Jump to content

Recommended Posts

Starting shortly ago my Outlook 2002 sends unauthorized msgs (spam) as soon as started.

One of my existing accounts (which I have blocked changing the smtp address) is used to mail a continuing flow of groups consisting of three msgs each (contents and addresses unknown).

Msgs do not appear in the "sent" list.

Additional inconveniences are present, eg: some of my msgs cannot be mailed and remain permanently in the "to be send" list.

Full scans of MalwareBytes and of Avast 5 Pro do not show any virus to exist.

I have also done a scan with RKUnhooker (log included)

Here are the logs as requested:

DDS (Ver_09-09-29.01) - NTFSx86

Run by Fiore Romano at 22.22.51,87 on 26/11/2010

Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmi\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\programmi\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmi\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\programmi\microsoft activesync\WCESCOMM.EXE"

uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start

uRun: [smartVoip] "c:\programmi\smartvoip\SmartVoip.exe" -nosplash -minimized

uRun: [PowerArchiver Tray] "c:\programmi\powerarchiver\PASTARTER.EXE"

uRun: [LDM] c:\programmi\desktop messenger\8876480\program\BackWeb-8876480.exe

uRun: [swg] "c:\programmi\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programmi\file comuni\ahead\lib\NMBgMonitor.exe"

uRun: [PC Suite Tray] "c:\programmi\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [YouRipper]

mRun: [six Engine] "c:\programmi\asus\epu-6 engine\SixEngine.exe" -r

mRun: [sMSERIAL] "sm56hlpr.exe"

mRun: [RTHDCPL] "RTHDCPL.EXE"

mRun: [Alcmtr] "ALCMTR.EXE"

mRun: [zBrowser Launcher] "c:\programmi\logitech\itouch\iTouch.exe"

mRun: [EM_EXEC] "c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE"

mRun: [LDM] "c:\programmi\desktop messenger\8876480\program\backWeb-8876480.exe"

mRun: [HP Software Update] "c:\programmi\hp\hp software update\HPWuSchd2.exe"

mRun: [WFXSwtch] "c:\progra~1\winfax\WFXSWTCH.exe"

mRun: [WinFaxAppPortStarter] "wfxsnt40.exe"

mRun: [Acrobat Assistant 7.0] "c:\programmi\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"

mRun: [ASUSGamerOSD] c:\program files\asus\gamerosd\GamerOSD.exe

mRun: [iSUSPM Startup] "c:\progra~1\fileco~1\instal~1\update~1\ISUSPM.exe" -startup

mRun: [iSUSScheduler] "c:\programmi\file comuni\installshield\updateservice\issch.exe" -start

mRun: [bluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [ZoneAlarm Client] "c:\programmi\zone labs\zonealarm\zlclient.exe"

mRun: [babylon Client] "c:\programmi\babylon\babylon-pro\Babylon.exe" -AutoStart

mRun: [uVS12 Preload] "c:\programmi\corel\corel videostudio 12\uvPL.exe"

mRun: [MMTray] "MMTray.exe"

mRun: [MMTray2k] "MMTray2k.exe"

mRun: [RealTray] c:\programmi\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [LanguageShortcut] "c:\programmi\cyberlink\powerdvd\language\Language.exe"

mRun: [sunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe"

mRun: [DAEMON Tools-1033] "c:\programmi\d-tools\daemon.exe" -lang 1040

mRun: [!AVG Anti-Spyware] "c:\programmi\avg anti-spyware 7.5\avgas.exe" /minimized

mRun: [QuickTime Task] "c:\programmi\quicktime\qttask.exe" -atboottime

mRun: [bonus.SSR.FR10] "c:\programmi\abbyy finereader 10\Bonus.ScreenshotReader.exe" /autorun

mRun: [AXIS Camera Station Administration] "c:\programmi\axis communications\axis camera station 3\AcsAdmin.exe"

mRun: [NokiaMServer] "c:\programmi\file comuni\nokia\mplatform\NokiaMServer" /watchfiles startup

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [NWEReboot]

mRun: [mumservice] c:\program files\motorola\software update\mumservice.exe

mRun: [Freecorder FLV Service] "c:\programmi\replay media catcher\FLVSrvc.exe" /run

mRun: [ZSSnp211] "c:\windows\ZSSnp211.exe"

mRun: [Domino] "c:\windows\Domino.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Reader Library Launcher] c:\programmi\sony\reader\data\bin\launcher\Reader Library Launcher.exe

mRun: [nwiz] c:\programmi\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: Convert link target to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\programmi\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&sporta in Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\programmi\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Invia a &Bluetooth - c:\programmi\widcomm\software bluetooth\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\programmi\widcomm\software bluetooth\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmi\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programmi\microsoft activesync\INETREPL.DLL

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\programmi\microsoft activesync\INETREPL.DLL

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmi\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {2DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} - hxxp://www.activeworlds.com/products/ActiveWorldsDownload.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMapsPlugin_4.0.12.11.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232047469656

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236184956093

DPF: {7340F0E4-AEDA-47C6-8971-9DB314030BD7} - hxxp://192.168.1.222/activex/decoder/h264_dec.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {BA7A56EB-D1B9-443B-96E9-086532A378F1} - hxxp://192.168.1.222/activex/decoder/aac_dec.cab

DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} - hxxp://192.168.1.222/activex/decoder/intel_mpeg4_dec.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.1.222/activex/AMC.cab

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\programmi\microsoft activesync\AATP.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programmi\file comuni\skype\Skype4COM.dll

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\programmi\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\programmi\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\programmi\microsoft activesync\CENETFLT.DLL

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\programmi\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\programmi\microsoft activesync\CENETFLT.DLL

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\programmi\microsoft activesync\CENETFLT.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\programmi\winfax\WfxSeh32.Dll

SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\programmi\avg anti-spyware 7.5\shellexecutehook.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-11-25 10:54 <DIR> --d----- c:\programmi\Sophos

2010-11-25 10:45 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\NVIDIA Corporation

2010-11-25 10:45 232,968 a------- c:\windows\system32\nvdrsdb0.bin

2010-11-25 10:45 232,968 a------- c:\windows\system32\nvdrsdb1.bin

2010-11-25 10:45 1 a------- c:\windows\system32\nvdrssel.bin

2010-11-25 10:45 0 a------- c:\windows\system32\nvdrswr.lk

2010-11-25 10:45 <DIR> --d----- c:\programmi\NVIDIA Corporation

2010-11-08 18:54 <DIR> --d----- c:\documents and settings\fiore romano\Library

2010-11-08 18:54 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\kinoma

2010-11-08 18:53 <DIR> --d----- c:\programmi\Sony

2010-11-08 18:53 <DIR> --d----- c:\programmi\file comuni\Sony Shared

2010-11-03 15:48 <DIR> --d----- c:\docume~1\fiorer~1\datiap~1\Wireshark

2010-11-03 15:46 <DIR> --d----- c:\programmi\WinPcap

2010-11-03 15:45 <DIR> --d----- c:\programmi\Wireshark

2010-11-02 08:52 28,552 a------- c:\windows\system32\drivers\pavboot.sys

2010-11-02 08:52 <DIR> --d----- c:\programmi\Panda Security

2010-11-01 18:43 <DIR> --d----- c:\programmi\ESET

2010-11-01 15:01 <DIR> --d----- c:\docume~1\alluse~1\datiap~1\Webroot

2010-10-29 17:32 <DIR> --d----- c:\windows\system32\appmgmt

2010-10-28 16:11 <DIR> --d----- c:\docume~1\fiorer~1\datiap~1\webroot

==================== Find3M ====================

2010-11-26 20:08 478,808 a------- c:\windows\system32\perfh010.dat

2010-11-26 20:08 79,292 a------- c:\windows\system32\perfc010.dat

2010-11-26 19:13 130,930,720 a--sh--- c:\windows\system32\drivers\fidbox.dat

2010-11-26 19:13 1,238,024 a--sh--- c:\windows\system32\drivers\fidbox.idx

2010-10-29 16:06 156,672 a------- c:\windows\system32\rmc_fixasf.exe

2010-10-29 16:06 237,568 a------- c:\windows\system32\rmc_rtspdl.dll

2010-09-18 11:23 974,848 a------- c:\windows\system32\mfc42u.dll

2010-09-18 07:53 974,848 a------- c:\windows\system32\mfc42.dll

2010-09-18 07:53 954,368 a------- c:\windows\system32\mfc40.dll

2010-09-18 07:53 953,856 a------- c:\windows\system32\mfc40u.dll

2010-09-15 03:50 472,808 a------- c:\windows\system32\deployJava1.dll

2010-09-09 14:33 832,512 a------- c:\windows\system32\wininet.dll

2010-09-09 14:33 78,336 a------- c:\windows\system32\ieencode.dll

2010-09-09 14:33 17,408 a------- c:\windows\system32\corpol.dll

2010-09-07 16:12 38,848 -------- c:\windows\avastSS.scr

2010-09-01 12:51 285,824 a------- c:\windows\system32\atmfd.dll

2010-09-01 08:54 1,852,800 a------- c:\windows\system32\win32k.sys

2010-04-13 09:03 2,568 ---sh--- c:\docume~1\alluse~1\datiap~1\KGyGaAvL.sys

2009-02-08 18:31 88 ---shr-- c:\docume~1\alluse~1\datiap~1\588CDEE7B6.sys

2007-04-25 09:49 328 -------- c:\programmi\GuideMenuSetup.iss

2007-04-06 04:28 1,237 -------- c:\programmi\WinDVDSetup.iss

2006-06-23 07:48 32,768 -----r-- c:\windows\inf\UpdateUSB.exe

2009-05-22 16:11 8 ---shr-- c:\windows\system32\BECD9672FC.sys

2009-06-22 11:52 2,828 ---sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 22.23.36,01 ===============

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versione database: 5191

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

26/11/2010 11.08.26

mbam-log-2010-11-26 (11-08-26).txt

Tipo di scansione: Scansione completa (C:\|E:\|)

Elementi esaminati: 371351

Tempo trascorso: 1 ore, 58 minuti, 24 secondi

Processi infetti in memoria: 0

Moduli di memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Voci infette nei dati di registro: 0

Cartelle infette: 0

File infetti: 0

Processi infetti in memoria:

(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:

(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:

(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:

(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:

(Non sono stati rilevati elementi nocivi)

Cartelle infette:

(Non sono stati rilevati elementi nocivi)

File infetti:

(Non sono stati rilevati elementi nocivi)

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>SSDT State

==============================================

ntkrnlpa.exe-->NtAddBootEntry, Type: Address change 0x80616108-->B42F1CAE [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtClose, Type: Address change 0x805BC4DC-->B430E9A5 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtConnectPort, Type: Address change 0x805A4596-->B4518040 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtCreateEvent, Type: Address change 0x8060E634-->B42F3B34 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtCreateEventPair, Type: Address change 0x8061697E-->B42F3B8C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtCreateFile, Type: Address change 0x80579084-->B4514930 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtCreateIoCompletion, Type: Address change 0x80578A62-->B42F3CA2 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x806237C8-->B430E359 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtCreateMutant, Type: Address change 0x80616D76-->B42F3A8A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtCreatePagingFile, Type: Address change 0x805AB9B4-->B7E6AA20 [d347bus.sys]

ntkrnlpa.exe-->NtCreatePort, Type: Address change 0x805A50B2-->B4518510 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtCreateProcess, Type: Address change 0x805D11EA-->B451E870 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtCreateProcessEx, Type: Address change 0x805D1134-->B451EAA0 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtCreateSection, Type: Address change 0x805AB38E-->B4521FD0 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtCreateSemaphore, Type: Address change 0x80614734-->B42F3ADE [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtCreateTimer, Type: Address change 0x80616646-->B42F3C50 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtCreateWaitablePort, Type: Address change 0x805A50D6-->B4518600 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtDeleteBootEntry, Type: Address change 0x805C861C-->B42F1CD2 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtDeleteFile, Type: Address change 0x80576C2C-->B4514F20 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x80623C64-->B430F06B [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x80623E34-->B430F321 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtDuplicateObject, Type: Address change 0x805BDFB4-->B451E580 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtEnumerateKey, Type: Address change 0x80624014-->B430EED6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtEnumerateValueKey, Type: Address change 0x8062427E-->B430ED41 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x8058413A-->B42F1ADA [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtLoadKey, Type: Address change 0x806259EC-->B45208B0 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtModifyBootEntry, Type: Address change 0x805C861C-->B42F1CF6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtNotifyChangeKey, Type: Address change 0x806259B6-->B42F4548 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtNotifyChangeMultipleKeys, Type: Address change 0x806245EA-->B42F27F8 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtOpenEvent, Type: Address change 0x8060E734-->B42F3B64 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtOpenEventPair, Type: Address change 0x80616A56-->B42F3BB4 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtOpenFile, Type: Address change 0x8057A182-->B4514D70 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtOpenIoCompletion, Type: Address change 0x80578B3A-->B42F3CCC [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x80624BA6-->B430E6B5 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtOpenMutant, Type: Address change 0x80616E4E-->B42F3AB6 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB3FA-->B451E350 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x805AA3B2-->B42F3C1C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtOpenSemaphore, Type: Address change 0x8061482E-->B42F3B0C [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805CB686-->B451E150 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtOpenTimer, Type: Address change 0x80616768-->B42F3C7A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80624EE8-->B430EBBC [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtQueryObject, Type: Address change 0x805C5278-->B42F26BE [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x806219EC-->B430EA0E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtRenameKey, Type: Address change 0x806231EA-->B434222E [C:\WINDOWS\System32\Drivers\aswSP.SYS]

ntkrnlpa.exe-->NtReplaceKey, Type: Address change 0x8062589C-->B4520CB0 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtReplyWaitReceivePort, Type: Address change 0x805A647A-->B42F457E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtReplyWaitReceivePortEx, Type: Address change 0x805A5E82-->B42F4142 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: Address change 0x805A2D3C-->B4517C00 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x806251A8-->B430D9CC [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtSecureConnectPort, Type: Address change 0x805A3D2A-->B4518220 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtSetBootEntryOrder, Type: Address change 0x80616108-->B42F1D1A [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtSetBootOptions, Type: Address change 0x80616108-->B42F1D3E [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtSetInformationFile, Type: Address change 0x8057B010-->B4515120 [C:\WINDOWS\System32\vsdatant.sys]

ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x8060F3EC-->B42F1B34 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtSetSystemPowerState, Type: Address change 0x80652E18-->B7E760B0 [d347bus.sys]

ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80621D3A-->B430F172 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtShutdownSystem, Type: Address change 0x80612676-->B42F1C44 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtSystemDebugControl, Type: Address change 0x80617792-->B42F1C56 [C:\WINDOWS\System32\Drivers\aswSnx.SYS]

ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D2982-->B451ECD0 [C:\WINDOWS\System32\vsdatant.sys]

==============================================

>Drivers

==============================================

0xB71B8000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10604544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.96 )

0xBD051000 C:\WINDOWS\System32\nv4_disp.dll 6344704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.96 )

0xB471E000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4968448 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, Sistema e kernel NT)

0x804D7000 PnpManager 2154496 bytes

0x804D7000 RAW 2154496 bytes

0x804D7000 WMIxWDM 2154496 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Driver Win32 multiutente)

0xB6E81000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 1331200 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)

0xB7EA7000 PCI_PNP0856 1048576 bytes

0xB7EA7000 sptd 1048576 bytes

0xB7EA7000 spua.sys 1048576 bytes

0xB7076000 C:\WINDOWS\system32\DRIVERS\smserial.sys 925696 bytes (Motorola Inc., Motorola SM56 Modem WDM Driver)

0xB7CA0000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xB6FFA000 C:\WINDOWS\system32\DRIVERS\3xHybrid.sys 507904 bytes (Philips Semiconductors GmbH, 3xHybrid)

0xB4388000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB44E5000 C:\WINDOWS\System32\vsdatant.sys 393216 bytes (Zone Labs, LLC, TrueVector Device Driver)

0xB6D03000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xB42E0000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 364544 bytes (AVAST Software, avast! Virtualization Driver)

0xB45BB000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB3232000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB4275000 C:\WINDOWS\System32\Drivers\bthport.sys 274432 bytes (Microsoft Corporation, Driver bus Bluetooth)

0xB2AB1000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB7D8D000 mv61xx.sys 262144 bytes (Marvell Semiconductor, Inc., Marvell Thor Windows Driver)

0xBD012000 C:\WINDOWS\System32\atkdisp.dll 245760 bytes (ASUSTeK Computer Inc., ASUS Windows 2000/XP Display Driver)

0xB34C9000 C:\WINDOWS\system32\drivers\btslbcsp.sys 204800 bytes (Broadcom Corporation., Bluetooth Serial Driver for Windows 2000)

0xB6D61000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB7E3B000 ACPI.sys 188416 bytes (Microsoft Corporation, Driver ACPI per NT)

0xB3613000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB7C73000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB43F8000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB7158000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xB4545000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB4339000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)

0xB7E69000 d347bus.sys 155648 bytes ( , PnP BIOS Extension)

0xB7DE5000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, Driver di I/O di Gestione dischi di NT)

0xB4595000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xB46FA000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB7180000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB4647000 C:\WINDOWS\system32\DRIVERS\klif.sys 143360 bytes (Kaspersky Lab, Klif Mini-Filter)

0xB6FD7000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xB44C3000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E5000 ACPI_HAL 134400 bytes

0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB7D6D000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB7E0B000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver FT del disco)

0xB7C45000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB425C000 C:\WINDOWS\system32\DRIVERS\bthpan.sys 102400 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)

0xB7DCD000 98304 bytes

0xB4244000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xB7E8F000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xB3A15000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)

0xB7D44000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB6E6A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xB7D2D000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xB3848000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB7C5F000 srescan.sys 81920 bytes

0xB71A4000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xB4614000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xB7D5B000 sr.sys 73728 bytes (Microsoft Corporation, Driver filtro file system Ripristino configurazione di sistema)

0xB7E2A000 pci.sys 69632 bytes (Microsoft Corporation, Enumeratore PCI Plug and Play per NT)

0xB6D91000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xB6FC6000 C:\WINDOWS\system32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Driver della periferica seriale)

0xB6E4A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xB8228000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xB8208000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xB8188000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xB82D8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xB6E1A000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys 61440 bytes (Logitech, Logitech Mouse Filter Driver)

0xB8238000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Driver del filtro audio Redbook)

0xB6E0A000 C:\WINDOWS\system32\DRIVERS\rfcomm.sys 61440 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)

0xB3D5C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xB82C8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xB80E8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Driver copia replicata del volume)

0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xB81F8000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 53248 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113 PCI-E Ethernet Controller ndis miniport driver)

0xB8248000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xB8268000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xB81A8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xB8218000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xB8258000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xB8168000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)

0xB6DFA000 C:\WINDOWS\system32\DRIVERS\bthmodem.sys 40960 bytes (Microsoft Corporation, Bluetooth Communications Driver)

0xB81E8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Driver di periferica processore)

0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, Driver bus PNP ISA)

0xB82A8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xB8288000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xB6E3A000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xB6E2A000 C:\WINDOWS\system32\drivers\lhidusb.sys 36864 bytes (Logitech, Logitech USB Receiver Driver)

0xB8278000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xB8198000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB14B6000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xB8118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xB8178000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xB83D8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Driver del modem)

0xB8450000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xB8478000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xB83D0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xB8438000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xB8400000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver classe tastiera)

0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xB8460000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)

0xB4214000 C:\WINDOWS\system32\drivers\btserial.sys 24576 bytes (Broadcom Corporation., Bluetooth Serial Driver for Windows 2000)

0xB8480000 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys 24576 bytes (Logitech, Logitech HID Filter Driver)

0xB8408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver Mouse Class)

0xB8338000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)

0xB83C8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xB8440000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xB83E0000 C:\WINDOWS\system32\DRIVERS\AsusVRC.sys 20480 bytes (ASUSTeK COMPUTER INC., AsusVRC)

0xB83A8000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)

0xB8488000 C:\WINDOWS\system32\DRIVERS\BthEnum.sys 20480 bytes (Microsoft Corporation, Bluetooth Bus Extender)

0xB8468000 C:\WINDOWS\System32\Drivers\BTHUSB.sys 20480 bytes (Microsoft Corporation, Bluetooth Miniport Driver)

0xB8448000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xB83F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xB83F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xB83E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xB84A8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xB8584000 C:\WINDOWS\system32\drivers\asusgsb.sys 16384 bytes (ASUSTeK Computer Inc., ASUS Virtual Video Capture Device Driver)

0xB457D000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Driver del filtro del mouse HID)

0xB6DB2000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)

0xB85A4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xB3ED8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xB8570000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xB4682000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)

0xB857C000 C:\WINDOWS\system32\drivers\atkkbnt.sys 12288 bytes (ASUSTeK COMPUTER INC., ASUS Help driver For Keyboard Service.)

0xB856C000 C:\WINDOWS\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)

0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xB4374000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xB46EA000 C:\WINDOWS\system32\drivers\EIO_XP.sys 12288 bytes (ASUSTeK Computer Inc., ASUS Kernel Mode Driver for NT )

0xB6CEB000 C:\WINDOWS\System32\Drivers\FileDisk.SYS 12288 bytes (iolo technologies, LLC (based on original work by Bo Brant

Attach.zip

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Thankyou Gammo for your instructions.

Here is the ComboFis report.

Please note that ComboFix has not been able toset up a system recovery poit ("CSCRIPT is not a valid windows com or exetutable file")

ComboFix 10-11-29.03 - Fiore Romano 29/11/2010 23.47.00.1.2 - x86

Eseguito da: c:\documents and settings\Fiore Romano\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\FIORER~1\IMPOST~1\Temp\IadHide3.dll

c:\documents and settings\Fiore Romano\Impostazioni locali\Temp\IadHide3.dll

c:\windows\daemon.dll

c:\windows\system32\09998081.dat

c:\windows\system32\1f2af2c8.dll

c:\windows\system32\AutoRun.inf

c:\windows\UA000106.DLL

c:\windows\system32\drivers\ntfs.sys . . .

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hi,

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png


      Here are the MalwareBytes and the ESET OnLine scanner log files, carried out after TFC cleaning
      Otlook misbehaviour is still as before.
      I am keen to your next instructions
      All the best
      Mazandaran
      Malwarebytes' Anti-Malware 1.50
      www.malwarebytes.org
      Versione database: 5214
      Windows 5.1.2600 Service Pack 3
      Internet Explorer 7.0.5730.13
      02/12/2010 18.59.35
      mbam-log-2010-12-02 (18-59-35).txt
      Tipo di scansione: Scansione veloce
      Elementi esaminati: 158808
      Tempo trascorso: 4 minuti, 1 secondi
      Processi infetti in memoria: 0
      Moduli di memoria infetti: 0
      Chiavi di registro infette: 0
      Valori di registro infetti: 0
      Voci infette nei dati di registro: 0
      Cartelle infette: 0
      File infetti: 0
      Processi infetti in memoria:
      (Non sono stati rilevati elementi nocivi)
      Moduli di memoria infetti:
      (Non sono stati rilevati elementi nocivi)
      Chiavi di registro infette:
      (Non sono stati rilevati elementi nocivi)
      Valori di registro infetti:
      (Non sono stati rilevati elementi nocivi)
      Voci infette nei dati di registro:
      (Non sono stati rilevati elementi nocivi)
      Cartelle infette:
      (Non sono stati rilevati elementi nocivi)
      File infetti:
      (Non sono stati rilevati elementi nocivi)
      _________________________________________________
      C:\System Volume Information\_restore{164C9A55-90A5-4C7D-9F21-7795AE6B05CD}\RP192\A0042539.exe probably a variant of Win32/TrojanClicker.Agent.LOSTUZZ trojan cleaned by deleting - quarantined
Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Under the Custom Scan box paste this in
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Hi Gammo,

the OTL.txt and the Extras.txt have been sent as attachments, since the Forum says "error: your post is too long. Please reduce it"

Please note that the file age automatically set (30 days) is too short, since the infection is on my PC since several months, notwithstanding all cleaning efforts.

Regards

Mazandaran

___________________________________________

OTL.Txt

Extras.Txt

Link to post
Share on other sites

Hi,

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the
    F8
    key until a menu appears.

    Use your up arrow key to highlight SafeMode then hit
    enter
    .


  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • Hidden Startup Objects

  • System Memory

  • Disk Boot Sectors.

  • My Computer.

  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Dr.Web CureIt to the desktop.

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb_green_arrow.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    drweb_check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    drweb_move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Link to post
Share on other sites

Hi,

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the
    F8
    key until a menu appears.

    Use your up arrow key to highlight SafeMode then hit
    enter
    .


  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • Hidden Startup Objects

  • System Memory

  • Disk Boot Sectors.

  • My Computer.

  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Dr.Web CureIt to the desktop.

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb_green_arrow.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    drweb_check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    drweb_move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Hi Gammo,

here are the Kaspersky. the DrWeb and the new OTL logs.

The Outlook misbehaviour is still the same.

Look forward to your next instructions

All the best

Mazandaran

Scansione automatica: processo completato 11 minuti fa (eventi: , oggetti: 1187894, ora: 11.25.58)

09/12/2010 10.25.34 Attivit

Link to post
Share on other sites

Hi,

Please change the password of your email account online. Does that resolve the issue?

Hi Gammo.

Not at all, nothing is changed after changing the P/W.

By the way I have already prevented the delivery of the spam msgs by changing the smtp server address.

Are there any means to see the content and address of such outgoing spam?

Presently they only appear in the Outlook delivery status windows. Every 60 secs it says "3 out of 3 msgs are being sent". Then an error msg appears since they cannot reach the smtp server due to the fake address I have introduced.

It is avery annoying process, and I am afraid that the ISP provider might cut me off, due to the excess number of outgoing msgs.

Any further suggestion?

Thanks

Mazandaran

Link to post
Share on other sites

Hi,

Download avz4.zip from HERE

  1. Unzip it to your desktop to a folder named avz4
  2. Double click on AVZ.exe to run it.
  3. Run an update by clicking the Auto Update button on the Right of the Log window: avz-update-button.png
  4. Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

  1. Start AVZ.
  2. Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    avz-standardscripts-asa-removal.png
  3. Click on the
Link to post
Share on other sites

Hi,

Download avz4.zip from HERE

  1. Unzip it to your desktop to a folder named avz4
  2. Double click on AVZ.exe to run it.
  3. Run an update by clicking the Auto Update button on the Right of the Log window: avz-update-button.png
  4. Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

  1. Start AVZ.
  2. Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    avz-standardscripts-asa-removal.png
  3. Click on the
    runscanner.zip
    virusinfo_syscheck.zip
    virusinfo_syscure.zip
Link to post
Share on other sites

Hi,

Those logs appear to be clean as well.

The only option that remains is formatting and reinstalling Windows. Is that an option for you?

Hi Gammo,

as you may have noted from the logs, I have hundreds of applications installed.

Formatting and reinstalling would be a hell of a job.

In your experience would help installing Outlook 2003 in place of Outlook 2002 presently in use?

If nothing can be done, the easiest way for me would be to handle my e-mail from a small Netbook I have.

Your suggestions would oblige.

Mazandaran

Link to post
Share on other sites

Hi,

I don't think that will solve the program.

To be honest, I'm not sure if the problem is caused by malware at all, since all your logs are clean.

Hi Gammo,

I cannot imagine any other reason for what happens, except malware.

Please have a look to the Delivery Status message:

post-60629-1292845060_thumb.gif

it shows 134 delivery attempts (none completed) from the Casamonti account, each consisting of 3 e-mails (sent 3 out of 3).

This is the result of 2 hours and 10 ' of unattended Outlook operation, i.e. 1 every 60 sec.

No instruction whatsoever was given by me!

Error msgs appear because I have put in the account a fake smtp address.

As you are fully aware, brand new viruses are created every now and then. The newest may not possibly be identified by any current malware detector.

I have appreciated all your help and efforts, even without success at present and I have made a small donation.

Should you have any other suggestion in the future, please get in touch.

All the best

Link to post
Share on other sites

Thanks a lot for the donation. :)

I'd say it's a 'normal' Outlook problem that's causing this. Malware that uses your PC to send spam don't use Outlook. The malicious process runs in the background.

Hi Gammo,

I do appreciate that Outlook has never been and it is not a "perfect" and flawless program.

However it is hard to share your suggestion, since the first think I did, of course, has been to reinstall Outlook.

This should have restored thr "normal" operating conditions.

The other option I see is that some "not malicipus" program, of the many I have installed, might be trying to send service msgs.

It would help me to identify the responsible program if I could read the address and content of such e-mails.

Any suggestion how it could be done?

Possibly Wireshark or similar network flow analyzer?

Thanks

Link to post
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.