B431D2ACA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EE5D6E9-36A9-44AA-A9D5-2053BB921E4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81994F88-E5A1-4792-A9C4-C93E31BD0219}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{82106305-667C-4C4C-BD38-7D5B67D24532}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8379E521-4EC2-4440-B649-DFE6B1EE9D64}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{85873F93-720A-41D8-B8D0-2E8CB46C5054}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85F7CB3B-EA1C-4799-8C9C-85208DE8A361}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{867D04D0-DF9A-44FF-BA0D-F4998C980BFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A17B17D-F4D0-4601-82FE-C09EE4B31DBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A2D1704-4A6B-4BD8-967E-EA5D51711B85}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{8A3A337D-3EB0-4BC5-AEE7-41F9FA86F842}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BC5179C-E537-4905-8D71-AA31F04D3264}" = protocol=6 | dir=in | app=c:\users\lucio\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{8BFE2A72-C2E4-41BE-8EC9-CF874C164014}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C1AF899-9F18-46AF-9890-4E14973A7F9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D16DB71-ED0D-45F8-8D05-C096C9B29BE2}" = protocol=17 | dir=in | app=c:\users\lucio\appdata\roaming\dropbox\bin\dropbox.exe |
"{8E3B6C6C-E8E9-4C51-B645-76D86D06ADFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90089345-A8A1-4F65-89A2-25A11937B7B6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{927BD6B6-B97C-4ED4-B4DC-34750111418C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{928B8914-08DA-4AA4-B28E-E9F571622495}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92BDBC8D-EF7E-4C4C-A2EE-791D737404C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93553318-C207-48BD-9C2F-523608C51C0E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{978B73C6-7887-4F95-849A-EB28BE95D6CD}" = protocol=17 | dir=in | app=c:\users\lucio\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{A0A7FA89-217C-4A93-B0C6-D565A2266DBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2645D32-878C-4BD7-A5E9-33185FBD31B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A4552FBF-CFB9-41B2-8D9D-EA0F7670DF16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A59AE24F-FC64-4E25-B6DA-E192352AD539}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A5C9D6EB-6858-4577-AD45-2575BC4013AF}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{A747D06B-0A1F-49C8-BD49-74769E866B80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA12C899-210F-43F2-944F-0EDA66F33A57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA66E3ED-8EC0-4BF7-A781-24C71340CFA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABFC462C-9050-4E1D-B75D-40CB8ED3D4DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADF1FC10-752D-428D-B8F1-AC16EDBF113A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF9B49FB-5A5C-452C-ACFB-D4D71C020FF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B64C2A15-7044-41AB-8A5D-E42BC9D814F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B70F2E7C-FDD7-42C5-A1C1-A9B2E56714D0}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B9A00DB8-9DD0-473D-B9ED-1EE6F00C9BC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9CE6746-E1D2-473C-921A-AB7A266EAF2E}" = protocol=17 | dir=in | app=c:\program files\smartvoip\smartvoip.exe |
"{BC56961B-9B35-4E0E-999E-A6EB1D0C0BA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE576A0E-C24D-4E56-B7DC-3881D5F1CF76}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFC3AA50-F73C-4699-92E0-2122B2BA887A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C32F2A8E-C7F1-484B-90F4-EA26928EC0F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C45190AE-9FE4-41AA-AAE2-52C320F6BD93}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C52885BF-4813-413D-BF12-C12081F94CE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CCDE0F73-A154-4D03-86FE-14B332D8592D}" = protocol=6 | dir=in | app=c:\users\lucio\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{CD0D177C-211C-47AB-A9EF-259EAAEE589C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD1C8653-AAD3-4F36-AB19-FF77A754FB5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D00FCE34-18D2-4E5C-BBC6-6A3548B78AD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1E228E0-6339-426D-B144-213C90BCB70E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2E2A6EB-A0C4-45A8-A203-4A0B8B7274EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2FD2BF4-606E-48DF-80B3-3EF0D643747B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D556BFD5-070F-430C-AE5F-651A92B766D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D581609B-5C5E-429F-8C4F-9104BD0B9CF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7A0236A-21A3-437F-83D9-273CC59DA18D}" = protocol=17 | dir=in | app=c:\program files\voipcheap\voipcheapcom.exe |
"{D874C32D-8815-47A7-8475-F2E461C46D1B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD7B9CAC-9C6E-4FBC-A2A0-7C6B9F6FF4DB}" = protocol=17 | dir=in | app=c:\program files\smartvoip\smartvoip.exe |
"{E02473D2-BD0F-4456-8D37-783B80EC3B37}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E1B4AC2A-F9E0-482E-99D6-7B8F89018BAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E372BBF1-FE5C-4421-A2B3-A5992263D71D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6B7A0B4-D141-4821-BDAF-A81B56D65F40}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E715EAB3-5DEA-4095-ADA9-550BDF2F2A8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7CC4A4A-5499-49B6-9A5E-A98464692273}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA29C923-C3A3-48DB-9201-550A900EE9F3}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{EE7A4EBC-9E4E-4B95-98E8-8BD61D146C75}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFC3EC74-B64E-484D-9F66-67F3BDCFD774}" = protocol=6 | dir=in | app=c:\program files\voipcheap\voipcheapcom.exe |
"{F044E5C0-8154-4D35-8E42-C20AEA166D6D}" = protocol=6 | dir=in | app=c:\program files\smartvoip\smartvoip.exe |
"{F094C17C-EF6C-4742-B8E2-0562BCE017A4}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F0950E35-566D-40BF-A77D-D1968DA6AD89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F47F3A21-CC25-4115-9106-5E664CCA4379}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F66AA468-1C9B-49E3-8A80-859DDD37794D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F7F90500-55E8-4108-832A-6C6A88E3CB52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F82CC574-5AB3-4EDC-BF24-032CBBF9E893}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F99366A4-169B-4561-9BE4-73E24DEF36EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB2A72F1-E9CF-4D7E-BB04-2FA33E3D2A16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDCD2EB8-231C-4054-8477-0B7253E266F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{13DEBD8F-0B6D-496D-8240-DAF1EA033754}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2BB9F1D0-B644-4E63-B9FE-C9F389978ED6}C:\users\lucio\appdata\local\temp\554.exe" = protocol=6 | dir=in | app=c:\users\lucio\appdata\local\temp\554.exe |
"TCP Query User{2C1F96CF-39DF-401F-948D-9570EBDF7D87}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{4E8A5E19-DEB3-48DD-A2A6-6A045F8C12F0}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{59F454E6-7B36-4FCD-9A11-9CC4F2B4F183}C:\users\lucio\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lucio\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{62B12396-2B8E-40CD-8D5C-0B2371D2E722}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{7373AE25-5376-4BDB-A4C9-9ADD36B36D1C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{82A38041-CBA9-4240-9F6E-C48849339DFE}C:\users\lucio\appdata\local\temp\khvcol.exe" = protocol=6 | dir=in | app=c:\users\lucio\appdata\local\temp\khvcol.exe |
"TCP Query User{CC0DF457-9E2D-4444-A3FE-EEC2C54952D8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E513B52C-A7CB-46C9-8D63-71C86C325B71}C:\users\lucio\appdata\local\temp\khvcol.exe" = protocol=6 | dir=in | app=c:\users\lucio\appdata\local\temp\khvcol.exe |
"TCP Query User{E8F42A60-764C-4034-A9F8-F8C220EAD07E}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{EF15EEB4-B831-40D5-B13A-5346221C7E86}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F839A227-A839-4F39-84CF-03AD5ED6A051}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{38227954-BB34-49BE-9971-87CFAA9A24CA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{39AB3089-4467-4E3C-954D-40858A80569D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{49420BA9-74D7-4190-9129-931EB300DC04}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{585B7413-F8AB-4467-956E-72F2D9DF7233}C:\users\lucio\appdata\local\temp\khvcol.exe" = protocol=17 | dir=in | app=c:\users\lucio\appdata\local\temp\khvcol.exe |
"UDP Query User{62960EED-FB3D-45B4-9E6D-0994AF848EAA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{70511D6A-6370-42A1-AED7-AC787E7C4FE4}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{8285B2B2-FE12-462F-B0F0-69A1AF3EFD7B}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{BA323653-8E1D-4858-B1A3-99ED64BF98B3}C:\users\lucio\appdata\local\temp\554.exe" = protocol=17 | dir=in | app=c:\users\lucio\appdata\local\temp\554.exe |
"UDP Query User{C91C9249-2EAA-42FE-B3C3-FD2FFA4093BD}C:\users\lucio\appdata\local\temp\khvcol.exe" = protocol=17 | dir=in | app=c:\users\lucio\appdata\local\temp\khvcol.exe |
"UDP Query User{D31427FA-129B-44DC-B775-969B55AF1696}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E1234808-F064-48F6-8041-004E6BDDC7CD}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{EEE2E426-BDD0-433D-A80C-DB5AE707D686}C:\users\lucio\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lucio\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FB27C4F0-5CA2-4C2A-AC7C-64B2F2FDB77A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{290F0D57-2D8C-4A17-8230-F12263173812}" = Windows Live Sync
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{328E92D9-D5B2-4134-A464-59CEBE735670}" = Windows Live Essentials
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{39434D3A-7EC4-44B9-B27F-C2C4EB50B961}" = Raccolta foto di Windows Live
"{3D26BDF0-303E-42D8-8A70-E77F2411CC20}" = Windows Live Call
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{43A650AA-D1DC-4C52-8819-D7848B3A08DA}" = OpenOffice.org 3.1
"{48A1FECE-6DD4-439E-93CD-4D5178FC86B9}" = Windows Live Movie Maker Beta
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5AE2BE5E-930A-481C-817E-C373E8910C8A}" = Windows Live Messenger
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{7148F0A8-6813-11D6-A77B-00B0D0142020}" = Java 2 Runtime Environment, SE v1.4.2_02
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8EBE2C4F-E10F-4F35-99D8-111D84C76721}_is1" = DustBuster 2.9.5.1
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-00B2-0410-0000-0000000FF1CE}" = Componente aggiuntivo Microsoft Salvataggio in formato PDF o XPS per applicazioni di Microsoft Office 2007
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{97F32DF8-D66E-446A-A425-C1D7B45C1040}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1040-7B44-A93000000001}" = Adobe Reader 9.3.4 - Italiano
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0321}" = USB2.0 0.35M WebCam
"{B279F2F1-3B2F-3A96-AC11-5743CD43DCCB}" = Google Talk Plugin
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ALchemy X-Fi" = Creative ALchemy (X-Fi Edition)
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"avast5" = avast! Free Antivirus
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Digital Editions" = Adobe Digital Editions
"DjVuLibre+DjView" = DjVuLibre+DjView
"eMule" = eMule
"Free Download Manager_is1" = Free Download Manager 2.5
"GDpoker_is1" = GDpoker
"Google Updater" = Google Updater
"GSview 4.8" = GSview 4.8
"IrfanView" = IrfanView (remove only)
"Lavasoft VX2 Cleaner" = Lavasoft VX2 Cleaner
"LEd_is1" = LEd Beta 0.52
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSNIACC" = MSN Connection Center
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars.it" = PokerStars.it
"PostgreSQL 8.4" = PostgreSQL 8.4
"RealPlayer 12.0" = RealPlayer
"SmartVoip_is1" = SmartVoip
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Sokoban XP_is1" = Sokoban XP version 2.01
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"Uninstaller_B516B000_Creative ALchemy for X-Fi" = Creative ALchemy for X-Fi (Shared Components)
"Veetle TV" = Veetle TV 0.9.17
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WinShell_is1" = WinShell
"ZENcast Organizer" = Organizer ZENcast

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3462998669-1995678075-2130207941-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Dropbox" = Dropbox
"NH Poker" = NH Poker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/09/2010 17.50.09 | Computer Name = Lucio_Asus | Source = LoadPerf | ID = 3011
Description =

Error - 13/09/2010 8.00.44 | Computer Name = Lucio_Asus | Source = LoadPerf | ID = 3012
Description =

Error - 13/09/2010 8.00.44 | Computer Name = Lucio_Asus | Source = LoadPerf | ID = 3011
Description =

Error - 13/09/2010 8.13.35 | Computer Name = Lucio_Asus | Source = Google Update | ID = 20
Description =

Error - 13/09/2010 10.49.45 | Computer Name = Lucio_Asus | Source = LoadPerf | ID = 3012
Description =

Error - 13/09/2010 10.49.45 | Computer Name = Lucio_Asus | Source = LoadPerf | ID = 3011
Description =

Error - 13/09/2010 13.56.03 | Computer Name = Lucio_Asus | Source = LoadPerf | ID = 3012
Description =

Error - 13/09/2010 13.56.03 | Computer Name = Lucio_Asus | Source = LoadPerf | ID = 3011
Description =

Error - 13/09/2010 15.26.18 | Computer Name = Lucio_Asus | Source = LoadPerf | ID = 3012
Description =

Error - 13/09/2010 15.26.18 | Computer Name = Lucio_Asus | Source = LoadPerf | ID = 3011
Description =

[ SitNGoWizard Events ]
Error - 20/06/2009 7.35.31 | Computer Name = Lucio_Asus | Source = SitNGoWizard | ID = 1
Description = Object reference not set to an instance of an object.

[ System Events ]
Error - 10/09/2010 20.08.24 | Computer Name = Lucio_Asus | Source = Service Control Manager | ID = 7023
Description =

Error - 10/09/2010 20.08.24 | Computer Name = Lucio_Asus | Source = Service Control Manager | ID = 7023
Description =

Error - 10/09/2010 20.08.26 | Computer Name = Lucio_Asus | Source = Service Control Manager | ID = 7023
Description =

Error - 10/09/2010 20.18.29 | Computer Name = Lucio_Asus | Source = Service Control Manager | ID = 7000
Description =

Error - 10/09/2010 20.30.06 | Computer Name = Lucio_Asus | Source = Service Control Manager | ID = 7023
Description =

Error - 11/09/2010 12.31.57 | Computer Name = Lucio_Asus | Source = Service Control Manager | ID = 7023
Description =

Error - 11/09/2010 18.32.12 | Computer Name = Lucio_Asus | Source = Service Control Manager | ID = 7023
Description =

Error - 12/09/2010 14.06.55 | Computer Name = Lucio_Asus | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001B77396FE9 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/09/2010 14.14.47 | Computer Name = Lucio_Asus | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.104 for the Network Card with network
address 001B77396FE9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 13/09/2010 10.48.30 | Computer Name = Lucio_Asus | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.104 for the Network Card with network
address 001B77396FE9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 PM

Posted 14 September 2010 - 08:35 AM

Hi,

please run a scan with MBRCheck next:
Please download MBRCheck.exe to your desktop.
  1. Double click to run it
  2. It will prompt you with some text
  3. Left click on title bar (where program name and path is written)
  4. From menu chose Edit -> Select All
  5. Now just click Enter key on keyboard to copy selected text
  6. Now paste that text here for me.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 pacuvio

pacuvio
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 14 September 2010 - 08:46 AM

Hi myrti,
here is the text. In case I have to choose between Y or N at the end just tell me, so far I stopped here.
cheers

lucio


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: A8JS
Logical Drives Mask: 0x0000003c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b5900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000011`73d00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black I
nternet)!
SHA1: B328675F23A319990359B8DDCB82AFA325BC2557


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 PM

Posted 14 September 2010 - 03:59 PM

Hi,

we will need to modify your MBR, before doing so please make a backup of it.
  • Please download mbr.exe and save it to your desktop<- (Important!).
  • Open NOTEPAD and copy/paste the text in the quotebox below into it:
    CODE
    @ECHO OFF
    copy "%userprofile%\Desktop\mbr.exe" "c:\windows\mbr.exe"
    CD "%~DP0"
    MBR -c 0 1 "%userprofile%\Desktop\backup_mbr.zip"
    DEL %0

  • Save this as mbrlook.bat. Choose to "Save type as - All Files" and save it to your Desktop.
    It should look like this:
  • Right click the mbrlook.bat and select run as administrator to run it.
  • A file named mbr.zip will be created on your desktop. Please attach that to your next reply.
Once we have the backup of the file, I'll give you the instructions to replace the MBR.

regards myrti

Edited by myrti, 14 September 2010 - 03:59 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 pacuvio

pacuvio
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 15 September 2010 - 12:07 PM

Hi myrti,
sorry for my late reply, I'm traveling for work reasons and the internet connection sometimes is not good.
I attach the file that has been created
cheers

lucio

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 PM

Posted 15 September 2010 - 02:48 PM

Hi,

great. Let's go replace that MBR then:

Your log indicates you have an infected Master Boot Record (MBR). To learn more about this infection please refer to:Rerun MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option [2] (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter [0] (for PhysicalDrive0) and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below.
    QUOTE
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
  • Please select your version of Windows from the list and enter the corresponding number (For example, type 0 or 1 for XP, type 3 for Vista, type 5 for Windows 7, etc) and then press Enter. Be careful...if the wrong OS is used, it will render the computer unbootable.
  • When prompted for confirmation: 'Do you want to fix the MBR code?'. Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key on your keyboard to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.
Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. Further, Vista does not always use the same MBR code as it depends on the type of install that was used. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console (XP) or Recovery Environment Startup Repair (Vista, Windows 7) in case of any problems, or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 pacuvio

pacuvio
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 17 September 2010 - 04:33 AM

Hi myrti,

I did as requested, restarted the computer and everything went smooth.
I paste below the MBRCheck.txt
cheers

lucio


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: A8JS
Logical Drives Mask: 0x0000003c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b5900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000011`73d00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black I
nternet)!
SHA1: B328675F23A319990359B8DDCB82AFA325BC2557


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 PM

Posted 17 September 2010 - 08:53 AM

Hi,

great, please repost a new log of MBRCheck so we can see twhat the MBR code looks like now. How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 pacuvio

pacuvio
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 17 September 2010 - 11:27 AM

Hi myrti,
the computer runs good and it seems normal, but the MBRCheck log file probably says something wrong is still there..
I paste it below
cheers

lucio


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: A8JS
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 157):
0x82800000 \SystemRoot\system32\ntkrnlpa.exe
0x82BA1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80473000 \SystemRoot\system32\drivers\fltmgr.sys
0x80430000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80428000 \SystemRoot\system32\drivers\msisadrv.sys
0x80419000 \SystemRoot\system32\drivers\volmgr.sys
0x807DB000 \SystemRoot\system32\drivers\pci.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8040F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807CB000 \SystemRoot\System32\drivers\mountmgr.sys
0x80408000 \SystemRoot\system32\drivers\intelide.sys
0x807BD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80773000 \SystemRoot\System32\drivers\volmgrx.sys
0x80400000 \SystemRoot\system32\drivers\atapi.sys
0x80755000 \SystemRoot\system32\drivers\ataport.SYS
0x80745000 \SystemRoot\system32\drivers\fileinfo.sys
0x8070C000 \SystemRoot\system32\drivers\PCTCore.sys
0x80608000 \SystemRoot\system32\drivers\ndis.sys
0x883D5000 \SystemRoot\system32\drivers\msrpc.sys
0x8839C000 \SystemRoot\system32\drivers\NETIO.SYS
0x88294000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8822A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x885CA000 \SystemRoot\system32\drivers\volsnap.sys
0x80600000 \SystemRoot\System32\Drivers\spldr.sys
0x8821B000 \SystemRoot\System32\drivers\partmgr.sys
0x8820C000 \SystemRoot\System32\Drivers\mup.sys
0x885A5000 \SystemRoot\System32\drivers\ecache.sys
0x88594000 \SystemRoot\system32\drivers\disk.sys
0x88573000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88203000 \SystemRoot\system32\drivers\crcdisk.sys
0x89256000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8936D000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x892ED000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x89268000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C3C0000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C323000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B860000 \SystemRoot\System32\drivers\watchdog.sys
0x8B84E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CBEA000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8B81F000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8B814000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C2E6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B806000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88FA9000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C268000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C250000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x88FC1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8C23C000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8CAA9000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C229000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B8D5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CA7E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x88E01000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C21E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x892FD000 \SystemRoot\system32\DRIVERS\SMSCirda.sys
0x89388000 \SystemRoot\system32\drivers\irenum.sys
0x8C206000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B936000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8B9D0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88E5D000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x8CA53000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CA13000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CA08000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C9F1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C9E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C9C3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CAFA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C9B0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CB09000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C9A5000 \SystemRoot\system32\DRIVERS\VClone.sys
0x8C97F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x89235000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C955000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C94B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B87A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C917000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C8FC000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x88E7D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C82C000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8D3D3000 \SystemRoot\system32\drivers\portcls.sys
0x8C807000 \SystemRoot\system32\drivers\drmk.sys
0x8D2E3000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8B887000 \SystemRoot\system32\drivers\modem.sys
0x8D2D9000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x89391000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C2B5000 \SystemRoot\System32\Drivers\Null.SYS
0x8C2BC000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C2C3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D2CD000 \SystemRoot\System32\drivers\vga.sys
0x8D2AC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x892C5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x892CD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D281000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D273000 \SystemRoot\System32\Drivers\Npfs.SYS
0x893A3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D72A000 \SystemRoot\System32\drivers\tcpip.sys
0x8D25A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D245000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D22F000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8D6F8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D21B000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D6B1000 \SystemRoot\system32\drivers\afd.sys
0x8B921000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8D205000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D6A3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D690000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D655000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D64B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D634000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D60D000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8D97D000 \SystemRoot\System32\Drivers\usbvm321.sys
0x8B894000 \SystemRoot\System32\Drivers\STREAM.SYS
0x8B8BB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x89315000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x892DD000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x917D8000 \SystemRoot\System32\Drivers\fastfat.SYS
0x92A00000 \SystemRoot\System32\win32k.sys
0x8D805000 \SystemRoot\System32\drivers\Dxapi.sys
0x98200000 \SystemRoot\System32\TSDDD.dll
0x98210000 \SystemRoot\System32\cdd.dll
0x994C0000 \SystemRoot\system32\drivers\luafv.sys
0x99489000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8B9A8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x9AD72000 \SystemRoot\system32\drivers\spsys.sys
0x9A661000 \SystemRoot\system32\DRIVERS\irda.sys
0x88E6D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A6FE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A689000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A64E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9BA2A000 \SystemRoot\system32\drivers\HTTP.sys
0x9BA0F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D9A7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D993000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D973000 \SystemRoot\system32\drivers\mrxdav.sys
0x9D955000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D91C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D90A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D561000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D4CE000 \SystemRoot\System32\DRIVERS\srv.sys
0x8B99F000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x9E322000 \SystemRoot\system32\drivers\peauth.sys
0x9A6B1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8D83B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8C2D1000 \??\C:\Program Files\Spyware Doctor\PCTSDInj32.sys
0x8C27D000 \??\C:\Program Files\P4G\WCPU.sys
0x8D957000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB509A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77140000 \Windows\System32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
636 csrss.exe
684 C:\Windows\System32\wininit.exe
692 csrss.exe
728 C:\Windows\System32\services.exe
744 C:\Windows\System32\lsass.exe
752 C:\Windows\System32\lsm.exe
824 C:\Windows\System32\winlogon.exe
940 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\audiodg.exe
1296 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1316 C:\Windows\System32\SLsvc.exe
1372 C:\Windows\System32\svchost.exe
1460 C:\Windows\System32\svchost.exe
1596 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
1620 C:\Program Files\Avast5\AvastSvc.exe
1896 C:\Windows\System32\spoolsv.exe
1920 C:\Windows\System32\svchost.exe
720 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
928 C:\Program Files\Bonjour\mDNSResponder.exe
1096 C:\Windows\System32\svchost.exe
612 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2176 C:\Program Files\Google\Update\GoogleUpdate.exe
2260 C:\Windows\System32\svchost.exe
2292 C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
2372 C:\Program Files\Spyware Doctor\pctsAuxs.exe
2420 C:\Program Files\Spyware Doctor\pctsSvc.exe
2596 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2616 C:\Windows\System32\svchost.exe
2672 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2736 C:\Windows\System32\svchost.exe
2788 C:\Windows\System32\SearchIndexer.exe
2868 C:\Windows\System32\dwm.exe
2892 C:\Windows\explorer.exe
3144 C:\Program Files\ATK Hotkey\HControl.exe
3196 C:\Program Files\Avast5\AvastUI.exe
3224 C:\Program Files\Spyware Doctor\pctsTray.exe
3232 C:\Windows\System32\rundll32.exe
3240 C:\Program Files\Windows Sidebar\sidebar.exe
3412 C:\Program Files\Windows Sidebar\sidebar.exe
3568 C:\Program Files\ATKOSD2\ATKOSD2.exe
3576 C:\Program Files\Wireless Console 2\wcourier.exe
3604 C:\Program Files\P4G\BatteryLife.exe
3620 C:\Program Files\ASUS\Splendid\ACMON.exe
3724 ACEngSvr.exe
3764 C:\Program Files\ATK Hotkey\ATKOSD.exe
3996 WmiPrvSE.exe
2340 C:\Windows\System32\taskeng.exe
3168 C:\Windows\System32\taskeng.exe
5360 C:\Windows\System32\wuauclt.exe
5020 taskeng.exe
4716 C:\Program Files\Mozilla Firefox\firefox.exe
5328 C:\Windows\System32\conime.exe
2256 C:\Program Files\Mozilla Firefox\plugin-container.exe
3068 C:\Users\Lucio\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
5468 C:\Users\Lucio\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b5900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000011`73d00000 (NTFS)

PhysicalDrive0 Model Number: ST9120822AS, Rev: 3.ALC

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: B328675F23A319990359B8DDCB82AFA325BC2557


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 PM

Posted 20 September 2010 - 07:30 AM

Hi,

please run a scan with ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 pacuvio

pacuvio
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 20 September 2010 - 09:58 AM

Hi myrti,
I've done as explained, and I paste below the log file.
Two minor things happened, which may be irrelevant:
1) I had to unistall Avast! and Spyware Doctor 7.0 since even when manually disabled they had running processes detected by ComboFix
2) after ComboFix finished and the log file was created I was unable to open any file or run any program, getting at every attempt the message "Illegal operation attempted on a registry key that has been marked for deletion". I restarted the computer, and now everything seems normal.

cheers

lucio

ps: I noticed that in the log file some parts are in italian; probably they are in standard places so you can easily guess what's there, however if needed I can translate them


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


ComboFix 10-09-19.03 - Lucio 20/09/2010 15.22.28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1033.18.2047.1403 [GMT 1:00]
Eseguito da: c:\users\Lucio\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iWin Games\iWinGamesHookIE.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\system volume information\_restore{d5fffa500b1b}
c:\system volume information\_restore{d5fffa500b1b}\smss.exe
c:\system volume information\_restore{d5fffa500b1b}\svchost.exe
c:\users\Lucio\.COMMgr
c:\users\Lucio\AppData\Local\Windows Server
c:\users\Lucio\AppData\Local\Windows Server\flags.ini
c:\users\Lucio\AppData\Local\Windows Server\uses32.dat

La copia infetta di c:\windows\system32\drivers\disk.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack tongue.gif
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Creati Da 2010-08-20 al 2010-09-20 )))))))))))))))))))))))))))))))))))
.

2010-09-20 14:29 . 2010-09-20 14:29 -------- d-----w- c:\users\postgreuser\AppData\Local\temp
2010-09-20 14:29 . 2010-09-20 14:29 -------- d-----w- c:\users\postgres.Lucio_Asus\AppData\Local\temp
2010-09-20 14:29 . 2010-09-20 14:29 -------- d-----w- c:\users\Lucio\AppData\Local\temp
2010-09-20 14:20 . 2010-09-20 14:21 -------- d-----w- C:\32788R22FWJFW
2010-09-04 23:44 . 2010-09-04 23:44 52840 ----a-w- c:\windows\system32\drivers\klrazobj.sys
2010-09-04 20:20 . 2010-09-04 23:45 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-04 19:33 . 2010-09-04 19:33 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-09-04 19:33 . 2010-09-04 19:33 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-09-04 19:33 . 2010-09-04 19:33 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-09-04 19:32 . 2010-09-04 19:32 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-09-04 19:32 . 2010-09-04 19:32 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-09-04 19:32 . 2010-09-04 19:32 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-09-04 19:32 . 2010-09-04 19:32 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-09-04 19:31 . 2010-09-04 19:31 818688 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-09-04 19:31 . 2010-09-04 19:31 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-09-04 19:31 . 2010-09-04 19:31 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-09-04 19:31 . 2010-09-04 19:31 213896 ----a-w- c:\windows\system32\drivers\netio.sys
2010-09-04 19:31 . 2010-09-04 19:31 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-09-04 19:31 . 2010-09-04 19:31 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-09-04 19:31 . 2010-09-04 19:31 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-09-04 19:31 . 2010-09-04 19:31 85504 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2010-09-04 19:31 . 2010-09-04 19:31 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2010-09-04 19:31 . 2010-09-04 19:31 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2010-09-04 19:31 . 2010-09-04 19:31 317440 ----a-w- c:\windows\system32\BFE.DLL
2010-09-04 19:31 . 2010-09-04 19:31 97792 ----a-w- c:\windows\system32\cabview.dll
2010-09-04 18:27 . 2010-09-06 11:23 -------- d-----w- c:\program files\Spybot
2010-09-04 18:27 . 2010-09-05 00:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-04 15:40 . 2010-09-04 15:46 -------- d-----w- c:\programdata\Google Updater
2010-09-03 16:30 . 2010-09-03 16:30 -------- d-----w- c:\users\Lucio\AppData\Roaming\InstallShield
2010-09-03 16:29 . 2010-09-20 14:04 -------- d-----w- c:\program files\Avast5
2010-09-03 16:29 . 2010-09-20 14:00 -------- d-----w- c:\programdata\Alwil Software
2010-09-03 15:14 . 2010-09-03 15:14 -------- d-----w- c:\users\Lucio\AppData\Local\Sunbelt Software
2010-09-03 14:50 . 2010-09-03 15:19 -------- d-----w- c:\programdata\Lavasoft
2010-09-02 20:39 . 2010-09-04 21:22 -------- d-----w- c:\users\Lucio\AppData\Local\VirtualStore
2010-09-02 20:15 . 2010-09-02 22:44 -------- d-----w- c:\users\Lucio\AppData\Local\exolwxfce
2010-08-22 01:20 . 2010-08-22 01:20 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 14:29 . 2009-07-05 20:52 -------- d-----w- c:\program files\iWin Games
2010-09-20 14:16 . 2008-12-22 21:35 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-09-20 14:12 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-19 22:20 . 2008-12-24 17:07 -------- d-----w- c:\users\Lucio\AppData\Roaming\Free Download Manager
2010-09-19 21:30 . 2009-11-12 10:45 1 ----a-w- c:\users\Lucio\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-19 21:27 . 2009-11-05 19:30 -------- d-----w- c:\users\Lucio\AppData\Roaming\vlc
2010-09-19 01:32 . 2009-01-05 17:02 -------- d-----w- c:\users\Lucio\AppData\Roaming\Skype
2010-09-18 22:33 . 2009-04-14 20:25 -------- d-----w- c:\users\Lucio\AppData\Roaming\skypePM
2010-09-14 22:19 . 2008-12-22 21:37 54360 ----a-w- c:\users\Lucio\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-10 23:57 . 2010-02-06 12:43 -------- d-----w- c:\users\Lucio\AppData\Roaming\Dropbox
2010-09-06 15:13 . 2009-01-17 10:19 1356 ----a-w- c:\users\Lucio\AppData\Local\d3d9caps.dat
2010-09-04 19:57 . 2008-12-22 22:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 15:41 . 2009-07-06 13:33 -------- d-----w- c:\program files\Google
2010-09-03 16:32 . 2010-04-10 15:56 -------- d-----w- c:\programdata\avg9
2010-09-03 16:25 . 2010-08-19 17:30 8092476 ----a-w- c:\users\Lucio\AppData\Local\prvlcl.dat
2010-09-03 11:22 . 2010-04-27 20:15 -------- d-----w- c:\users\Lucio\AppData\Roaming\CDB256A685AF524CBD3AB735CCACEA57
2010-09-01 21:47 . 2009-12-21 15:54 -------- d-----w- c:\program files\SmartVoip
2010-08-19 11:33 . 2010-04-21 22:03 -------- d-----w- c:\program files\gdpoker_skin
2010-08-19 10:16 . 2008-12-27 10:55 -------- d-----w- c:\users\Lucio\AppData\Roaming\dvdcss
2010-08-19 10:16 . 2010-04-09 21:51 -------- d-----w- c:\program files\Holdem Manager
2010-08-19 10:16 . 2008-12-26 14:31 -------- d-----w- c:\program files\LEd
2010-08-18 22:55 . 2010-03-23 22:10 -------- d-----w- c:\program files\Opera
2010-07-25 23:26 . 2009-02-08 10:54 -------- d-----w- c:\program files\PokerStove
2010-07-02 22:58 . 2010-03-30 09:07 439816 ----a-w- c:\users\Lucio\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-26 21:53 . 2010-06-26 21:53 38208 ----a-w- c:\users\Lucio\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-26 20:14 . 2010-03-26 20:14 64447 ----a-w- c:\program files\hminstalllog.txt
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lucio\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lucio\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lucio\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-12-22 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative SB Monitoring Utility"="sbavmon.dll" [2007-06-28 93696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-12 17:41 133104 ----atw- c:\users\Lucio\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-20 09:48 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2007-12-19 15:58 217192 ------w- c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 tqvpcock;tqvpcock;c:\windows\System32\drivers\cvbuyo.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 133104]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [x]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-12-24 79360]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-02-12 450944]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-06 691696]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenuto della cartella 'Scheduled Tasks'

2010-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-04 15:40]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 13:33]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-06 13:33]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3462998669-1995678075-2130207941-1000Core.job
- c:\users\Lucio\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-12 17:41]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3462998669-1995678075-2130207941-1000UA.job
- c:\users\Lucio\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-12 17:41]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A}
FF - ProfilePath - c:\users\Lucio\AppData\Roaming\Mozilla\Firefox\Profiles\1r65a636.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\Lucio\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Lucio\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

ActiveSetup-{82KQZD-KETGBH-Y9B4AV-9NGMHA} - c:\windows\system32\winsrv32.exe
AddRemove-Lavasoft VX2 Cleaner - c:\progra~1\Lavasoft\Ad-Aware\Plugins\UNWISE.EXE



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3848)
c:\users\Lucio\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Ora fine scansione: 2010-09-20 15:32:46
ComboFix-quarantined-files.txt 2010-09-20 14:32

Pre-Run: 22.008.418.304 bytes free
Post-Run: 22.144.270.336 bytes free

- - End Of File - - 25BCDBE22E3684FAF3B68B0B801391B7


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 PM

Posted 21 September 2010 - 03:04 AM

Hi,

the italian is fine.. I speak enough roman languages to figure out what it means. laugh.gif

I am quite impressed by the collection of malware you assembled on that PC. Did you set up a proxy in Firefox and Internet Explorer or should I have ComboFix remove those?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 pacuvio

pacuvio
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 21 September 2010 - 04:47 AM

Hi myrti,
no I didn't set up any proxy, they came out with the infection, let's remove them!
cheers

lucio





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users