Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LAN Connection not working after COmbofix


  • This topic is locked This topic is locked
11 replies to this topic

#1 Netheroc

Netheroc

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 03 February 2013 - 09:52 AM

I've ran combofix to erase (don't know if it's the correct word) a zero access rootkit, but after the restart i can't reach my other PC (running with win8) from this (running win7) which i could previously. The can only see by a program called SoftPerfect, but not by windows explorer. I've still got the combofix log, if it's needed.

My DDS scan result:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_30
Run by Alessandro at 15:39:11 on 2013-02-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.16362.13421 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Virtual Router\VirtualRouterClient.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Alessandro\AppData\Local\Apps\2.0\2LK3W3YD.JJR\MYECM7DM.YOD\curs..tion_9e9e83ddf3ed3ead_0005.0001_f88ee66177b243ac\CurseClient.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.it/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
StartupFolder: C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIRTUA~1.LNK - C:\Windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{73C8CBE9-6901-4921-8487-ADE235F78E3D}\34C414554494F40534D20343430303 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{83923065-B6F7-4ABA-B546-C80C1D481652} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\3z1wub5k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=04563A85-C5C0-4E93-8541-820060D97E68
FF - prefs.js: browser.search.selectedEngine - SearchTheWeb
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-26 12:58; {C9B68337-E93A-44EA-94DC-CB300EC06444}; C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\3z1wub5k.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF - ExtSQL: 2013-01-26 12:59; webbooster@iminent.com; C:\Program Files (x86)\Iminent\webbooster@iminent.com
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-10-1 302120]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2011-12-28 27760]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-13 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 AntiVirSchedulerService;Avira Pianificatore;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-28 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-28 110032]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-12-28 98848]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes\mbamscheduler.exe [2013-2-2 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes\mbamservice.exe [2013-2-2 682344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 Virtual Router;VirtualRouterService;C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-2 24176]
R3 PCTVStargate;PCTV Systems Stargate Device;C:\Windows\System32\drivers\Stargate64.sys [2009-10-20 157312]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-1 344680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;H:\Program Files\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-12-21 36328]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-5-23 99384]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-7-18 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-7-18 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-3 19456]
S3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2011-7-13 13168]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2011-7-13 16368]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2011-7-13 24944]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-12-21 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-12-21 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-12-21 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-12-21 146920]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-5-23 203320]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2012-5-23 203320]
S3 StorSvc;Servizio di archiviazione;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-3 30208]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-17 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-02 19:06:54 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-02 18:56:40 98816 ----a-w- C:\Windows\sed.exe
2013-02-02 18:56:40 256000 ----a-w- C:\Windows\PEV.exe
2013-02-02 18:56:40 208896 ----a-w- C:\Windows\MBR.exe
2013-02-02 16:50:24 -------- d-----w- C:\Users\Alessandro\AppData\Roaming\Malwarebytes
2013-02-02 16:50:15 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-02 16:50:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-02-02 16:50:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes
2013-02-02 16:49:51 -------- d-----w- C:\Users\Alessandro\AppData\Local\Programs
2013-01-28 23:35:25 -------- d-----w- C:\Program Files (x86)\WoW Cata
2013-01-27 17:29:31 -------- d-----r- C:\ESD
2013-01-27 11:53:51 -------- d-----w- C:\Program Files (x86)\COD4
2013-01-27 10:42:10 -------- d-----w- C:\Users\Alessandro\AppData\Local\PunkBuster
2013-01-25 17:43:09 -------- d-----w- C:\Users\Alessandro\.android
2013-01-24 22:32:12 50176 ----a-w- C:\Windows\System32\WDTVSTREAMER.dll
2013-01-21 22:16:34 -------- d-----w- C:\Users\Alessandro\AppData\Local\NokiaAccount
2013-01-21 22:16:24 -------- d-----w- C:\Users\Alessandro\AppData\Local\Nokia
2013-01-21 22:12:09 -------- d-----w- C:\Program Files (x86)\Common Files\Nokia
2013-01-21 22:11:39 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution
2013-01-10 12:55:59 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-10 12:54:52 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-10 12:54:51 3149824 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2013-01-27 12:15:39 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-01-09 19:14:29 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 19:14:29 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 14:33:30 57856 ----a-w- C:\Windows\System32\nmwcdclsx64.dll
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 15:39:37,25 ===============

Thanks for help.

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 05 February 2013 - 08:26 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Netheroc

Netheroc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 06 February 2013 - 09:01 AM

Ok, I've subscribed to this topic, and I'm there :)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 06 February 2013 - 08:33 PM

One thing before we start...

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please post the Combofix log first of all
Posted Image
m0le is a proud member of UNITE

#5 Netheroc

Netheroc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 07 February 2013 - 04:34 PM

ComboFix 13-02-02.05 - Alessandro 02/02/2013  19:58:42.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.16362.13594 [GMT 1:00]
Eseguito da: c:\users\Alessandro\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alessandro\AppData\Local\._Revolution_
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-01-02 al 2013-02-02  )))))))))))))))))))))))))))))))))))
.
.
2013-02-02 19:03 . 2013-02-02 19:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-02 19:03 . 2013-02-02 19:03 -------- d-----w- c:\users\MariaGrazia\AppData\Local\temp
2013-02-02 19:03 . 2013-02-02 19:03 -------- d-----w- c:\users\Isabella.customer-PC\AppData\Local\temp
2013-02-02 19:03 . 2013-02-02 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-02 19:03 . 2013-02-02 19:03 -------- d-----w- c:\users\Claudio\AppData\Local\temp
2013-02-02 16:50 . 2013-02-02 16:50 -------- d-----w- c:\users\Alessandro\AppData\Roaming\Malwarebytes
2013-02-02 16:50 . 2013-02-02 16:50 -------- d-----w- c:\programdata\Malwarebytes
2013-02-02 16:50 . 2013-02-02 16:50 -------- d-----w- c:\program files (x86)\Malwarebytes
2013-02-02 16:50 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-02 16:49 . 2013-02-02 16:49 -------- d-----w- c:\users\Alessandro\AppData\Local\Programs
2013-01-28 23:35 . 2013-01-29 13:52 -------- d-----w- c:\program files (x86)\WoW Cata
2013-01-27 17:29 . 2013-01-31 18:30 -------- d-----r- C:\ESD
2013-01-27 11:53 . 2013-01-27 12:28 -------- d-----w- c:\program files (x86)\COD4
2013-01-27 10:42 . 2013-01-27 10:42 -------- d-----w- c:\users\Alessandro\AppData\Local\PunkBuster
2013-01-26 09:45 . 2013-01-26 09:45 -------- d-----w- c:\users\Claudio\AppData\Roaming\HPAppData
2013-01-25 17:43 . 2013-01-25 17:48 -------- d-----w- c:\users\Alessandro\.android
2013-01-24 22:32 . 2013-01-24 22:32 50176 ----a-w- c:\windows\system32\WDTVSTREAMER.dll
2013-01-21 22:16 . 2013-01-21 22:16 -------- d-----w- c:\users\Alessandro\AppData\Local\Nokia
2013-01-21 22:12 . 2013-01-21 22:12 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2013-01-21 22:11 . 2013-01-21 22:11 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2013-01-10 12:55 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 12:54 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-10 12:54 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-27 12:15 . 2011-09-09 17:36 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-01-27 12:15 . 2011-09-09 17:36 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-10 12:58 . 2011-08-31 14:13 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 19:14 . 2012-03-29 14:04 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 19:14 . 2011-09-02 09:57 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-24 12:03 . 2011-09-05 19:04 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-12-16 17:11 . 2012-12-21 13:54 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 13:54 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:54 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-10 12:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 13:55 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 13:55 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 13:55 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 13:55 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 13:55 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 13:55 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 13:55 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 13:55 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 13:55 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 13:55 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 13:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 13:55 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 13:55 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 13:55 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 13:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 13:55 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 13:55 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 13:55 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 13:55 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 13:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 13:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 13:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 14:33 . 2011-08-17 07:59 57856 ----a-w- c:\windows\system32\nmwcdclsx64.dll
2012-11-09 05:45 . 2012-12-12 13:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 13:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-8-29 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [2012-2-5 22486]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;h:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 36328]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2011-07-13 13168]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2011-07-13 16368]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2011-07-13 24944]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-10-27 146920]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2012-02-24 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-10-01 302120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-16 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-13 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-13 86224]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes\mbamservice.exe [2012-12-14 682344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 PCTVStargate;PCTV Systems Stargate Device;c:\windows\system32\DRIVERS\Stargate64.sys [2011-09-02 157312]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-30 20:30 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:14]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 09:43]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-07 09:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\3z1wub5k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=04563A85-C5C0-4E93-8541-820060D97E68
FF - prefs.js: browser.search.selectedEngine - SearchTheWeb
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-26 12:58; {C9B68337-E93A-44EA-94DC-CB300EC06444}; c:\users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\3z1wub5k.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF - ExtSQL: 2013-01-26 12:59; webbooster@iminent.com; c:\program files (x86)\Iminent\webbooster@iminent.com
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes\mbamgui.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Ora fine scansione: 2013-02-02  20:10:50 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2013-02-02 19:10
.
Pre-Run: 232.458.162.176 byte disponibili
Post-Run: 239.913.095.168 byte disponibili
.
- - End Of File - - B7B090E4A681C8F4A3D51B6615FE4D6A
 

Here it is :)



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 07 February 2013 - 09:04 PM

The Combofix log shows that it wasn't it that caused the connection issue.

 

Please run FSS

 

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Posted Image
m0le is a proud member of UNITE

#7 Netheroc

Netheroc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 08 February 2013 - 06:39 AM

Farbar Service Scanner Version: 30-01-2013
Ran by Alessandro (administrator) on 08-02-2013 at 12:31:51
Running from "C:\Users\Alessandro\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 09 February 2013 - 06:16 PM

I'd like to see another log

 

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt

 

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.

 

 


Posted Image
m0le is a proud member of UNITE

#9 Netheroc

Netheroc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 10 February 2013 - 07:01 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013
Ran by SYSTEM at 10-02-2013 12:48:22
Running from E:\
Windows 7 Professional  Service Pack 1 (X64) OS Language: Italian Standard
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\Alessandro\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\Alessandro\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Alessandro\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia)
HKU\Claudio\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\Claudio\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Claudio\...\Run: []  [x]
HKU\Claudio\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia)
HKU\Isabella.customer-PC\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\MariaGrazia\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Virtual Router Manager.lnk
ShortcutTarget: Virtual Router Manager.lnk -> C:\Windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe ()

==================== Services (Whitelisted) ===================

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-08-13] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-08-13] (Avira Operations GmbH & Co. KG)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-01-27] ()
2 Virtual Router; "C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe" [12288 2009-11-18] (Chris Pietschmann (http://pietschsoft.com))
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [x]

==================== Drivers (Whitelisted) =====================

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-08-13] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-08-13] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-12-16] (Avira GmbH)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-02-13] (DT Soft Ltd)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 MSIRCOMM; C:\Windows\System32\Drivers\MSIRCOMM.sys [30208 2009-07-14] (Microsoft Corporation)
3 PCTVStargate; C:\Windows\System32\DRIVERS\Stargate64.sys [157312 2011-09-02] (Hauppauge Computer Works! )
3 Ph3xIB64; C:\Windows\System32\Drivers\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()
3 SMARTMouseFilterx64; C:\Windows\System32\Drivers\SMARTMouseFilterx64.sys [13168 2011-07-13] (SMART Technologies ULC)
3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\Drivers\SMARTVHidMiniVistaAmd64.sys [16368 2011-07-13] (SMART Technologies ULC)
3 SMARTVTabletPCx64; C:\Windows\System32\Drivers\SMARTVTabletPCx64.sys [24944 2011-07-13] (SMART Technologies ULC)
3 ssudserd; C:\Windows\System32\Drivers\ssudserd.sys [203320 2012-02-24] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 STIrUsb; C:\Windows\System32\DRIVERS\irstusb.sys [33792 2008-01-19] (SigmaTel, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-10 12:48 - 2013-02-10 12:48 - 00000000 ____D C:\FRST
2013-02-09 20:46 - 2013-02-09 20:46 - 00000000 ____D C:\Users\Isabella.customer-PC\AppData\Roaming\Avira
2013-02-09 20:37 - 2013-02-09 20:37 - 00000000 ____D C:\Users\Isabella.customer-PC\AppData\Roaming\PC Suite
2013-02-09 20:37 - 2013-02-09 20:37 - 00000000 ____D C:\Users\Isabella.customer-PC\AppData\Local\Google
2013-02-09 19:12 - 2013-02-09 19:12 - 00300881 ____A C:\Users\Alessandro\Downloads\9788839533975_manzo_morte_ermen.zip
2013-02-09 19:12 - 2013-02-09 19:12 - 00300068 ____A C:\Users\Alessandro\Downloads\9788839533975_manzo_5mag.zip
2013-02-09 12:50 - 2013-02-10 12:21 - 00000000 ____D C:\Users\Alessandro\Downloads\network-activity-indicator
2013-02-09 12:49 - 2013-02-09 12:49 - 00150380 ____A C:\Users\Alessandro\Downloads\network-activity-indicator.zip
2013-02-09 12:41 - 2013-02-09 12:41 - 00000736 ____A C:\Users\Alessandro\Downloads\NetworkIndicator-it-it.zip
2013-02-07 18:21 - 2013-02-07 18:21 - 00000000 ____D C:\Users\MariaGrazia\AppData\Local\Google
2013-02-02 20:13 - 2013-02-02 20:13 - 00003846 ____A C:\Users\Alessandro\Downloads\defender.reg
2013-02-02 20:10 - 2013-02-02 20:10 - 00023494 ____A C:\ComboFix.txt
2013-02-02 19:56 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-02-02 19:56 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-02-02 19:56 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-02-02 19:56 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-02-02 19:56 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-02-02 19:56 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-02-02 19:56 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-02-02 19:56 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-02-02 19:54 - 2013-02-02 20:10 - 00000000 ____D C:\Qoobox
2013-02-02 19:54 - 2013-02-02 20:09 - 00000000 ____D C:\Windows\erdnt
2013-02-02 19:53 - 2013-02-02 19:53 - 05029149 ____R (Swearware) C:\Users\Alessandro\Desktop\ComboFix.exe
2013-02-02 19:24 - 2013-02-02 19:24 - 00176940 ____A C:\Users\Alessandro\Downloads\BFE.reg
2013-02-02 19:24 - 2013-02-02 19:24 - 00006396 ____A C:\Users\Alessandro\Downloads\MpsSvc.reg
2013-02-02 17:50 - 2013-02-02 17:50 - 00001054 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-02 17:50 - 2013-02-02 17:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-02 17:50 - 2013-02-02 17:50 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\Malwarebytes
2013-02-02 17:50 - 2013-02-02 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes
2013-02-02 17:50 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-29 00:45 - 2013-01-29 00:45 - 00001438 ____A C:\Users\Alessandro\Desktop\WoW Cata PVT.lnk
2013-01-29 00:35 - 2013-02-10 12:21 - 00000000 ____D C:\Program Files (x86)\WoW Cata
2013-01-28 15:30 - 2013-01-28 15:30 - 00055016 ____A C:\Users\Alessandro\Documents\ts3_clientui-win64-1351504843-2013-01-28 15_30_31.943406.dmp
2013-01-27 18:29 - 2013-01-31 19:30 - 00000000 ___RD C:\ESD
2013-01-27 12:53 - 2013-01-27 13:28 - 00000000 ____D C:\Program Files (x86)\COD4
2013-01-27 11:42 - 2013-01-27 11:42 - 00000000 ____D C:\Users\Alessandro\AppData\Local\PunkBuster
2013-01-27 10:12 - 2013-01-27 10:12 - 00002298 ____A C:\Users\MariaGrazia\Desktop\Google Chrome.lnk
2013-01-26 12:58 - 2013-01-26 13:25 - 00000906 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-01-25 18:43 - 2013-01-25 18:48 - 00000000 ____D C:\Users\Alessandro\.android
2013-01-24 23:32 - 2013-01-24 23:32 - 00050176 ____A C:\Windows\System32\WDTVSTREAMER.dll
2013-01-21 23:16 - 2013-01-21 23:16 - 00000000 ____D C:\Users\Alessandro\AppData\Local\NokiaAccount
2013-01-21 23:16 - 2013-01-21 23:16 - 00000000 ____D C:\Users\Alessandro\AppData\Local\Nokia
2013-01-21 23:11 - 2013-01-21 23:11 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-01-21 23:09 - 2013-01-21 23:10 - 05442160 ____A (Microsoft Corporation) C:\Users\Claudio\Downloads\Windows8-UpgradeAssistant.exe
2013-01-20 02:43 - 2013-01-20 02:43 - 00431763 ____A C:\Users\Alessandro\Downloads\com.androidemu.gba_6.zip

==================== One Month Modified Files and Folders =======

2013-02-10 12:48 - 2013-02-10 12:48 - 00000000 ____D C:\FRST
2013-02-10 12:35 - 2011-08-31 15:12 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-02-10 12:35 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-10 12:35 - 2009-07-14 05:51 - 00128079 ____A C:\Windows\setupact.log
2013-02-10 12:34 - 2011-08-31 07:45 - 01550409 ____A C:\Windows\WindowsUpdate.log
2013-02-10 12:31 - 2009-07-14 05:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-10 12:31 - 2009-07-14 05:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-10 12:30 - 2011-04-12 11:49 - 00706122 ____A C:\Windows\System32\perfh010.dat
2013-02-10 12:30 - 2011-04-12 11:49 - 00131046 ____A C:\Windows\System32\perfc010.dat
2013-02-10 12:30 - 2009-07-14 06:13 - 01563824 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-10 12:29 - 2011-09-07 10:44 - 00001152 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-10 12:25 - 2012-08-29 19:35 - 00000000 ____D C:\Users\Alessandro\AppData\Local\Deployment
2013-02-10 12:24 - 2011-09-07 10:44 - 00001148 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-10 12:24 - 2011-09-03 17:40 - 00000000 ____D C:\users\Alessandro
2013-02-10 12:21 - 2013-02-09 12:50 - 00000000 ____D C:\Users\Alessandro\Downloads\network-activity-indicator
2013-02-10 12:21 - 2013-01-29 00:35 - 00000000 ____D C:\Program Files (x86)\WoW Cata
2013-02-10 12:21 - 2012-09-16 15:14 - 00000000 ____D C:\users\Isabella.customer-PC
2013-02-10 12:21 - 2012-02-12 17:04 - 00000000 ____D C:\users\Claudio
2013-02-10 12:21 - 2011-11-13 15:35 - 00000000 ____D C:\Windows\System32\Macromed
2013-02-10 12:21 - 2011-11-06 15:52 - 00000000 ____D C:\users\MariaGrazia
2013-02-10 12:21 - 2011-10-28 14:02 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\vlc
2013-02-10 12:21 - 2011-09-03 19:02 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\Skype
2013-02-10 12:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-02-10 12:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-02-10 12:20 - 2011-10-24 20:10 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-02-10 12:20 - 2011-10-02 10:35 - 00000000 ____D C:\Users\All Users\Skype
2013-02-09 20:46 - 2013-02-09 20:46 - 00000000 ____D C:\Users\Isabella.customer-PC\AppData\Roaming\Avira
2013-02-09 20:37 - 2013-02-09 20:37 - 00000000 ____D C:\Users\Isabella.customer-PC\AppData\Roaming\PC Suite
2013-02-09 20:37 - 2013-02-09 20:37 - 00000000 ____D C:\Users\Isabella.customer-PC\AppData\Local\Google
2013-02-09 20:37 - 2012-09-16 15:14 - 00124944 ____A C:\Users\Isabella.customer-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-09 19:12 - 2013-02-09 19:12 - 00300881 ____A C:\Users\Alessandro\Downloads\9788839533975_manzo_morte_ermen.zip
2013-02-09 19:12 - 2013-02-09 19:12 - 00300068 ____A C:\Users\Alessandro\Downloads\9788839533975_manzo_5mag.zip
2013-02-09 12:49 - 2013-02-09 12:49 - 00150380 ____A C:\Users\Alessandro\Downloads\network-activity-indicator.zip
2013-02-09 12:41 - 2013-02-09 12:41 - 00000736 ____A C:\Users\Alessandro\Downloads\NetworkIndicator-it-it.zip
2013-02-07 18:21 - 2013-02-07 18:21 - 00000000 ____D C:\Users\MariaGrazia\AppData\Local\Google
2013-02-03 12:14 - 2012-03-29 15:04 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-02 20:13 - 2013-02-02 20:13 - 00003846 ____A C:\Users\Alessandro\Downloads\defender.reg
2013-02-02 20:12 - 2012-01-31 20:44 - 00000000 ____D C:\Users\Alessandro\AppData\Local\Apps\2.0
2013-02-02 20:10 - 2013-02-02 20:10 - 00023494 ____A C:\ComboFix.txt
2013-02-02 20:10 - 2013-02-02 19:54 - 00000000 ____D C:\Qoobox
2013-02-02 20:10 - 2012-06-23 10:15 - 00000000 ____D C:\users\Isabella
2013-02-02 20:10 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default
2013-02-02 20:09 - 2013-02-02 19:54 - 00000000 ____D C:\Windows\erdnt
2013-02-02 20:06 - 2010-11-21 04:47 - 00219764 ____A C:\Windows\PFRO.log
2013-02-02 20:06 - 2009-07-14 06:08 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-02 20:06 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2013-02-02 19:53 - 2013-02-02 19:53 - 05029149 ____R (Swearware) C:\Users\Alessandro\Desktop\ComboFix.exe
2013-02-02 19:24 - 2013-02-02 19:24 - 00176940 ____A C:\Users\Alessandro\Downloads\BFE.reg
2013-02-02 19:24 - 2013-02-02 19:24 - 00006396 ____A C:\Users\Alessandro\Downloads\MpsSvc.reg
2013-02-02 17:50 - 2013-02-02 17:50 - 00001054 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-02-02 17:50 - 2013-02-02 17:50 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-02-02 17:50 - 2013-02-02 17:50 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\Malwarebytes
2013-02-02 17:50 - 2013-02-02 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes
2013-01-31 19:30 - 2013-01-27 18:29 - 00000000 ___RD C:\ESD
2013-01-30 20:09 - 2011-10-15 15:22 - 00000000 ____D C:\Program Files (x86)\KeePass
2013-01-29 00:50 - 2012-03-31 17:30 - 00000000 ____D C:\Users\Alessandro\AppData\Roaming\uTorrent
2013-01-29 00:45 - 2013-01-29 00:45 - 00001438 ____A C:\Users\Alessandro\Desktop\WoW Cata PVT.lnk
2013-01-28 15:30 - 2013-01-28 15:30 - 00055016 ____A C:\Users\Alessandro\Documents\ts3_clientui-win64-1351504843-2013-01-28 15_30_31.943406.dmp
2013-01-28 15:14 - 2012-04-12 20:55 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2013-01-27 13:33 - 2011-09-01 15:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-01-27 13:28 - 2013-01-27 12:53 - 00000000 ____D C:\Program Files (x86)\COD4
2013-01-27 13:15 - 2011-09-09 18:36 - 00066872 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2013-01-27 12:57 - 2011-09-09 18:36 - 00000293 ____A C:\Windows\game.ini
2013-01-27 11:42 - 2013-01-27 11:42 - 00000000 ____D C:\Users\Alessandro\AppData\Local\PunkBuster
2013-01-27 10:12 - 2013-01-27 10:12 - 00002298 ____A C:\Users\MariaGrazia\Desktop\Google Chrome.lnk
2013-01-27 10:12 - 2011-12-08 20:02 - 00124944 ____A C:\Users\MariaGrazia\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-26 13:25 - 2013-01-26 12:58 - 00000906 ____A C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-01-25 20:42 - 2011-10-02 10:38 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-01-25 18:48 - 2013-01-25 18:43 - 00000000 ____D C:\Users\Alessandro\.android
2013-01-24 23:32 - 2013-01-24 23:32 - 00050176 ____A C:\Windows\System32\WDTVSTREAMER.dll
2013-01-21 23:16 - 2013-01-21 23:16 - 00000000 ____D C:\Users\Alessandro\AppData\Local\NokiaAccount
2013-01-21 23:16 - 2013-01-21 23:16 - 00000000 ____D C:\Users\Alessandro\AppData\Local\Nokia
2013-01-21 23:14 - 2011-09-07 07:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-01-21 23:12 - 2012-10-14 11:20 - 00000000 ____D C:\Program Files (x86)\Nokia
2013-01-21 23:11 - 2013-01-21 23:11 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-01-21 23:11 - 2012-02-25 16:55 - 00088676 ____A C:\Windows\DPINST.LOG
2013-01-21 23:10 - 2013-01-21 23:09 - 05442160 ____A (Microsoft Corporation) C:\Users\Claudio\Downloads\Windows8-UpgradeAssistant.exe
2013-01-20 02:43 - 2013-01-20 02:43 - 00431763 ____A C:\Users\Alessandro\Downloads\com.androidemu.gba_6.zip
2013-01-20 02:07 - 2012-12-04 14:14 - 00000000 ____D C:\Users\Alessandro\Documents\File di Outlook
2013-01-15 17:28 - 2012-12-23 11:04 - 00000000 ____D C:\Program Files\AutoHotkey
2013-01-15 17:28 - 2012-03-04 13:16 - 00000000 ____D C:\Windows\SHELLNEW
2013-01-15 13:28 - 2011-11-25 16:42 - 00002298 ____A C:\Users\Alessandro\Desktop\Google Chrome.lnk
2013-01-11 17:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-01-11 16:28 - 2009-07-14 05:45 - 00462280 ____A C:\Windows\System32\FNTCACHE.DAT

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-02-03 12:19:08
Restore point made on: 2013-02-10 11:20:46
Restore point made on: 2013-02-10 11:22:15
Restore point made on: 2013-02-10 12:19:44
Restore point made on: 2013-02-10 12:34:13

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16362.25 MB
Available physical RAM: 15161.32 MB
Total Pagefile: 16360.45 MB
Available Pagefile: 15155.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:390.53 GB) (Free:223.92 GB) NTFS
2 Drive d: (SATA 2 B) (Fixed) (Total:232.88 GB) (Free:195.18 GB) NTFS
3 Drive e: (Multimediale) (Fixed) (Total:931.51 GB) (Free:554.47 GB) NTFS
4 Drive f: (Volume) (Fixed) (Total:465.76 GB) (Free:220.75 GB) NTFS
5 Drive h: (Volume) (Fixed) (Total:540.88 GB) (Free:540.74 GB) NTFS
7 Drive j: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (Riservato per il sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  N. disco  Stato          Dimensioni     Disponibile    Din  GPT
  --------  -------------  -------------  -------------  ---  ---
  Disco 0    Online            931 Gbytes    1024 Kbytes        
  Disco 1    Online            232 Gbytes         0 byte        
  Disco 2    Online            931 Gbytes         0 byte        
  Disco 3    Online            465 Gbytes         0 byte        
  Disco 4    Online            979 Mbytes         0 byte        

Partitions of Disk 0:
===============

ID disco: 064E1EB1

  Partizione ###   Tipo              Dim.     Offset
  ---------------  ----------------  -------  -------
  Partizione 1    Primario           100 Mb  1024 Kb
  Partizione 2    Primario           390 Gb   101 Mb
  Partizione 3    Primario           540 Gb   390 Gb

==================================================================================

Disk: 0
Partizione 1
Tipo  : 07
Nascosta: No
Attiva: Si

  Volume ###  Let. Etichetta    Fs     Tipo        Dim.     Stato      Info
  ---------   ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   Riservato p  NTFS   Partizione   100 Mb  Integro           

=========================================================

Disk: 0
Partizione 2
Tipo  : 07
Nascosta: No
Attiva: No

  Volume ###  Let. Etichetta    Fs     Tipo        Dim.     Stato      Info
  ---------   ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partizione   390 Gb  Integro           

=========================================================

Disk: 0
Partizione 3
Tipo  : 07
Nascosta: No
Attiva: No

  Volume ###  Let. Etichetta    Fs     Tipo        Dim.     Stato      Info
  ---------   ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     H   Volume       NTFS   Partizione   540 Gb  Integro           

=========================================================

Partitions of Disk 1:
===============

ID disco: 030FE23E

  Partizione ###   Tipo              Dim.     Offset
  ---------------  ----------------  -------  -------
  Partizione 1    Primario           232 Gb  1024 Kb

==================================================================================

Disk: 1
Partizione 1
Tipo  : 07
Nascosta: No
Attiva: Si

  Volume ###  Let. Etichetta    Fs     Tipo        Dim.     Stato      Info
  ---------   ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     D   SATA 2 B     NTFS   Partizione   232 Gb  Integro           

=========================================================

Partitions of Disk 2:
===============

ID disco: 42F662FB

  Partizione ###   Tipo              Dim.     Offset
  ---------------  ----------------  -------  -------
  Partizione 1    Primario           931 Gb  1024 Kb

==================================================================================

Disk: 2
Partizione 1
Tipo  : 07
Nascosta: No
Attiva: No

  Volume ###  Let. Etichetta    Fs     Tipo        Dim.     Stato      Info
  ---------   ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     E   Multimedial  NTFS   Partizione   931 Gb  Integro           

=========================================================

Partitions of Disk 3:
===============

ID disco: 1AC8E3E1

  Partizione ###   Tipo              Dim.     Offset
  ---------------  ----------------  -------  -------
  Partizione 1    Primario           465 Gb  1024 Kb

==================================================================================

Disk: 3
Partizione 1
Tipo  : 07
Nascosta: No
Attiva: No

  Volume ###  Let. Etichetta    Fs     Tipo        Dim.     Stato      Info
  ---------   ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     F   Volume       NTFS   Partizione   465 Gb  Integro           

=========================================================

Partitions of Disk 4:
===============

ID disco: 00000000

  Partizione ###   Tipo              Dim.     Offset
  ---------------  ----------------  -------  -------
  Partizione 1    Primario           978 Mb    16 Kb

==================================================================================

Disk: 4
Partizione 1
Tipo  : 06
Nascosta: No
Attiva: Si

  Volume ###  Let. Etichetta    Fs     Tipo        Dim.     Stato      Info
  ---------   ---  -----------  -----  ----------  -------  ---------  --------
* Volume 7     J                FAT    Rimovibile   978 Mb  Integro           

=========================================================

Last Boot: 2013-02-07 17:45

==================== End Of Log =============================

 

Here it is. I really thank you for the time you're spending to try to resolve my issue. :)



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 10 February 2013 - 07:57 PM

it looks like we have just a connection to fix and nothing else.

We'll start with Windows Repair

Download Windows Repair (all in one) from here

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.


Let me know how that goes
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 26 February 2013 - 09:01 PM

Any progress there, Netheroc?
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 07 March 2013 - 08:30 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users