Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Notebook infected


  • This topic is locked This topic is locked
17 replies to this topic

#1 lucaspeed

lucaspeed

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 20 December 2010 - 05:51 PM

Hi, a friend of mine gave me a Dell notebook, I suspect it is infected with some sort of malware (I removed a LOT of "freeware" programs and p0rn toolbars) but something nasty is yet to be removed.
I tried to run DDS and crashed, the same for combofix, even using rkill before.
Didn't try in safe mode yet (trying now)
It is a Latitude D510 with Windows 7 Ultimate (32-bit).

A quick update to let you know that DDS & ComboFix freeze even in safe mode.

Merged posts. ~ OB

EDIT: Added OP OTL log fromm AII topic.~~boopme
This is OTL.txt but I don't see any Extra.txt on the desktop nor minimized.


OTL logfile created on: 27/12/2010 02:27:26 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Benito\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1.015,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 40,84 Gb Free Space | 73,07% Space Free | Partition Type: NTFS

Computer Name: BENITOPC | User Name: Benito | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Benito\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Benito\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (pnicml) -- C:\Users\PIERLU~1\AppData\Local\Temp\pnicml.sys File not found
DRV - (hwusbdev) -- C:\Windows\System32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\Users\PIERLU~1\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (VSTHWICH) -- C:\Windows\System32\drivers\VSTICH3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw2v32) Driver di Intel® -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (STAC97) -- C:\Windows\System32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (omci) -- C:\Windows\System32\drivers\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myp2p.eu/competition.php?competitionid=&part=sports&discipline=football
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B C9 77 8F 89 A4 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.37.17.16 85.38.28.68
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


========== Files/Folders - Created Within 30 Days ==========

[2010/12/27 02:25:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Benito\Desktop\OTL.exe
[2010/12/26 00:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010/12/26 00:15:13 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Roaming\Macromedia
[2010/12/26 00:15:08 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Roaming\Adobe
[2010/12/24 18:03:53 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Local\Apple
[2010/12/21 23:33:26 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/21 22:57:55 | 000,000,000 | R--D | C] -- C:\Users\Benito\Searches
[2010/12/21 22:57:43 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Roaming\Identities
[2010/12/21 22:57:39 | 000,000,000 | R--D | C] -- C:\Users\Benito\Contacts
[2010/12/21 22:57:26 | 000,000,000 | --SD | C] -- C:\Users\Benito\AppData\Roaming\Microsoft
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Videos
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Saved Games
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Pictures
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Music
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Links
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Favorites
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Downloads
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Documents
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Desktop
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Documents\Video
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\AppData\Local\Temporary Internet Files
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\SendTo
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Risorse di stampa
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Risorse di rete
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Recenti
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Documents\Musica
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Modelli
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Menu Avvio
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Impostazioni locali
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Documents\Immagini
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Documenti
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Dati applicazioni
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\AppData\Local\Dati applicazioni
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\AppData\Local\Cronologia
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Cookies
[2010/12/21 22:57:26 | 000,000,000 | -H-D | C] -- C:\Users\Benito\AppData
[2010/12/21 22:57:26 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Local\Temp
[2010/12/21 22:57:26 | 000,000,000 | ---D | C] -- C:\Users\Benito\Roaming
[2010/12/21 22:57:26 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Local\Microsoft
[2010/12/21 22:57:26 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Roaming\Media Center Programs
[2010/12/20 23:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/12/20 21:32:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/12/20 19:47:19 | 000,472,064 | ---- | C] ( ) -- C:\Users\Benito\Desktop\RootRepeal.exe
[2010/12/20 17:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/20 17:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/20 17:07:23 | 000,472,064 | ---- | C] ( ) -- C:\RootRepeal.exe
[2010/12/20 16:59:46 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/12/20 12:31:12 | 000,388,096 | ---- | C] (Trend Micro Inc.) -- C:\Users\Benito\Desktop\fgahgfh.exe
[2010/12/20 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/20 11:59:03 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Benito\Desktop\TDSSKiller.exe
[2010/12/20 01:17:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 01:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/20 01:17:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 01:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/20 00:18:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/20 00:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

========== Files - Modified Within 30 Days ==========

[2010/12/27 02:28:43 | 000,945,724 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010/12/27 02:28:43 | 000,692,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/27 02:28:43 | 000,212,338 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010/12/27 02:28:43 | 000,179,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/27 02:28:25 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 02:28:25 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 02:26:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Benito\Desktop\OTL.exe
[2010/12/27 02:22:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/27 02:22:34 | 798,572,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/26 01:01:26 | 000,780,283 | ---- | M] () -- C:\Users\Benito\Desktop\rkill.exe
[2010/12/26 00:19:23 | 000,000,918 | ---- | M] () -- C:\Users\Benito\Desktop\SopCast.lnk
[2010/12/24 17:56:46 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/12/24 17:56:43 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/12/21 22:09:18 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 23:10:53 | 000,624,128 | ---- | M] () -- C:\Users\Benito\Desktop\dds.scr
[2010/12/20 21:33:55 | 000,271,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/20 20:56:08 | 000,197,871 | ---- | M] () -- C:\MGlogs.zip
[2010/12/20 20:35:25 | 000,296,448 | ---- | M] () -- C:\Users\Benito\Desktop\y4cqysj7.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 17:16:56 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/20 16:59:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/20 16:59:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/20 12:59:37 | 002,416,140 | ---- | M] () -- C:\Users\Benito\Desktop\MGtools.exe
[2010/12/20 12:59:37 | 002,416,140 | ---- | M] () -- C:\MGtools.exe
[2010/12/20 12:01:19 | 000,080,384 | ---- | M] () -- C:\Users\Benito\Desktop\MBRCheck.exe
[2010/12/20 01:00:43 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Benito\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2010/12/26 01:01:17 | 000,780,283 | ---- | C] () -- C:\Users\Benito\Desktop\rkill.exe
[2010/12/26 00:19:23 | 000,000,918 | ---- | C] () -- C:\Users\Benito\Desktop\SopCast.lnk
[2010/12/20 23:10:45 | 000,624,128 | ---- | C] () -- C:\Users\Benito\Desktop\dds.scr
[2010/12/20 20:35:20 | 000,296,448 | ---- | C] () -- C:\Users\Benito\Desktop\y4cqysj7.exe
[2010/12/20 17:16:56 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/20 16:59:49 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/12/20 16:59:49 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/12/20 16:59:48 | 000,197,871 | ---- | C] () -- C:\MGlogs.zip
[2010/12/20 16:59:23 | 002,416,140 | ---- | C] () -- C:\MGtools.exe
[2010/12/20 12:59:23 | 002,416,140 | ---- | C] () -- C:\Users\Benito\Desktop\MGtools.exe
[2010/12/20 12:01:14 | 000,080,384 | ---- | C] () -- C:\Users\Benito\Desktop\MBRCheck.exe
[2010/12/20 01:17:12 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 01:00:43 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/02/28 01:19:39 | 000,000,044 | ---- | C] () -- C:\Windows\CRPRO2v5.INI
[2010/01/02 20:42:49 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/11/16 22:53:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\stac97co.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/03/04 14:50:06 | 000,962,560 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/01/13 10:46:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4764.dll

========== LOP Check ==========

[2010/04/01 03:06:11 | 000,032,498 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/12/20 12:59:37 | 002,416,140 | ---- | M] () -- C:\MGtools.exe
[2009/08/13 11:14:18 | 000,472,064 | ---- | M] ( ) -- C:\RootRepeal.exe


< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

Edited by boopme, 26 December 2010 - 08:48 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:43 PM

Posted 30 December 2010 - 06:23 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 30 December 2010 - 04:25 PM

Here's my logs; again I don't have an Extra.txt minimized.

OTL logfile created on: 30/12/2010 22:13:30 - Run 3
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Benito\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1.015,00 Mb Total Physical Memory | 453,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 40,89 Gb Free Space | 73,16% Space Free | Partition Type: NTFS

Computer Name: BENITOPC | User Name: Benito | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Benito\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Benito\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (pnicml) -- C:\Users\PIERLU~1\AppData\Local\Temp\pnicml.sys File not found
DRV - (hwusbdev) -- C:\Windows\System32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\Users\PIERLU~1\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (VSTHWICH) -- C:\Windows\System32\drivers\VSTICH3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw2v32) Driver di Intel® -- C:\Windows\System32\drivers\NETw2v32.sys (Intel« Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (STAC97) -- C:\Windows\System32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (omci) -- C:\Windows\System32\drivers\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4144415939-2533878200-2763717448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.myp2p.eu/competition.php?competitionid=&part=sports&discipline=football
IE - HKU\S-1-5-21-4144415939-2533878200-2763717448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4144415939-2533878200-2763717448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-4144415939-2533878200-2763717448-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9B C9 77 8F 89 A4 CB 01 [binary data]
IE - HKU\S-1-5-21-4144415939-2533878200-2763717448-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4144415939-2533878200-2763717448-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.37.17.16 85.38.28.68
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/27 02:25:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Benito\Desktop\OTL.exe
[2010/12/26 00:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010/12/26 00:15:13 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Roaming\Macromedia
[2010/12/26 00:15:08 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Roaming\Adobe
[2010/12/24 18:03:53 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Local\Apple
[2010/12/21 23:33:26 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/21 22:57:55 | 000,000,000 | R--D | C] -- C:\Users\Benito\Searches
[2010/12/21 22:57:43 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Roaming\Identities
[2010/12/21 22:57:39 | 000,000,000 | R--D | C] -- C:\Users\Benito\Contacts
[2010/12/21 22:57:26 | 000,000,000 | --SD | C] -- C:\Users\Benito\AppData\Roaming\Microsoft
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Videos
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Saved Games
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Pictures
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Music
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Links
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Favorites
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Downloads
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Documents
[2010/12/21 22:57:26 | 000,000,000 | R--D | C] -- C:\Users\Benito\Desktop
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Documents\Video
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\AppData\Local\Temporary Internet Files
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\SendTo
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Risorse di stampa
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Risorse di rete
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Recenti
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Documents\Musica
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Modelli
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Menu Avvio
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Impostazioni locali
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Documents\Immagini
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Documenti
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Dati applicazioni
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\AppData\Local\Dati applicazioni
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\AppData\Local\Cronologia
[2010/12/21 22:57:26 | 000,000,000 | -HSD | C] -- C:\Users\Benito\Cookies
[2010/12/21 22:57:26 | 000,000,000 | -H-D | C] -- C:\Users\Benito\AppData
[2010/12/21 22:57:26 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Local\Temp
[2010/12/21 22:57:26 | 000,000,000 | ---D | C] -- C:\Users\Benito\Roaming
[2010/12/21 22:57:26 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Local\Microsoft
[2010/12/21 22:57:26 | 000,000,000 | ---D | C] -- C:\Users\Benito\AppData\Roaming\Media Center Programs
[2010/12/20 23:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/12/20 21:32:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/12/20 19:47:19 | 000,472,064 | ---- | C] ( ) -- C:\Users\Benito\Desktop\RootRepeal.exe
[2010/12/20 17:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/20 17:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/20 17:07:23 | 000,472,064 | ---- | C] ( ) -- C:\RootRepeal.exe
[2010/12/20 16:59:46 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/12/20 12:31:12 | 000,388,096 | ---- | C] (Trend Micro Inc.) -- C:\Users\Benito\Desktop\fgahgfh.exe
[2010/12/20 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/20 11:59:03 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Benito\Desktop\TDSSKiller.exe
[2010/12/20 01:17:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 01:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/20 01:17:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 01:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/20 00:18:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/20 00:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

========== Files - Modified Within 30 Days ==========

[2010/12/30 22:12:30 | 000,133,632 | ---- | M] () -- C:\Users\Benito\Desktop\RKUnhookerLE.EXE
[2010/12/30 22:12:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Benito\Desktop\OTL.exe
[2010/12/30 22:09:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/30 22:09:02 | 798,572,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/27 03:42:46 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 03:42:46 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 03:02:37 | 000,959,468 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010/12/27 03:02:37 | 000,697,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/27 03:02:37 | 000,217,048 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010/12/27 03:02:37 | 000,183,900 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/26 01:01:26 | 000,780,283 | ---- | M] () -- C:\Users\Benito\Desktop\rkill.exe
[2010/12/26 00:19:23 | 000,000,918 | ---- | M] () -- C:\Users\Benito\Desktop\SopCast.lnk
[2010/12/24 17:56:46 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/12/24 17:56:43 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/12/21 22:09:18 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 23:10:53 | 000,624,128 | ---- | M] () -- C:\Users\Benito\Desktop\dds.scr
[2010/12/20 21:33:55 | 000,271,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/20 20:56:08 | 000,197,871 | ---- | M] () -- C:\MGlogs.zip
[2010/12/20 20:35:25 | 000,296,448 | ---- | M] () -- C:\Users\Benito\Desktop\y4cqysj7.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/20 17:16:56 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/20 16:59:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/20 16:59:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/20 12:59:37 | 002,416,140 | ---- | M] () -- C:\Users\Benito\Desktop\MGtools.exe
[2010/12/20 12:59:37 | 002,416,140 | ---- | M] () -- C:\MGtools.exe
[2010/12/20 12:01:19 | 000,080,384 | ---- | M] () -- C:\Users\Benito\Desktop\MBRCheck.exe
[2010/12/20 01:00:43 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Benito\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2010/12/30 22:12:20 | 000,133,632 | ---- | C] () -- C:\Users\Benito\Desktop\RKUnhookerLE.EXE
[2010/12/26 01:01:17 | 000,780,283 | ---- | C] () -- C:\Users\Benito\Desktop\rkill.exe
[2010/12/26 00:19:23 | 000,000,918 | ---- | C] () -- C:\Users\Benito\Desktop\SopCast.lnk
[2010/12/20 23:10:45 | 000,624,128 | ---- | C] () -- C:\Users\Benito\Desktop\dds.scr
[2010/12/20 20:35:20 | 000,296,448 | ---- | C] () -- C:\Users\Benito\Desktop\y4cqysj7.exe
[2010/12/20 17:16:56 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/20 16:59:49 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/12/20 16:59:49 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/12/20 16:59:48 | 000,197,871 | ---- | C] () -- C:\MGlogs.zip
[2010/12/20 16:59:23 | 002,416,140 | ---- | C] () -- C:\MGtools.exe
[2010/12/20 12:59:23 | 002,416,140 | ---- | C] () -- C:\Users\Benito\Desktop\MGtools.exe
[2010/12/20 12:01:14 | 000,080,384 | ---- | C] () -- C:\Users\Benito\Desktop\MBRCheck.exe
[2010/12/20 01:17:12 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/20 01:00:43 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/02/28 01:19:39 | 000,000,044 | ---- | C] () -- C:\Windows\CRPRO2v5.INI
[2010/01/02 20:42:49 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/11/16 22:53:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\stac97co.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/03/04 14:50:06 | 000,962,560 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/01/13 10:46:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4764.dll

========== LOP Check ==========

[2010/04/01 03:06:11 | 000,032,498 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #1
==============================================
>Drivers
==============================================
0x8DE29000 C:\Windows\system32\DRIVERS\igxpmp32.sys 5672960 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0x8281E000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x8281E000 PnpManager 4259840 bytes
0x8281E000 RAW 4259840 bytes
0x8281E000 WMIxWDM 4259840 bytes
0x8FE27000 C:\Windows\system32\DRIVERS\NETw2v32.sys 2625536 bytes (Intel« Corporation, Intel« Wireless LAN Driver)
0x88030000 C:\Windows\System32\igxpdx32.DLL 2531328 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x822A0000 Win32k 2404352 bytes
0x822A0000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Driver Win32 multiutente)
0x87C40000 C:\Windows\System32\igxpdv32.DLL 1564672 bytes (Intel Corporation, Component GHAL Driver)
0x8703D000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, Driver TCP/IP)
0x86C22000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, Driver file system NT)
0x86E3F000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, Driver NDIS 6.20)
0x82ED9000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Modulo di controllo dell'integritÓ del codice)
0x94C13000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x91E8B000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, Stack del protocollo HTTP)
0x82E06000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x82F84000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Runtime framework driver modalitÓ kernel)
0x902B9000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Driver bus Bluetooth)
0x8BC85000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x86D8F000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8BAA3000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x94D31000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x94CE2000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8E39D000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, Driver porta USB 1.1 & 2.0)
0x86AD8000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Estensione del driver gestore dei volumi)
0x86A16000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, Driver ACPI per NT)
0x91E22000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, Driver miniport NativeWiFi)
0x90216000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x900A8000 C:\Windows\system32\drivers\STAC97.sys 274432 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0x82E97000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8BC1F000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Driver sottosistema buffer unitÓ di redirector)
0x871C0000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Driver copia shadow del volume)
0x86EF6000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x91F5E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x82C2E000 ACPI_HAL 225280 bytes
0x82C2E000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x86BB1000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Gestione filtri file system Microsoft)
0x90133000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x86F69000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8BAFD000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x87186000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x900EB000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x86B38000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, Driver bus PCMCIA)
0x87008000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8BD6E000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x86D51000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x82550000 C:\Windows\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0x86A6F000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, Enumeratore PCI Plug and Play per NT)
0x8BD0F000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x86FAC000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x86F34000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x9031F000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x86B85000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x91F3B000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8BD9A000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8BBA6000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x94CB4000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8BD37000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Driver interfaccia tunnel Microsoft)
0x8BA22000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x86E11000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8BB36000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, UtilitÓ di pianificazione pacchetti QoS)
0x90350000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x9036B000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Driver filtro virtualizzazione file LUA)
0x91F99000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8BB63000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Driver di dispositivo seriale)
0x9039B000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x91F10000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9011A000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8BCE9000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x90167000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, Driver della porta i8042)
0x901A3000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Driver della porta parallela)
0x901E0000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8FE0B000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x824F0000 C:\Windows\System32\drivers\dxg.sys 94208 bytes (Microsoft Corporation, DirectX Graphics Driver)
0x8DE11000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8BDBC000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8BA81000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x86B66000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Gestione punti di montaggio)
0x90386000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x94C00000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x86D7C000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x91E78000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8BB7D000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x901CE000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x902A7000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Driver miniport Bluetooth)
0x82590000 C:\Windows\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0x8BD58000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x91F29000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8DE00000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 69632 bytes (Broadcom Corporation, Driver Ethernet Broadcom Corporation NDIS 5.1)
0x86F9B000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x90296000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x86BE5000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9025A000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x86AA4000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x82E7E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Driver errori hardware specifici di piattaforma)
0x903B5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x86F59000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x91E68000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, Driver I/O modalitÓ utente NDIS)
0x8BB90000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x86AC8000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8E3E8000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8BD01000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8BB55000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8BA73000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x86B2A000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x86DEC000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8BDDD000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x86A08000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90343000 C:\Windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Espansione bus Bluetooth)
0x901C1000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x90275000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9018C000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Driver classe tastiera)
0x9017F000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Driver Mouse Class)
0x94CD5000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8BA43000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8BC79000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x86FF2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x86ABD000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x90282000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x94DEC000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8BDEB000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x91FBB000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, Driver del filtro del mouse HID)
0x8BA68000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8FE00000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8BA98000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8E392000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x86A99000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Enumeratore radice unitÓ virtuale)
0x9026B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8BC6F000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8BC65000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8BDD3000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x94CAA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x90199000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x86BA8000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x86B7C000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9028D000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x86C00000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x94D82000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82520000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x871B7000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x86A5E000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82E8F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x86AB5000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x87035000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA4000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x86A67000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8BA50000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BA58000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8BA60000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x87000000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x86E37000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x94DF7000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x86B23000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x86E30000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x91FB4000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x8BB2F000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x901BB000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8BBC8000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8BBA0000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x8BC60000 C:\Windows\system32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0x8BD6A000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8BD35000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0x8FE23000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9031D000 C:\Windows\System32\Drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x94DACF2E Unknown thread object [ ETHREAD 0x85F43B38 ] , 600 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:43 PM

Posted 30 December 2010 - 04:46 PM

Since you mention Combofix freezes, lets rename it. Rightclick the download link below and select "save target/link as". Save the file as fun.com and double click on it to run it.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 30 December 2010 - 06:39 PM

ComboFix (renamed fun.com) froze at the very beginning, just after the creation of the new system restore point.
Prints the "10 minutes" advice but not a single "Stage x complete" line appeared. Please note that CF make the whole PC freeze.
I have to shut it down from power button every time.
Exactly the same for DDS.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:43 PM

Posted 31 December 2010 - 03:24 AM

Please rerun OTL and click the NONE button. Change the value under "extra registry" to Use Safelist and click Run Scan. Post me the resulting extra.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 31 December 2010 - 08:05 AM

OTL Extras logfile created on: 31/12/2010 14:00:24 - Run 5
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Benito\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1.015,00 Mb Total Physical Memory | 540,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 41,22 Gb Free Space | 73,76% Space Free | Partition Type: NTFS

Computer Name: BENITOPC | User Name: Benito | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1040-7B44-A93000000001}" = Adobe Reader 9.3 - Italiano
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Homeworld2" = Homeworld2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"ProInst" = Software Intel® PROSet/Wireless
"SopCast" = SopCast 3.3.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/12/2010 17:17:47 | Computer Name = BenitoPC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Le stringhe relative alle prestazioni nel valore Performance del Registro
di sistema sono state danneggiate durante l'elaborazione dell'estensione del provider
contatori Performance. Il valore BaseIndex Ŕ il primo valore DWORD della sezione
Data, il valore LastCounter Ŕ il secondo valore DWORD della sezione Data e il valore
LastHelp Ŕ il terzo valore DWORD della sezione Data.

Error - 30/12/2010 17:17:47 | Computer Name = BenitoPC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Le stringhe relative alle prestazioni nel valore Performance del Registro
di sistema sono state danneggiate durante l'elaborazione dell'estensione del provider
contatori Performance. Il valore BaseIndex Ŕ il primo valore DWORD della sezione
Data, il valore LastCounter Ŕ il secondo valore DWORD della sezione Data e il valore
LastHelp Ŕ il terzo valore DWORD della sezione Data.

Error - 30/12/2010 17:17:47 | Computer Name = BenitoPC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Scaricamento delle stringhe dei contatori delle prestazioni per il
servizio WmiApRpl (WmiApRpl) non riuscito. Il primo valore DWORD nella sezione
Data contiene il codice di errore.

Error - 30/12/2010 19:20:00 | Computer Name = BenitoPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validitÓ se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 30/12/2010 19:20:00 | Computer Name = BenitoPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validitÓ se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 30/12/2010 19:24:13 | Computer Name = BenitoPC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Le stringhe relative alle prestazioni nel valore Performance del Registro
di sistema sono state danneggiate durante l'elaborazione dell'estensione del provider
contatori Performance. Il valore BaseIndex Ŕ il primo valore DWORD della sezione
Data, il valore LastCounter Ŕ il secondo valore DWORD della sezione Data e il valore
LastHelp Ŕ il terzo valore DWORD della sezione Data.

Error - 30/12/2010 19:24:13 | Computer Name = BenitoPC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Le stringhe relative alle prestazioni nel valore Performance del Registro
di sistema sono state danneggiate durante l'elaborazione dell'estensione del provider
contatori Performance. Il valore BaseIndex Ŕ il primo valore DWORD della sezione
Data, il valore LastCounter Ŕ il secondo valore DWORD della sezione Data e il valore
LastHelp Ŕ il terzo valore DWORD della sezione Data.

Error - 30/12/2010 19:24:13 | Computer Name = BenitoPC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Scaricamento delle stringhe dei contatori delle prestazioni per il
servizio WmiApRpl (WmiApRpl) non riuscito. Il primo valore DWORD nella sezione
Data contiene il codice di errore.

Error - 31/12/2010 08:59:01 | Computer Name = BenitoPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validitÓ se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

Error - 31/12/2010 08:59:01 | Computer Name = BenitoPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Impossibile estrarre l'elenco radice di terze parti dal file CAB di
aggiornamento automatico in <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
a causa dell'errore seguente: Un certificato richiesto non rientra nel suo periodo
di validitÓ se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato. .

[ Media Center Events ]
Error - 03/03/2010 17:00:05 | Computer Name = Pierluigi-PC | Source = MCUpdate | ID = 0
Description = 21:59:57 - Errore di connessione a Internet. 21:59:57 - Impossibile
contattare il server..

Error - 06/03/2010 11:07:39 | Computer Name = Pierluigi-PC | Source = MCUpdate | ID = 0
Description = 16:07:39 - Errore di connessione a Internet. 16:07:39 - Impossibile
contattare il server..

Error - 06/03/2010 11:07:52 | Computer Name = Pierluigi-PC | Source = MCUpdate | ID = 0
Description = 16:07:44 - Errore di connessione a Internet. 16:07:44 - Impossibile
contattare il server..

Error - 08/03/2010 07:54:38 | Computer Name = Pierluigi-PC | Source = MCUpdate | ID = 0
Description = 12:54:38 - Errore di connessione a Internet. 12:54:38 - Impossibile
contattare il server..

Error - 08/03/2010 07:54:51 | Computer Name = Pierluigi-PC | Source = MCUpdate | ID = 0
Description = 12:54:43 - Errore di connessione a Internet. 12:54:43 - Impossibile
contattare il server..

Error - 31/03/2010 22:09:59 | Computer Name = Pierluigi-PC | Source = MCUpdate | ID = 0
Description = 04:09:59 - Errore di connessione a Internet. 04:09:59 - Impossibile
contattare il server..

Error - 31/03/2010 22:10:34 | Computer Name = Pierluigi-PC | Source = MCUpdate | ID = 0
Description = 04:10:04 - Errore di connessione a Internet. 04:10:04 - Impossibile
contattare il server..

Error - 02/04/2010 10:47:43 | Computer Name = Pierluigi-PC | Source = MCUpdate | ID = 0
Description = 16:47:43 - Errore di connessione a Internet. 16:47:43 - Impossibile
contattare il server..

Error - 02/04/2010 10:47:56 | Computer Name = Pierluigi-PC | Source = MCUpdate | ID = 0
Description = 16:47:48 - Errore di connessione a Internet. 16:47:48 - Impossibile
contattare il server..

Error - 19/12/2010 18:13:54 | Computer Name = Pierluigi-PC | Source = MCUpdate | ID = 0
Description = 23:13:47 - Errore di connessione a Internet. 23:13:48 - Impossibile
contattare il server..

[ System Events ]
Error - 24/12/2010 13:00:27 | Computer Name = Pierluigi-PC | Source = Disk | ID = 262151
Description = Rilevato blocco danneggiato sul dispositivo \Device\Harddisk0\DR0.

Error - 24/12/2010 13:00:31 | Computer Name = Pierluigi-PC | Source = Disk | ID = 262151
Description = Rilevato blocco danneggiato sul dispositivo \Device\Harddisk0\DR0.

Error - 24/12/2010 13:00:36 | Computer Name = Pierluigi-PC | Source = Disk | ID = 262151
Description = Rilevato blocco danneggiato sul dispositivo \Device\Harddisk0\DR0.

Error - 24/12/2010 13:00:41 | Computer Name = Pierluigi-PC | Source = Disk | ID = 262151
Description = Rilevato blocco danneggiato sul dispositivo \Device\Harddisk0\DR0.

Error - 24/12/2010 13:00:48 | Computer Name = Pierluigi-PC | Source = Disk | ID = 262151
Description = Rilevato blocco danneggiato sul dispositivo \Device\Harddisk0\DR0.

Error - 24/12/2010 13:00:53 | Computer Name = Pierluigi-PC | Source = Disk | ID = 262151
Description = Rilevato blocco danneggiato sul dispositivo \Device\Harddisk0\DR0.

Error - 26/12/2010 21:22:40 | Computer Name = BenitoPC | Source = EventLog | ID = 6008
Description = Precedente arresto del sistema inatteso a 01:11:56 su ?26/?12/?2010.

Error - 26/12/2010 22:42:15 | Computer Name = BenitoPC | Source = DCOM | ID = 10010
Description =

Error - 30/12/2010 19:26:23 | Computer Name = BenitoPC | Source = Service Control Manager | ID = 7030
Description = Il servizio PEVSystemStart Ŕ contrassegnato come interattivo. Il sistema
non Ŕ configurato per consentire servizi interattivi. Questo servizio potrÓ non
funzionare correttamente.

Error - 31/12/2010 08:58:24 | Computer Name = BenitoPC | Source = EventLog | ID = 6008
Description = Precedente arresto del sistema inatteso a 00:27:19 su ?31/?12/?2010.


< End of report >

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:43 PM

Posted 08 January 2011 - 05:41 AM

I'm so sorry, I must have missed your reply. My apologies!

Looks like you may have some bad blocks on your harddisk.

Please click start > run, type chkdsk /r and press enter. Type Y and press enter to schedule the disk check for next reboot. Restart your computer and allow the diskcheck to run unhindered. Note - this may take some time.

Once done, let me know how everything is running.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 08 January 2011 - 07:26 PM

Hi, I checked my disk and chkdsk didn't find anything wrong (two or three files damaged, but nothing related to system). They are maybe related to the brutal shutdown of the PC using power button after DDS/Combofix use.
I tried to run DDS and ComboFix again (freshly donwloaded) as per your instructions but they are still freezing.
Just to let you know, DDS freezes after a series of colons, after about 1 minute of running, I think just a moment before the log appear.
Thank you and regards.

Luca

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:43 PM

Posted 09 January 2011 - 04:43 AM

Hi Luca, how are things running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 09 January 2011 - 06:09 AM

The problem is: I received this PC from a friend and it was FULL of malware/porn/toolbars/etc
It runs smoothly but to be honest it was running smoothly even before the manual cleaning I have done.
Now I'd like to check if there's something more to remove but I can't use DDS and I am a little worried about it...

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:43 PM

Posted 09 January 2011 - 06:12 AM

The fact that DDS doesn't run, doesn't automatically mean something is wrong. OTL shows basically the same information as DDS and looks good.

Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 09 January 2011 - 08:04 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5487

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/01/2011 13:58:35
mbam-log-2011-01-09 (13-58-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 186775
Time elapsed: 25 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,633 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:43 PM

Posted 09 January 2011 - 08:05 AM

This looks all good.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 lucaspeed

lucaspeed
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 09 January 2011 - 01:25 PM

Hi Elise, as you predicted, no threats found.
Thank you for your invaluable support.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users