Jump to content

TR/RootkitGen


Recommended Posts

I believe I have successfully removed a virus with with malwarebytes, however, I am now unable to connect to the internet. I am almost certain that it is malwarebytes that has caused this. When I try to connect to the internet, it just stays on acquiring network address. I have read dozens of similar posts about this problem but have yet to find a solution.

Things I have tried to fix this

-reinstalling driver

-making sure internet protocol tcp/ip properties are on automatic

-making sure lan setting are on automatic

-running several different functions from the command prompt

-ran windows recovery console

-ran Winsockxpfix

What could be the problem? Hopefully I correctly followed the directions here, http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

I believe I have successfully removed a virus with malwarebytes, and ComboFix, however, I am now unable to connect to the internet.

I'm on Windows seven.

Can somebody help me please.

I'm Italian and my English in not too good.

Link to post
Share on other sites

Sorry........

Here:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:45:38, on 30/05/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bluetooth Suite\BtvStack.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Users\Admin\Desktop\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll

O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll

O4 - HKLM\..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6F7C885-2145-40ED-8E75-B23ACC0AA978}: NameServer = 192.168.1.1,208.67.222.222

O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Servizio profili utente ProfSvcehRecvr (ProfSvcehRecvr) - Unknown owner - C:\Windows\system32\accessibilitycplh.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - Unknown owner - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (file missing)

--

End of file - 2771 bytes

And here:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-29 22:51:30

Windows 6.1.7600

Running: gmer.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwldypow.sys

---- System - GMER 1.0.15 ----

SSDT 805B7A64 ZwCreateThread

SSDT 805B7A50 ZwOpenProcess

SSDT 805B7A55 ZwOpenThread

SSDT 805B7A5F ZwTerminateProcess

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28AF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C283F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10634

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C281DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C286F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28F2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C291A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C88579 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82CB484C 4 Bytes [64, 7A, 5B, 80]

.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82CB49E8 4 Bytes [50, 7A, 5B, 80]

.text ntkrnlpa.exe!RtlSidHashLookup + 508 82CB4A08 4 Bytes [55, 7A, 5B, 80]

.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82CB4CB8 4 Bytes [5F, 7A, 5B, 80]

? System32\Drivers\neibvnc.sys Un dispositivo collegato al sistema non

Link to post
Share on other sites

I would caution you that you should not have run Combofix on your own !

That tool requires the guidance of trained experts.

Further, we must see some required log reports. If you cannot download with this system, use another system to do downloads and then save the tools and burn to CD/DVD or copy onto clean USB flash drive; and then copy to the DESKTOP of this system, and then run.

Set Folder options to show all hidden files and folders:

  • Click the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg, click Control Panel, click Appearance and Personalization, and then click Folder Options.
  • Click the View tab.
  • Under Advanced settings, click Show hidden files, folders, and drives, and then click OK.

Download DDS and save it to your desktop from

http://www.techsupportforum.com/sectools/sUBs/dds here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then RIGHT-click dds.scr and select Run As Administrator to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

I'd like for you to Copy and Paste the log at C:\Combofix.txt

into your next reply here.

Please include the following logs in your next reply:

DDS.txt

Attach.txt

C:\Combofix.txt

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply by using NOTEPAD to open each

and then use Copy & Paste into the body of reply box.

Link to post
Share on other sites

The ComboFix log i just delete it.

Here are the other two.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Admin at 16:08:19,88 on 30/05/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3071.2179 [GMT 2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bluetooth Suite\BtvStack.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Admin\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.it/

uURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll

mURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll

TB: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll

mRun: [AtherosBtStack] c:\program files\bluetooth suite\BtvStack.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Scarica con Mipony - file://c:\program files\mipony\browser\IEContext.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {E6F7C885-2145-40ED-8E75-B23ACC0AA978} = 192.168.1.1,208.67.222.222

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4q1nzuwu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it

FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4q1nzuwu.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll

FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\4q1nzuwu.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\drivers\nvamacpi.sys [2010-3-26 24608]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-7-6 11448]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-2 11608]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/27 13:43:08];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]

R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-2 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-2 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-2 56816]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2009-8-20 33280]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2009-9-3 265728]

R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2009-8-11 18944]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2009-8-11 205312]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2009-8-11 100480]

R3 BTATH_SCO;Atheros Bluetooth Audio Device (WDM);c:\windows\system32\drivers\btath_sco.sys [2009-9-11 32256]

R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2009-8-20 48640]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-4-24 66592]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-26 167936]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-3-26 1077760]

S2 ProfSvcehRecvr;Servizio profili utente ProfSvcehRecvr;c:\windows\system32\accessibilitycplh.exe srv --> c:\windows\system32\accessibilitycplh.exe srv [?]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvscpapisvr.exe --> c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [?]

S3 AthDfu;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2009-6-1 20480]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S4 CMG;CMG;c:\users\admin\appdata\local\temp\CMG.exe [2010-5-29 531328]

S4 SO;SO;c:\users\admin\appdata\local\temp\SO.exe [2010-5-29 461696]

S4 VWGZKUOJM;VWGZKUOJM;c:\users\admin\appdata\local\temp\VWGZKUOJM.exe [2010-5-29 576384]

S4 WERTWG;WERTWG;c:\users\admin\appdata\local\temp\WERTWG.exe [2010-5-29 539520]

=============== Created Last 30 ================

2010-05-29 21:05:18 0 d-----w- c:\program files\Unlocker

2010-05-29 20:15:46 30609408 ----a-w- c:\windows\system32\Q

2010-05-29 10:29:27 0 d-----w- c:\program files\CCleaner

2010-05-27 15:26:48 32 --s-a-w- c:\windows\system32\2164475518.dat

2010-05-27 15:05:54 0 d-sh--w- C:\$RECYCLE.BIN

2010-05-24 18:20:29 823808 ----a-w- c:\windows\system32\drivers\neibvnc.sys

2010-05-19 17:34:08 65536 ------w- c:\windows\system32\Ikeext.etl

2010-05-19 16:55:13 0 d-----w- c:\program files\UltraVPN

2010-05-16 08:47:13 12 ----a-w- c:\users\admin\intlname.ols

2010-05-16 07:59:26 0 d-----w- c:\programdata\Nero

2010-05-16 07:45:14 0 d-----w- c:\program files\Nero

2010-05-14 20:25:25 0 d-----w- c:\program files\Ashkon Software

2010-05-12 18:06:53 0 d-----w- c:\users\admin\appdata\roaming\widestream

2010-05-12 18:06:40 0 d-----w- c:\program files\Widestream6

2010-05-12 18:06:40 0 d-----w- c:\program files\OfferBoxSearch

2010-05-12 18:06:24 0 d-----w- c:\users\admin\appdata\roaming\OfferBox

2010-05-12 18:06:23 0 d-----w- c:\program files\OfferBox

==================== Find3M ====================

2010-05-30 13:11:17 692090 ----a-w- c:\windows\system32\perfh010.dat

2010-05-30 13:11:17 125396 ----a-w- c:\windows\system32\perfc010.dat

2010-04-03 16:27:00 985704 ----a-w- c:\windows\system32\nvsvc.dll

2010-04-03 16:27:00 1515624 ----a-w- c:\windows\system32\nvsvcr.dll

2010-04-03 16:27:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll

2010-04-03 16:27:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe

2010-04-03 16:27:00 110696 ----a-w- c:\windows\system32\nvmctray.dll

2010-04-02 14:54:38 600680 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-03-27 16:49:27 659667 ----a-w- c:\windows\AT3N7A-I-ASUS-0216.zip

2010-03-27 16:29:12 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-27 12:39:43 29480 ----a-w- c:\windows\system32\msxml3a.dll

2010-03-27 12:39:42 505128 ----a-w- c:\windows\system32\msvcp71.dll

2010-03-27 12:39:42 353576 ----a-w- c:\windows\system32\msvcr71.dll

2010-03-14 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-07-14 08:21:00 37534 ----a-w- c:\windows\inf\perflib\0410\perfd.dat

2009-07-14 08:21:00 37534 ----a-w- c:\windows\inf\perflib\0410\perfc.dat

2009-07-14 08:21:00 335478 ----a-w- c:\windows\inf\perflib\0410\perfi.dat

2009-07-14 08:21:00 335478 ----a-w- c:\windows\inf\perflib\0410\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:09:01,43 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 26/03/2010 16:13:15

System Uptime: 30/05/2010 15:06:46 (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | AT3N7A-I

Processor: Intel® Atom CPU 330 @ 1.60GHz | Socket 437 | 1600/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 49 GiB total, 5,115 GiB free.

D: is FIXED (NTFS) - 1814 GiB total, 1205,263 GiB free.

E: is CDROM ()

F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 9.12 beta

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.2 - Italiano

DDS.txt

Attach.txt

Link to post
Share on other sites

Hi. I have removed uTorrent.

Here all the contents..........

OTL logfile created on: 30/05/2010 20:45:31 - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Admin\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48,73 Gb Total Space | 4,92 Gb Free Space | 10,10% Space Free | Partition Type: NTFS

Drive D: | 1814,19 Gb Total Space | 1205,26 Gb Free Space | 66,44% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 3,72 Gb Total Space | 1,35 Gb Free Space | 36,33% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MCE-PC

Current User Name: Admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/29 09:56:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

PRC - [2009/09/10 21:41:06 | 000,274,432 | ---- | M] () -- C:\Programmi\Bluetooth Suite\BtvStack.exe

PRC - [2009/07/21 13:34:38 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/07/14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Media Player\wmpnetwk.exe

PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

PRC - [2009/05/13 15:48:26 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe

PRC - [2009/03/02 12:08:52 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avgnt.exe

PRC - [2003/06/20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

========== Modules (SafeList) ==========

MOD - [2010/05/29 09:56:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

MOD - [2009/07/14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (WERTWG)

SRV - File not found [Disabled | Stopped] -- -- (VWGZKUOJM)

SRV - File not found [Auto | Stopped] -- -- (Stereo Service)

SRV - File not found [Disabled | Stopped] -- -- (SO)

SRV - File not found [Auto | Stopped] -- -- (ProfSvcehRecvr)

SRV - File not found [Disabled | Stopped] -- -- (CMG)

SRV - [2009/07/21 13:34:38 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/07/14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programmi\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009/05/13 15:48:26 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler)

========== Driver Services (SafeList) ==========

DRV - [2010/04/04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/03/26 17:43:11 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2009/11/25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/09/11 18:43:42 | 000,032,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_sco.sys -- (BTATH_SCO) Atheros Bluetooth Audio Device (WDM)

DRV - [2009/09/03 13:38:12 | 000,265,728 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV - [2009/08/21 22:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2009/08/20 18:35:02 | 000,033,280 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)

DRV - [2009/08/20 15:32:52 | 000,048,640 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)

DRV - [2009/08/17 21:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2009/08/11 10:50:50 | 000,018,944 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)

DRV - [2009/08/11 10:50:42 | 000,205,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV - [2009/08/11 10:50:38 | 000,100,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV - [2009/07/17 03:51:52 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NVAMACPI.sys -- (nvamacpi)

DRV - [2009/07/16 13:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/07/14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/07/14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009/07/14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009/07/14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/07/06 12:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)

DRV - [2009/06/29 02:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2009/06/01 16:35:14 | 000,020,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (AthDfu)

DRV - [2009/05/23 08:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)

DRV - [2009/05/11 09:12:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 09:33:11 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/28 20:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/27 13:43:08] [Kernel | Auto | Running] -- C:\Programmi\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})

DRV - [2009/02/13 11:35:09 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programmi\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/08/01 00:42:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV - [2007/12/17 19:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Programmi\mipony-plugin\tbmipo.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 69 AE 3F 94 D2 CA 01 [binary data]

IE - HKCU\..\URLSearchHook: {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Programmi\mipony-plugin\tbmipo.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.it"

FF - prefs.js..extensions.enabledItems: {90d46c30-9f25-4104-aea9-35c3f84477ff}:2.5.6.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/27 17:33:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 18:43:21 | 000,000,000 | ---D | M]

[2010/04/02 20:47:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

[2010/05/30 16:07:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\4q1nzuwu.default\extensions

[2010/05/14 20:10:21 | 000,000,000 | ---D | M] (mipony-plugin Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\4q1nzuwu.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}

[2010/05/30 16:07:20 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions

[2010/04/01 19:17:18 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml

[2010/04/01 19:17:18 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml

[2010/04/01 19:17:18 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml

[2010/04/01 19:17:18 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/05/27 17:03:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (mipony-plugin Toolbar) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Programmi\mipony-plugin\tbmipo.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (mipony-plugin Toolbar) - {90D46C30-9F25-4104-AEA9-35C3F84477FF} - C:\Programmi\mipony-plugin\tbmipo.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AtherosBtStack] C:\Programmi\Bluetooth Suite\BtvStack.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Scarica con Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()

O9 - Extra Button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/06/09 22:32:18 | 000,000,096 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/30 20:35:04 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2010/05/30 20:34:57 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\TFC.exe

[2010/05/30 15:37:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HijackThis.exe

[2010/05/29 23:05:18 | 000,000,000 | ---D | C] -- C:\Programmi\Unlocker

[2010/05/29 12:29:27 | 000,000,000 | ---D | C] -- C:\Programmi\CCleaner

[2010/05/27 17:05:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/05/27 17:05:50 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2010/05/25 21:55:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\MCE

[2010/05/25 20:22:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/05/25 07:10:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/05/24 20:11:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/05/19 18:55:13 | 000,000,000 | ---D | C] -- C:\Programmi\UltraVPN

[2010/05/16 09:59:28 | 000,000,000 | ---D | C] -- C:\Programmi\Common Files\Nero

[2010/05/16 09:59:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Nero

[2010/05/16 09:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero

[2010/05/16 09:45:14 | 000,000,000 | ---D | C] -- C:\Programmi\Nero

[2010/05/14 22:25:25 | 000,000,000 | ---D | C] -- C:\Programmi\Ashkon Software

[2010/05/12 20:06:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\widestream

[2010/05/12 20:06:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\WideStream

[2010/05/12 20:06:40 | 000,000,000 | ---D | C] -- C:\Programmi\Widestream6

[2010/05/12 20:06:40 | 000,000,000 | ---D | C] -- C:\Programmi\OfferBoxSearch

[2010/05/12 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OfferBox

[2010/05/12 20:06:23 | 000,000,000 | ---D | C] -- C:\Programmi\OfferBox

[2010/05/05 07:37:31 | 000,066,560 | ---- | C] (Rekenwonder Software) -- C:\Users\Admin\Desktop\revealer.exe

========== Files - Modified Within 30 Days ==========

[2010/05/30 20:48:24 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\neibvnc.sys

[2010/05/30 20:43:52 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010/05/30 20:43:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/05/30 20:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/05/30 20:43:43 | 2415,271,936 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/30 20:43:10 | 001,835,008 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT

[2010/05/30 20:43:07 | 002,737,553 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db

[2010/05/30 20:33:14 | 000,867,892 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe

[2010/05/30 20:22:36 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\TFC.exe

[2010/05/30 16:05:24 | 000,525,824 | ---- | M] () -- C:\Users\Admin\Desktop\dds.scr

[2010/05/30 15:37:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HijackThis.exe

[2010/05/30 15:14:19 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/05/30 15:14:19 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/05/30 15:11:17 | 001,524,466 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/05/30 15:11:17 | 000,692,090 | ---- | M] () -- C:\Windows\System32\perfh010.dat

[2010/05/30 15:11:17 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/05/30 15:11:17 | 000,125,396 | ---- | M] () -- C:\Windows\System32\perfc010.dat

[2010/05/30 15:11:17 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/05/29 23:04:22 | 001,035,478 | ---- | M] () -- C:\Users\Admin\Desktop\unlocker1.8.9.exe

[2010/05/29 22:17:56 | 030,609,408 | ---- | M] () -- C:\Windows\System32\Q

[2010/05/29 12:29:28 | 000,001,838 | ---- | M] () -- C:\Users\Admin\Desktop\CCleaner.lnk

[2010/05/29 09:56:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe

[2010/05/29 07:55:04 | 000,000,032 | --S- | M] () -- C:\Windows\System32\2164475518.dat

[2010/05/27 18:46:37 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2010/05/27 17:03:17 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/05/27 17:03:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/05/19 18:55:14 | 000,001,083 | ---- | M] () -- C:\Users\Admin\Desktop\UltraVPN.lnk

[2010/05/16 10:47:13 | 000,000,012 | ---- | M] () -- C:\Users\Admin\intlname.ols

[2010/05/14 22:25:26 | 000,001,096 | ---- | M] () -- C:\Users\Admin\Desktop\Easy File Joiner.lnk

[2010/05/14 20:09:50 | 000,000,944 | ---- | M] () -- C:\Users\Admin\Desktop\MiPony.lnk

[2010/05/12 20:06:40 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Widestream6.lnk

[2010/05/05 07:37:37 | 000,066,560 | ---- | M] (Rekenwonder Software) -- C:\Users\Admin\Desktop\revealer.exe

========== Files Created - No Company Name ==========

[2010/05/30 20:35:12 | 000,867,892 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe

[2010/05/30 16:06:54 | 000,525,824 | ---- | C] () -- C:\Users\Admin\Desktop\dds.scr

[2010/05/29 23:04:48 | 001,035,478 | ---- | C] () -- C:\Users\Admin\Desktop\unlocker1.8.9.exe

[2010/05/29 22:15:46 | 030,609,408 | ---- | C] () -- C:\Windows\System32\Q

[2010/05/29 12:29:28 | 000,001,838 | ---- | C] () -- C:\Users\Admin\Desktop\CCleaner.lnk

[2010/05/27 18:46:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/05/27 17:26:48 | 000,000,032 | --S- | C] () -- C:\Windows\System32\2164475518.dat

[2010/05/24 20:20:29 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\neibvnc.sys

[2010/05/19 19:34:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl

[2010/05/19 18:55:14 | 000,001,083 | ---- | C] () -- C:\Users\Admin\Desktop\UltraVPN.lnk

[2010/05/16 10:47:13 | 000,000,012 | ---- | C] () -- C:\Users\Admin\intlname.ols

[2010/05/14 22:25:26 | 000,001,096 | ---- | C] () -- C:\Users\Admin\Desktop\Easy File Joiner.lnk

[2010/05/14 22:22:31 | 000,350,720 | ---- | C] () -- C:\Users\Admin\Desktop\hjsplit.exe

[2010/05/14 20:09:50 | 000,000,944 | ---- | C] () -- C:\Users\Admin\Desktop\MiPony.lnk

[2010/05/12 20:06:40 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Widestream6.lnk

[2010/03/26 17:48:29 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/03/26 17:37:06 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll

[2010/03/26 17:37:06 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys

[2010/03/26 17:31:50 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2010/03/26 17:16:47 | 000,029,397 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2010/03/26 17:15:18 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2010/03/26 17:15:13 | 000,021,584 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010/03/26 12:01:31 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/03/26 12:01:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/03/26 12:01:29 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/03/26 12:01:28 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/03/26 12:01:26 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2010/03/26 12:01:25 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/07/16 13:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/14 01:19:28 | 000,048,585 | ---- | C] () -- C:\Windows\System32\activedsh.sys

[2009/07/06 12:48:02 | 000,011,448 | R--- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys

[2009/04/02 22:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

[2003/04/01 12:49:16 | 000,005,360 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/04/09 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite

[2010/05/25 19:28:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mipony

[2010/05/14 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OfferBox

[2010/04/23 19:11:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer

[2010/04/02 16:12:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\URSoft

[2010/05/30 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent

[2010/04/18 10:52:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VSO

[2010/05/12 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\widestream

[2010/05/29 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XBMC

[2010/05/25 10:56:29 | 000,032,498 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:1CE11B51

< End of report >

OTL Extras logfile created on: 30/05/2010 20:45:31 - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Admin\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48,73 Gb Total Space | 4,92 Gb Free Space | 10,10% Space Free | Partition Type: NTFS

Drive D: | 1814,19 Gb Total Space | 1205,26 Gb Free Space | 66,44% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 3,72 Gb Total Space | 1,35 Gb Free Space | 36,33% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MCE-PC

Current User Name: Admin

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{835525BE-63BD-4EC4-9425-00CEAD4849C2}" = Widestream6

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{AC76BA86-7AD7-1040-7B44-A92000000001}" = Adobe Reader 9.2 - Italiano

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"7-Zip" = 7-Zip 9.12 beta

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)

"Easy File Joiner_is1" = Easy File Joiner

"HaaliMkx" = Haali Media Splitter

"HijackThis" = HijackThis 2.0.2

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Manager Piattaforma

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MiPony" = MiPony 1.0.9

"mipony-plugin Toolbar" = mipony-plugin Toolbar

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Nero Lite 9.2.6.02.2" = Nero Lite 9.2.6.0 Build.2.2

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenVPN" = UltraVPN

"Tag&Rename_is1" = Tag&Rename 3.5.3

"Unlocker" = Unlocker 1.8.9

"WinRAR archiver" = WinRAR gestione archivi

"YU2010_is1" = Your Uninstaller! 2010

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 25/05/2010 02:58:26 | Computer Name = MCE-PC | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: mbam.exe, versione:

1.45.0.0, timestamp: 0x4bb10678 Nome del modulo che ha generato l'errore: KERNELBASE.dll,

versione: 6.1.7600.16385, timestamp: 0x4a5bdaae Codice eccezione: 0xe06d7363 Offset

errore 0x00009617 ID processo che ha generato l'errore: 0x788 Ora di avvio dell'applicazione

che ha generato l'errore: 0x01cafbd66225f3e0 Percorso dell'applicazione che ha generato

l'errore: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Percorso del modulo

che ha generato l'errore: C:\Windows\system32\KERNELBASE.dll ID segnalazione: ea572a80-67ca-11df-b276-fe728b94edda

Error - 25/05/2010 03:27:33 | Computer Name = MCE-PC | Source = SideBySide | ID = 16842785

Description = Generazione del contesto di attivazione non riuscita per "H:\TweakUIPowertoySetup_ia64.exe".

Impossibile

trovare l'assembly dipendente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0".

Utilizzare

sxstrace.exe per ottenere una diagnosi dettagliata.

Error - 25/05/2010 04:12:14 | Computer Name = MCE-PC | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: mbam.exe, versione:

1.45.0.0, timestamp: 0x4bb10678 Nome del modulo che ha generato l'errore: KERNELBASE.dll,

versione: 6.1.7600.16385, timestamp: 0x4a5bdaae Codice eccezione: 0xe06d7363 Offset

errore 0x00009617 ID processo che ha generato l'errore: 0x1c0 Ora di avvio dell'applicazione

che ha generato l'errore: 0x01cafbdfd25cc3b0 Percorso dell'applicazione che ha generato

l'errore: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Percorso del modulo

che ha generato l'errore: C:\Windows\system32\KERNELBASE.dll ID segnalazione: 399f2430-67d5-11df-a002-002683019b14

Error - 25/05/2010 04:56:23 | Computer Name = MCE-PC | Source = Application Error | ID = 1000

Description = Nome dell'applicazione che ha generato l'errore: svchost.exe_ProfSvc,

versione: 6.1.7600.16385, timestamp: 0x4a5bc100 Nome del modulo che ha generato

l'errore: ntdll.dll, versione: 6.1.7600.16385, timestamp: 0x4a5bdadb Codice eccezione:

0xc0000005 Offset errore 0x00028b05 ID processo che ha generato l'errore: 0x40c Ora

di avvio dell'applicazione che ha generato l'errore: 0x01cafbe4a5a268c0 Percorso

dell'applicazione che ha generato l'errore: C:\Windows\system32\svchost.exe Percorso

del modulo che ha generato l'errore: C:\Windows\SYSTEM32\ntdll.dll ID segnalazione:

648a1b2c-67db-11df-9f58-002683019b14

Error - 25/05/2010 15:55:39 | Computer Name = MCE-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1533

Description = Impossibile eliminare la directory di profilo C:\Users\MCE. L'errore

potrebbe essersi verificato perch

Link to post
Share on other sites

Please try this, then let me know about whether your browser connects to the Internet.

Start Internet Explorer.

On the Tools menu, click Internet Options.

On the Advanced tab, click Reset.

In the Reset Internet Explorer Settings dialog box, click Reset to confirm.

Link to post
Share on other sites

Since the last time, about from 20.00 to now, firefox connects for a few minutes than disconnects.

Now i've tried to reset the internet explorer settings and it can connect. But i'm not sure is for ever.

Something run in the background and stops the connection....

Link to post
Share on other sites

Hello mauri,

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to c:\windows\system32\drivers\neibvnc.sys, then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Next:

Use your browser to go here at VirSCAN.org website

Click the Browse button and then navigate to c:\windows\system32\drivers\neibvnc.sys, then click the Submit button.

Save the results, and post back here in a reply.

Link to post
Share on other sites

Let's see about moving the driver out of the way.

  • Please RIGHT-click OTL.exe otlDesktopIcon.png and choose Run As Administrator to start it.
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    c:\windows\system32\drivers\neibvnc.sys
    :Commands
    [purity]
    [emptytemp]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

RE-Enable your AntiVirus and AntiSpyware applications.

Step 3

Now, de-install Hijackthis version 2.0.2

Download and SAVE HijackThis

Save the HJT to your desktop or the folder of your choice, then navigate to that folder and RIGHT-click Hijackthis.exe and select Run As Administrator to start it.

Do a "Scan and Save log".

Reply with copy of the OTL MovedFiles log

and the ESET scan log

and the latest Hijackthis log

Link to post
Share on other sites

Ciao Maurice.

The ESET Online scan has no log. The scanner has found 0 threats.

Here the other two logs:

All processes killed

========== PROCESSES ==========

========== FILES ==========

File move failed. c:\windows\system32\drivers\neibvnc.sys scheduled to be moved on reboot.

========== COMMANDS ==========

[EMPTYTEMP]

User: Admin

->Temp folder emptied: 4902 bytes

->Temporary Internet Files folder emptied: 6850272 bytes

->Java cache emptied: 29624 bytes

->FireFox cache emptied: 67090488 bytes

->Flash cache emptied: 756 bytes

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: MCE

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1414015 bytes

RecycleBin emptied: 473770764 bytes

Total Files Cleaned = 524,00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 06022010_095443

Files\Folders moved on Reboot...

File\Folder c:\windows\system32\drivers\neibvnc.sys not found!

Registry entries deleted on Reboot...

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:29:56, on 02/06/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bluetooth Suite\BtvStack.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Admin\Desktop\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Program Files\mipony-plugin\tbmipo.dll

O4 - HKLM\..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6F7C885-2145-40ED-8E75-B23ACC0AA978}: NameServer = 88.149.128.12,208.67.222.222

O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Servizio profili utente ProfSvcehRecvr (ProfSvcehRecvr) - Unknown owner - C:\Windows\system32\accessibilitycplh.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - Unknown owner - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (file missing)

--

End of file - 2984 bytes

Link to post
Share on other sites

Hey Maurice, how have you learnt Italian in this few hours? LOL

Anyway, this mornin' i've tryied a tool named The Avenger.

You know what? He removed the driver neibvnc.sys in the drivers folder.

Still there the unremoveable contents in the registry, but for this I'll wait for your suggestions.

Link to post
Share on other sites

Ciao.

You should not be running Avenger on your own without guided help. Please don't run tools on your own.

and ask me before you do something on your own.

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor.

Do a Select ALL, Copy. Then paste contents into your next reply.

Re-Enable your antivirus program.

Reply with copy of C:\Avenger.txt

and the BitDefender report.

Link to post
Share on other sites

Ciao.

Here the logs

BitDefender QuickScan Beta 32-bit v0.9.9.5

------------------------------------------

Scan date: Thu Jun 03 19:05:50 2010

Machine ID: 1843EDD8

No infection found.

---------------------

Processes

---------

<unsigned> AntiVir Desktop 3464 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

<unsigned> AntiVir Desktop 1588 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

<unsigned> AntiVir Desktop 1432 C:\Program Files\Avira\AntiVir Desktop\sched.exe

<unsigned> BtvStack.exe 3456 C:\Program Files\Bluetooth Suite\BtvStack.exe

<verified> Adobe Acrobat 3472 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

<verified> Firefox 568 C:\Program Files\Mozilla Firefox\firefox.exe

<verified> Microsoft

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.