Active Freezing pc

bubi · 2009/12/04

[Active] Freezing pc

Hello ,

sorry for the first post in the wrong section.

By a couple of weeks i have some issues with random system freezing and sometimes blu screen crash.
I made antivirus scanns , found some and removed but seems that problem is not solved as i had freezing again.
Made a memtest run by 2 hour with cpu usage and ram usage at 100% and had no errors or other issues.So i think it's not a hardware problem
Here are the scanns requested:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Cornel at 13.37.57,16 on 04/12/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.39.1033.18.2815.1514 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\SupportAppXL\cdrom_mon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Function Key Controller\FKC.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cornel\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.alienware.co.uk/Mothership?Comp=AWEU&SysCode=PC-EU-LT-A51M9750&ai=636E3D4532343139343726706F3D4532313631383341
uDefault_Page_URL = hxxp://www.alienware.co.uk/Mothership?Comp=AWEU&SysCode=PC-EU-LT-A51M9750&ai=636E3D4532343139343726706F3D4532313631383341
uWindow Title = Windows Internet Explorer provided by Alienware
mDefault_Page_URL = hxxp://www.alienware.co.uk/Mothership?Comp=AWEU&SysCode=PC-EU-LT-A51M9750&ai=636E3D4532343139343726706F3D4532313631383341
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [<NO NAME>]
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [PlayNC Launcher]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [FunctionKeyCtrl] c:\program files\function key controller\FKC.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [SteelSeries World of Warcraft MMO Gaming Mouse] c:\program files\steelseries\world of warcraft mmo gaming mouse\WoWMHID.exe
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 8\drag to disc\DrgToDsc.exe "
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe "
dRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Scarica con Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: {500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1} - No File
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 21520]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2008-6-2 81920]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-11-25 47640]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 wwanSvc;wwanSvc;c:\program files\sony ericsson\sony ericsson md400 wireless modem\wwanSvc.exe [2008-10-15 106496]
R3 CXSONORA;AVerMedia 23885 AvStream Video Capture;c:\windows\system32\drivers\A885VCap.sys [2008-6-13 736000]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 Mo3Fltr;MMO Mouse;c:\windows\system32\drivers\Mo3Fltr.sys [2009-6-10 11136]
S2 Apache2.2;Apache2.2; [x]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]
S3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2008-3-31 179712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-31 21504]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [2008-12-25 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [2008-12-25 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2008-12-25 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [2008-12-25 104960]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 311808]
S3 seu3bus;Sony Ericsson MD400g Mobile Broadband Composite Device driver (WDM);c:\windows\system32\drivers\seu3bus.sys [2009-3-29 307200]
S3 seu3card;Sony Ericsson MD400g Device Mgmt;c:\windows\system32\drivers\seu3card.sys [2009-3-29 380800]
S3 seu3mdfl;Sony Ericsson MD400g Mobile Broadband Modem Filter;c:\windows\system32\drivers\seu3mdfl.sys [2009-3-29 14976]
S3 seu3mdfl2;Sony Ericsson MD400g Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\seu3mdfl2.sys [2009-3-29 14976]
S3 seu3mdm;Sony Ericsson MD400g Mobile Broadband Modem Driver;c:\windows\system32\drivers\seu3mdm.sys [2009-3-29 389376]
S3 seu3mdm2;Sony Ericsson MD400g Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\seu3mdm2.sys [2009-3-29 434176]
S3 seu3nd5;Sony Ericsson MD400g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\seu3nd5.sys [2009-3-29 25984]
S3 seu3unic;Sony Ericsson MD400g Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\seu3unic.sys [2009-3-29 405504]
S3 Sony_EricssonWWSC;Sony Ericsson PC SC Port;c:\windows\system32\drivers\seu3scard.sys [2009-3-29 24232]

=============== Created Last 30 ================

2009-12-03 19:58:31 0 d-----w- c:\program files\Trend Micro
2009-12-02 19:35:41 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-02 19:35:41 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-02 19:34:33 0 d-----w- c:\programdata\Kaspersky Lab
2009-12-02 19:34:33 0 d-----w- c:\program files\Kaspersky Lab
2009-12-02 19:33:18 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-02 19:10:24 0 d-----w- c:\programdata\XHEO INC
2009-12-02 19:09:33 0 d-----w- c:\program files\RVG Software
2009-11-30 18:33:05 0 d-----w- c:\program files\Full Tilt Poker
2009-11-30 08:58:10 0 d-----w- c:\programdata\NOS
2009-11-25 18:27:50 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 17:54:40 0 d-----w- c:\programdata\LogMeIn
2009-11-25 17:54:33 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-11-25 17:54:32 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-11-25 17:54:32 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-11-25 17:54:30 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-11-25 17:54:27 1024 ----a-w- C:\.rnd
2009-11-25 17:54:15 0 d-----w- c:\program files\LogMeIn
2009-11-25 17:26:18 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 17:26:18 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 17:26:13 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-24 23:26:26 0 d-----w- c:\users\cornel\Tracing
2009-11-24 23:25:10 0 d-----w- c:\program files\Microsoft
2009-11-24 23:24:57 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-21 14:09:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-21 11:30:52 0 d-----w- c:\windows\nvtmpinst
2009-11-21 11:05:08 72704 ----a-w- c:\windows\system32\admparse.dll
2009-11-21 02:01:14 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-21 02:01:14 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-18 02:18:05 0 d-----w- c:\program files\Windows Portable Devices
2009-11-18 02:17:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 02:17:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-18 02:02:22 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 02:02:21 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 02:02:21 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 02:00:16 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 02:00:16 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-18 02:00:16 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-16 21:53:44 0 d-----w- c:\program files\LogMeIn Hamachi
2009-11-15 18:21:02 0 d-----w- c:\program files\common files\Windows Live
2009-11-14 13:13:07 0 d-----w- c:\programdata\vsosdk
2009-11-13 17:45:45 102960 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-11 21:59:38 0 d-----w- c:\users\cornel\appdata\roaming\VirtuaWin
2009-11-11 18:45:32 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 18:45:20 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 07:39:43 0 d-----w- c:\program files\DVDFab 6
2009-11-06 09:59:54 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59:54 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-06 09:58:04 178975 ----a-w- c:\windows\system32\xlive.dll.cat

==================== Find3M ====================

2009-12-04 12:36:44 31966 ----a-w- c:\programdata\nvModes.dat
2009-12-02 19:35:10 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-02 19:35:09 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-02 19:35:09 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-18 02:18:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-07 07:39:48 87608 ----a-w- c:\users\cornel\appdata\roaming\inst.exe
2009-11-07 07:39:48 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-07 07:39:48 47360 ----a-w- c:\users\cornel\appdata\roaming\pcouffin.sys
2009-11-03 15:33:40 21520 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 17:05:36 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05:34 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-20 18:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-14 19:18:34 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2008-03-31 11:05:35 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13.38.30,90 ===============

broni · 2009/12/04

Is Kaspersky your current, up to date AV program?

2nd part of DDS log is missing. Please, provide it in your next reply.

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

******************************************************************************************
Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit)
DO NOT remove those entries!
If you do, your computer will become UN-bootable.
The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
****************************************************************************************

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

bubi · 2009/12/05

Here is the 2nd log of dds:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 13/06/2008 10.57.29
System Uptime: 12/04/2009 7.01.21 (5670 hours ago)

Motherboard: alienware | | Area-51 m9750
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | CPU 1 | 1992/668mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 103 GiB total, 17,933 GiB free.
D: is CDROM (CDUDF)
E: is FIXED (NTFS) - 932 GiB total, 80,722 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp

==== System Restore Points ===================

RP1166: 25/11/2009 19.27.05 - Windows Update
RP1168: 26/11/2009 20.06.24 - Scheduled Checkpoint
RP1170: 27/11/2009 2.01.06 - Windows Update
RP1172: 30/11/2009 5.21.24 - Scheduled Checkpoint
RP1174: 30/11/2009 18.56.54 - Rimosso Full Tilt Poker
RP1176: 01/12/2009 2.14.07 - Windows Update
RP1178: 02/12/2009 1.41.56 - Scheduled Checkpoint
RP1180: 02/12/2009 20.09.22 - Installed Holdem Manager
RP1182: 02/12/2009 20.14.23 - Installed PostgreSQL MUI Wrapper 8.3
RP1184: 02/12/2009 20.16.54 - Installed PostgreSQL 8.3
RP1186: 02/12/2009 20.22.34 - Installed PostgreSQL MUI Wrapper 8.3
RP1188: 02/12/2009 20.23.48 - Installed PostgreSQL MUI Wrapper 8.3
RP1190: 02/12/2009 20.25.14 - Installed PostgreSQL MUI Wrapper 8.3
RP1192: 02/12/2009 20.27.11 - Installed PostgreSQL MUI Wrapper 8.3
RP1194: 02/12/2009 20.27.53 - Installed PostgreSQL 8.3
RP1196: 02/12/2009 20.28.30 - Installed PostgreSQL MUI Wrapper 8.3
RP1198: 02/12/2009 20.29.10 - Installed PostgreSQL 8.3
RP1200: 02/12/2009 20.29.59 - Installed PostgreSQL MUI Wrapper 8.3
RP1202: 02/12/2009 20.30.37 - Installed PostgreSQL 8.3
RP1204: 02/12/2009 20.33.47 - Installed Kaspersky Anti-Virus 2010.
RP1206: 04/12/2009 1.59.34 - Windows Update

==== Installed Programs ======================

Adobe After Effects 6.5
Adobe Audition 1.5
Adobe Encore DVD 1.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Premiere Pro 1.5
Adobe Reader 8.1.6
Age of Conan - Hyborian Adventures
Aion
Alice Mobile
AlienRespawn v2.0
AnyDVD
Apple Mobile Device Support
Apple Software Update
Atlantica Online
AVerMedia MCE Encoder 3.2.1.62
AVerMedia MiniCard Hybrid TV 1.12.0.79
BisonCam
Bonjour
Calculatem Pro
Call of Duty(R) 4 - Modern Warfare(TM)
CCleaner (remove only)
Corel WinDVD 9
Curse Client
Dragonii te Ã®nvata limba engleza
DUNGEONS & DRAGONS ONLINEâ„¢: Stormreachâ„¢ v01.08.00.8120
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0
DVDFab 6.1.2.5 (27/10/2009)
EVE-ONLINE (remove only)
Far Cry 2
FileZilla Client 3.2.3.1
Football Superstars
Free Download Manager 2.5
Full Tilt Poker
Function Key Controller
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Gears of War
Google Earth
Heroes of Might & Magic V: I martelli del destino
Heroes of Might and Magic V
Heroes of Might and Magic V - Tribes of the East
HijackThis 2.0.2
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 6
Java(TM) 6 Update 7
K-Lite Codec Pack 3.9.5 (Full)
Kaspersky Anti-Virus 2010
LightScribe 1.4.124.1
LogMeIn
LogMeIn Hamachi
Lolek ºi Bolek -engleza pentru copii-
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office PowerPoint - Visualizzatore 2003
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Monopoly by Parker Brothers
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
Need for Speedâ„¢ Undercover
Nero 7 Essentials
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Poker Snai
PowerDVD
Pro Evolution Soccer 2009
Pro Evolution Soccer 2010
ProgDVB
QuickTime
Realtek High Definition Audio Driver
RICOH R5C83x Flash Media Controller Driver Ver.3.30
Roxio Easy Media Creator 8 Suite
Runes of Magic
Safari
Skype web features
Skypeâ„¢ 4.1
Sony Ericsson MD400 Wireless Modem
Sony Ericsson Wireless Manager 5
SPOREâ„¢
Strumento di caricamento di Windows Live
Synaptics Pointing Device Driver
System Requirements Lab
TeamSpeak 2 RC2
TELL ME MORE
The Godfatherâ„¢ II
The Lord of the Rings Onlineâ„¢: Shadows of Angmarâ„¢ v07.12.30.70
Titan Poker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
VH Toolkit 1.0.13.0
Vodafone Mobile Connect Lite
Vuze
Warhammer Online - Age of Reckoning
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Writer
WinRAR gestione archivi
World of Warcraft
World of Warcraft MMO Gaming Mouse
Yahoo! Messenger
Z Engine

==== Event Viewer Messages From Past Week ========

30/11/2009 3.16.52, Error: EventLog [6008] - The previous system shutdown at 3.10.18 on 30/11/2009 was unexpected.
30/11/2009 19.07.23, Error: EventLog [6008] - The previous system shutdown at 19.05.47 on 30/11/2009 was unexpected.
29/11/2009 16.22.46, Error: EventLog [6008] - The previous system shutdown at 16.20.24 on 29/11/2009 was unexpected.
28/11/2009 23.42.56, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.148 for the Network Card with network address 0003253E2CA6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
28/11/2009 23.42.53, Error: EventLog [6008] - The previous system shutdown at 23.38.00 on 28/11/2009 was unexpected.
27/11/2009 18.22.24, Error: EventLog [6008] - The previous system shutdown at 18.20.24 on 27/11/2009 was unexpected.
27/11/2009 13.40.43, Error: EventLog [6008] - The previous system shutdown at 13.32.33 on 27/11/2009 was unexpected.
04/12/2009 7.03.22, Error: Service Control Manager [7000] - The mysql service failed to start due to the following error: The system cannot find the path specified.
04/12/2009 7.03.22, Error: Service Control Manager [7000] - The Apache2.2 service failed to start due to the following error: The system cannot find the path specified.
04/12/2009 7.01.54, Error: EventLog [6008] - The previous system shutdown at 6.43.05 on 04/12/2009 was unexpected.
03/12/2009 7.38.45, Error: EventLog [6008] - The previous system shutdown at 4.14.32 on 03/12/2009 was unexpected.
03/12/2009 12.36.16, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
02/12/2009 20.56.33, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "193" Happened while starting this command: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
02/12/2009 20.55.50, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
02/12/2009 20.53.20, Error: Service Control Manager [7023] - The TPM Base Services service terminated with the following error: Access is denied.
02/12/2009 20.53.20, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: Access is denied.
02/12/2009 20.42.17, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}. The error: "5" Happened while starting this command: C:\ProgramData\Macrovision\FLEXnet Connect\6\agent.exe -Embedding
01/12/2009 20.13.25, Error: EventLog [6008] - The previous system shutdown at 20.09.04 on 01/12/2009 was unexpected.
01/12/2009 2.19.15, Error: EventLog [6008] - The previous system shutdown at 2.16.14 on 01/12/2009 was unexpected.

==== End Of File ===========================

broni · 2009/12/06

Ok...

bubi · 2009/12/07

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/06/2009 at 02:31 PM

Application Version : 4.31.1000

Core Rules Database Version : 4304
Trace Rules Database Version: 2191

Scan type : Complete Scan
Total Scan Time : 03:19:02

Memory items scanned : 302
Memory threats detected : 0
Registry items scanned : 9180
Registry threats detected : 2
File items scanned : 280677
File threats detected : 5

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}

Adware.Vundo Variant/Rel
HKU\S-1-5-21-1664028528-520582152-236142748-1000\Software\Microsoft\rdfa

Adware.Casino Games (Golden Palace Casino)
C:\POKER\POKER SNAI\CASINO.EXE
C:\POKER\TITAN POKER\CASINO.EXE

Trojan.SVCHost/Fake
C:\USERS\CORNEL\DOCUMENTS\SUPERSTITII\SVCHOST.EXE
C:\Windows\Prefetch\SVCHOST.EXE-0901A7EC.pf
C:\Windows\Prefetch\SVCHOST.EXE-42332E6E.pf

Malwarebytes' Anti-Malware 1.42
Database version: 3307
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

07/12/2009 7.56.12
mbam-log-2009-12-07 (07-56-12).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 409101
Time elapsed: 1 hour(s), 14 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\RegClean Scheduled Scan.job (Rogue.RegClean) -> Quarantined and deleted successfully.

bubi · 2009/12/07

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-07 08:41:41
Windows 6.0.6002 Service Pack 2
Running: 8sldyrfp.exe; Driver: C:\Users\Cornel\AppData\Local\Temp\uwryrpog.sys

---- System - GMER 1.0.15 ----

INT 0x51 ? 86B4CF00
INT 0x62 ? 86B4CF00
INT 0x72 ? 84BA9BF8
INT 0x82 ? 84BA9BF8
INT 0x92 ? 86B4CF00
INT 0xA2 ? 86B4CF00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spne.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F003340, 0x3E1F47, 0xE8000020]
.text USBPORT.SYS!DllUnload 8ED2041B 5 Bytes JMP 86B4C4E0
.text aumpukwn.SYS 8A17A000 22 Bytes [82, 23, 42, 82, 6C, 22, 42, ...]
.text aumpukwn.SYS 8A17A017 159 Bytes [00, 32, C7, 79, 80, 3D, C5, ...]
.text aumpukwn.SYS 8A17A0B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aumpukwn.SYS 8A17A0CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...]
.text aumpukwn.SYS 8A17A11F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...]
.text ...
C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in " " section [0xA2B6C000]
.clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0xA2B6D000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] KERNEL32.dll!LoadLibraryExW 75A59109 7 Bytes JMP 10005230 C:\Program Files\Ideazon\ZEngine\ZESystem.dll (rscoree/Remotesoft, Inc.)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] USER32.dll!DefWindowProcA 758CDB88 5 Bytes JMP 630019AC C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] USER32.dll!GetSysColorBrush 758CE21C 5 Bytes JMP 6305CBDD C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] USER32.dll!GetSysColor 758D9BF6 5 Bytes JMP 6305DA75 C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] USER32.dll!DefWindowProcW 758E03B4 5 Bytes JMP 630019DB C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806936D2] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80693040] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806937FC] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806930BE] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069313C] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A3048] \SystemRoot\System32\Drivers\spne.sys
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortCompleteRequest] 81642446
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortMoveMemory] 7E398A18
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 81902846
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B8A18
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\aumpukwn.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73387817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [733DA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7338BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7337F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [733875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7337E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [733B8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7338DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7337FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7337FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [733771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7340CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [733AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7337D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73376853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7337687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1800] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73382AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [6305CB26] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [6305870E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\ole32.dll [USER32.dll!MoveWindow] [6301D83B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [6305CB26] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61001850] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [61001530] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [GDI32.dll!DeleteObject] [6305CBAA] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [63029617] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowLongA] [61001530] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!CallWindowProcW] [6305870E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!DeferWindowPos] [610014A0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!TrackPopupMenu] [630295EF] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowPlacement] [6301D628] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!DrawFrameControl] [6301E1DC] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColorBrush] [6305CBDD] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!MoveWindow] [6301D83B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowPos] [6301DA46] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetSysColor] [6305CB26] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!FillRect] [630292CF] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!DefWindowProcW] [61001890] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowLongW] [610015E0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowLongW] [61001570] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\shell32.dll [USER32.dll!SetScrollInfo] [61001750] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WININET.dll [USER32.dll!GetWindowRect] [6301DC5B] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowPos] [6301DA46] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WININET.dll [USER32.dll!DefWindowProcA] [61001850] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowLongA] [61001530] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WININET.dll [USER32.dll!GetWindowLongA] [610015B0] C:\Windows\system32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] [630295A4] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6302946E] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [630294D7] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
IAT C:\Program Files\Ideazon\ZEngine\Zboard.exe[4080] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6302963C] C:\Windows\system32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8596C1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84BAB1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{72C3EE89-9DB8-4CF5-A737-4C5AFF7FA318} 8796E1F8
Device \Driver\usbuhci \Device\USBPDO-0 86A731F8
Device \Driver\usbuhci \Device\USBPDO-1 86A731F8
Device \Driver\usbuhci \Device\USBPDO-2 86A731F8
Device \Driver\usbuhci \Device\USBPDO-3 86A731F8
Device \Driver\usbehci \Device\USBPDO-4 86A6C1F8
Device \Driver\PCI_PNP8952 \Device\00000057 spne.sys
Device \Driver\volmgr \Device\HarddiskVolume1 84BAB1F8
Device \Driver\cdrom \Device\CdRom0 86AFD500
Device \Driver\volmgr \Device\HarddiskVolume2 84BAB1F8
Device \Driver\volmgr \Device\HarddiskVolume3 84BAB1F8
Device \Driver\cdrom \Device\CdRom1 86AFD500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8596B1F8
Device \Driver\atapi \Device\Ide\IdePort0 8596B1F8
Device \Driver\atapi \Device\Ide\IdePort1 8596B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8596B1F8
Device \Driver\sptd \Device\2226767702 spne.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 8796E1F8
Device \Driver\USBSTOR \Device\00000078 87A4B500
Device \Driver\USBSTOR \Device\00000079 87A4B500
Device \Driver\Smb \Device\NetbiosSmb 879991F8
Device \Driver\iScsiPrt \Device\RaidPort0 86BA21F8
Device \Driver\netbt \Device\NetBT_Tcpip_{BFCB0D09-5597-4A7D-80C5-B936F38B9F83} 8796E1F8
Device \Driver\usbuhci \Device\USBFDO-0 86A731F8
Device \Driver\BTHUSB \Device\0000007a bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007a bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 86A731F8
Device \Driver\usbuhci \Device\USBFDO-2 86A731F8
Device \Driver\BTHUSB \Device\0000007c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-3 86A731F8
Device \Driver\usbehci \Device\USBFDO-4 86A6C1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{D9DE4F62-4B62-4601-BA76-EDC87A663CBF} 8796E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{BA62359B-EFE1-49A1-B27D-1EA7A748545F} 8796E1F8
Device \Driver\aumpukwn \Device\Scsi\aumpukwn1 86BBF500
Device \Driver\aumpukwn \Device\Scsi\aumpukwn1Port3Path0Target0Lun0 86BBF500
Device \FileSystem\cdfs \Cdfs 86AA41F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee55675
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd049b4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd049b4@000b0d4e22af 0xAA 0xBF 0x8C 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x83 0x48 0xB7 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0x10 0xEF 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x66 0x66 0xBB 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ee55675 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd049b4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd049b4@000b0d4e22af 0xAA 0xBF 0x8C 0x3D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x83 0x48 0xB7 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x81 0x10 0xEF 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x66 0x66 0xBB 0x7C ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x86 0xFA 0x2E 0x97 ...

---- EOF - GMER 1.0.15 ----

bubi · 2009/12/07

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.49.37, on 07/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Function Key Controller\FKC.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Curse\CurseClient.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.co.uk/Mothersh...=636E3D4532343139343726706F3D4532313631383341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.co.uk/Mothersh...=636E3D4532343139343726706F3D4532313631383341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.co.uk/Mothersh...=636E3D4532343139343726706F3D4532313631383341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Alienware
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - SlySoft, Inc. - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: wwanSvc - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

--
End of file - 12130 bytes

Must say that on executing gmer i had 1 time blue screen and 1 time program stopped working meantime he was scanning.
Many times on restarting pc i get message '' HID MFC application has stopped working'' and most of the times when i get that message pc crashes on explorer.
About Av update program i never used one i just downloaded kaspersky to make some scanns.

broni · 2009/12/07

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

bubi · 2009/12/08

ComboFix 09-12-07.07 - Cornel 08/12/2009 8.37.21.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.39.1033.18.2815.1591 [GMT 1:00]
Eseguito da: c:\users\Cornel\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1168091379-3614658151-3052711099-500
c:\$recycle.bin\S-1-5-21-1664028528-520582152-236142748-500
c:\$recycle.bin\S-1-5-21-195633842-3792598264-2976810302-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2458356652-872214431-3708232190-500
c:\users\Cornel\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-11-08 al 2009-12-08 )))))))))))))))))))))))))))))))))))
.

2009-12-08 07:47 . 2009-12-08 07:47 -------- d-----w- c:\users\Cornel\AppData\Local\temp
2009-12-07 05:39 . 2009-12-07 05:39 -------- d-----w- c:\users\Cornel\AppData\Roaming\Malwarebytes
2009-12-07 05:39 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 05:39 . 2009-12-07 05:39 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 05:39 . 2009-12-07 05:39 -------- d-----w- c:\programdata\Malwarebytes
2009-12-07 05:39 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-06 10:03 . 2009-12-06 10:09 117760 ----a-w- c:\users\Cornel\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-06 10:01 . 2009-12-06 10:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-06 10:01 . 2009-12-06 10:01 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-12-06 10:01 . 2009-12-06 10:01 -------- d-----w- c:\users\Cornel\AppData\Roaming\SUPERAntiSpyware.com
2009-12-03 19:58 . 2009-12-03 19:58 -------- d-----w- c:\program files\Trend Micro
2009-12-02 20:41 . 2009-12-02 20:41 -------- d-----w- c:\program files\Common Files\Skype
2009-12-02 19:34 . 2009-12-05 19:53 4096 d-----w- c:\programdata\Kaspersky Lab
2009-12-02 19:10 . 2009-12-02 19:10 -------- d-----w- c:\programdata\XHEO INC
2009-12-02 19:10 . 2009-12-02 19:10 -------- d-----w- c:\users\Cornel\AppData\Local\IsolatedStorage
2009-12-02 19:09 . 2009-12-02 19:09 -------- d-----w- c:\program files\RVG Software
2009-11-30 18:33 . 2009-12-08 06:08 8192 d-----w- c:\program files\Full Tilt Poker
2009-11-30 08:58 . 2009-11-30 12:11 4096 d-----w- c:\programdata\NOS
2009-11-25 18:27 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 17:54 . 2009-11-25 17:54 -------- d-----w- c:\users\Cornel\AppData\Local\LogMeIn
2009-11-25 17:54 . 2009-11-25 17:54 -------- d-----w- c:\programdata\LogMeIn
2009-11-25 17:54 . 2009-09-28 18:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2009-11-25 17:54 . 2009-09-28 18:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-11-25 17:54 . 2009-09-28 18:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-11-25 17:54 . 2008-08-11 11:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-11-25 17:54 . 2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-11-25 17:54 . 2009-12-08 07:35 8192 d-----w- c:\program files\LogMeIn
2009-11-25 17:26 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 17:26 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 23:37 . 2009-11-24 23:37 -------- d-----w- c:\users\Cornel\AppData\Local\Blizzard Entertainment
2009-11-24 23:26 . 2009-12-07 19:47 -------- d-----w- c:\users\Cornel\Tracing
2009-11-24 23:25 . 2009-11-24 23:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-24 23:25 . 2009-11-24 23:25 -------- d-----w- c:\program files\Microsoft
2009-11-24 23:24 . 2009-11-24 23:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-21 11:30 . 2009-11-21 11:30 -------- d-----w- c:\windows\nvtmpinst
2009-11-21 11:05 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-11-21 02:01 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-21 02:01 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-18 02:18 . 2009-11-18 02:18 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 02:02 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 02:02 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 02:02 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 02:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 02:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-18 02:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-16 21:53 . 2009-11-25 18:32 4096 d-----w- c:\users\Cornel\AppData\Local\LogMeIn Hamachi
2009-11-16 21:53 . 2009-11-16 21:53 4096 d-----w- c:\program files\LogMeIn Hamachi
2009-11-16 20:49 . 2009-11-16 21:53 4096 d-----w- c:\users\Cornel\AppData\Roaming\Hamachi
2009-11-15 18:21 . 2009-11-15 18:21 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-14 13:13 . 2009-11-14 13:13 -------- d-----w- c:\programdata\vsosdk
2009-11-13 17:45 . 2009-11-13 17:45 102960 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-11 21:59 . 2009-11-11 22:02 -------- d-----w- c:\users\Cornel\AppData\Roaming\VirtuaWin
2009-11-11 21:09 . 2009-11-11 21:09 -------- d-----w- c:\users\Cornel\AppData\Local\Z-Systems
2009-11-11 18:45 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 18:45 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 07:33 . 2008-02-04 12:13 1473 ----a-w- c:\windows\bthservsdp.dat
2009-12-08 07:33 . 2008-08-07 17:06 4096 d-----w- c:\users\Cornel\AppData\Roaming\Free Download Manager
2009-12-07 05:10 . 2008-06-25 21:52 4096 d-----w- c:\users\Cornel\AppData\Roaming\Skype
2009-12-06 23:00 . 2008-06-25 21:54 4096 d-----w- c:\users\Cornel\AppData\Roaming\skypePM
2009-12-06 10:00 . 2008-06-25 22:06 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-04 13:09 . 2008-09-15 19:26 31966 ----a-w- c:\programdata\nvModes.dat
2009-12-02 20:41 . 2008-06-25 21:52 -------- d-----r- c:\program files\Skype
2009-12-02 20:41 . 2008-06-25 21:52 4096 d-----w- c:\programdata\Skype
2009-11-30 17:57 . 2008-06-13 09:19 20480 d--h--w- c:\program files\InstallShield Installation Information
2009-11-24 23:26 . 2008-07-18 20:20 4096 d-----w- c:\program files\Windows Live
2009-11-21 18:37 . 2009-04-04 17:38 -------- d-----w- c:\programdata\KONAMI
2009-11-21 15:29 . 2008-06-23 20:33 4096 d-----w- c:\program files\Ubisoft
2009-11-21 11:33 . 2008-09-15 17:09 1356 ----a-w- c:\users\Cornel\AppData\Local\d3d9caps.dat
2009-11-21 11:33 . 2008-06-13 09:18 -------- d-----w- c:\programdata\NVIDIA
2009-11-19 22:14 . 2009-07-08 18:51 8192 d-----w- c:\program files\PokerStars.IT
2009-11-18 02:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 02:17 . 2009-11-18 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 02:17 . 2009-11-18 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-12 18:14 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-10 03:31 . 2008-06-23 18:46 16384 d-----w- c:\users\Cornel\AppData\Roaming\Azureus
2009-11-09 17:29 . 2008-06-23 18:43 4096 d-----w- c:\program files\Java
2009-11-07 08:03 . 2008-06-25 20:14 -------- d-----w- c:\users\Cornel\AppData\Roaming\Vso
2009-11-07 08:03 . 2009-11-07 07:39 8192 d-----w- c:\program files\DVDFab 6
2009-11-07 07:39 . 2008-06-25 20:14 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-07 07:39 . 2008-06-25 20:14 47360 ----a-w- c:\users\Cornel\AppData\Roaming\pcouffin.sys
2009-11-07 07:39 . 2008-06-25 20:14 47360 ----a-w- c:\users\Cornel\AppData\Roaming\pcouffin.sys
2009-11-06 19:41 . 2009-05-23 10:50 4096 d-----w- c:\program files\CalculatemPro
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 19:42 . 2009-10-02 18:48 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-30 23:01 . 2009-10-30 23:01 -------- d-----w- c:\users\Cornel\AppData\Roaming\Megaupload
2009-10-21 17:56 . 2009-10-21 17:56 -------- d-----w- c:\users\Cornel\AppData\Roaming\Anonymizer
2009-10-21 17:55 . 2009-10-21 17:55 -------- d-----w- c:\programdata\Anonymizer
2009-10-17 17:42 . 2009-01-02 20:18 176 ----a-w- c:\users\Cornel\AppData\Roaming\Azureus\restart.bat
2009-10-15 00:26 . 2008-09-02 22:06 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-11 03:17 . 2009-01-22 22:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-05 00:55 . 2009-05-27 22:53 6516755 ----a-w- c:\users\Cornel\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-10-05 00:55 . 2009-05-27 22:53 4141117 ----a-w- c:\users\Cornel\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2009-10-05 00:50 . 2009-06-09 22:32 10686001 ----a-w- c:\users\Cornel\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-10-01 01:02 . 2009-11-18 02:01 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 02:01 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 02:01 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 02:01 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 02:01 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 02:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 02:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 02:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 02:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 02:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 02:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 02:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 02:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 02:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 02:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-18 02:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-18 02:01 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 02:01 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 02:01 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 02:01 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 02:01 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 02:01 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 02:01 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 02:01 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 02:01 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 02:01 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-18 02:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-18 02:01 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-18 02:01 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-18 02:01 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-18 02:01 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-18 02:01 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-18 02:01 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-18 02:01 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-18 02:01 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-18 02:01 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-18 02:01 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-18 02:01 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-18 02:01 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-18 02:01 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-18 02:01 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-18 02:01 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-18 02:01 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-23 08:41 . 2009-09-23 08:41 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2009-09-14 09:29 . 2009-10-14 23:10 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 23:12 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-28 17:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-10-28 17:37 310784 ----a-w- c:\windows\system32\unregmp2.exe
2008-06-23 22:12 . 2008-06-23 22:10 24 --sha-w- c:\windows\SD655B537(382).tmp
2008-06-23 22:12 . 2008-06-23 22:10 24 --sha-w- c:\windows\SD655B537(40).tmp
2008-06-23 22:12 . 2008-06-23 22:10 24 --sh--w- c:\windows\SD655B537.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Free Download Manager "= "c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"CurseClient "= "c:\program files\Curse\CurseClient.exe" [2009-06-09 1934336]
"ISUSPM "= "c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"FunctionKeyCtrl "= "c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-17 91432]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel "= "Skytel.exe" [2007-11-20 1826816]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SteelSeries World of Warcraft MMO Gaming Mouse "= "c:\program files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe" [2009-05-13 414720]
"Zboard "= "c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"RoxioDragToDisc "= "c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-11 1687552]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-11 163840]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-09-12 13589024]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-09-12 92704]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-23 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^nero.vbs]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\nero.vbs
backup=c:\windows\pss\nero.vbs.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-10-28 08:35 72736 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):f3,5c,da,98,68,2b,ca,01

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8.43.30 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8.43.28 74480]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12.27.54 1074568]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 12.41.00 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [25/11/2009 18.54.32 47640]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 19.09.28 11032]
R3 CXSONORA;AVerMedia 23885 AvStream Video Capture;c:\windows\System32\drivers\A885VCap.sys [13/06/2008 10.26.58 736000]
R3 Mo3Fltr;MMO Mouse;c:\windows\System32\drivers\Mo3Fltr.sys [10/06/2009 21.20.24 11136]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [23/06/2008 21.26.54 717296]
S2 Apache2.2;Apache2.2; [x]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\SupportAppXL\cdrom_mon.exe [02/06/2008 23.26.36 81920]
S2 wwanSvc;wwanSvc;c:\program files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe [15/10/2008 7.23.28 106496]
S3 b57nd60x;%SvcDispName%;c:\windows\System32\drivers\b57nd60x.sys [31/03/2008 11.19.50 179712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [31/03/2008 11.19.28 21504]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\System32\drivers\ONDAusbmdm6k.sys [25/12/2008 0.34.54 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\System32\drivers\ONDAusbnet.sys [25/12/2008 0.34.54 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\System32\drivers\ONDAusbnmea.sys [25/12/2008 0.34.54 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\System32\drivers\ONDAusbser6k.sys [25/12/2008 0.34.54 104960]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\System32\drivers\RTL85n86.sys [02/11/2006 11.25.18 311808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8.43.30 7408]
S3 seu3bus;Sony Ericsson MD400g Mobile Broadband Composite Device driver (WDM);c:\windows\System32\drivers\seu3bus.sys [29/03/2009 2.36.05 307200]
S3 seu3card;Sony Ericsson MD400g Device Mgmt;c:\windows\System32\drivers\seu3card.sys [29/03/2009 2.35.55 380800]
S3 seu3mdfl;Sony Ericsson MD400g Mobile Broadband Modem Filter;c:\windows\System32\drivers\seu3mdfl.sys [29/03/2009 2.35.47 14976]
S3 seu3mdfl2;Sony Ericsson MD400g Mobile Broadband Data Modem Filter;c:\windows\System32\drivers\seu3mdfl2.sys [29/03/2009 2.35.58 14976]
S3 seu3mdm;Sony Ericsson MD400g Mobile Broadband Modem Driver;c:\windows\System32\drivers\seu3mdm.sys [29/03/2009 2.35.47 389376]
S3 seu3mdm2;Sony Ericsson MD400g Mobile Broadband Data Modem Driver;c:\windows\System32\drivers\seu3mdm2.sys [29/03/2009 2.35.58 434176]
S3 seu3nd5;Sony Ericsson MD400g Mobile Broadband Network Adapter (NDIS);c:\windows\System32\drivers\seu3nd5.sys [29/03/2009 2.35.52 25984]
S3 seu3unic;Sony Ericsson MD400g Mobile Broadband Network Adapter (WDM);c:\windows\System32\drivers\seu3unic.sys [29/03/2009 2.35.57 405504]
S3 Sony_EricssonWWSC;Sony Ericsson PC SC Port;c:\windows\System32\drivers\seu3scard.sys [29/03/2009 2.35.59 24232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.alienware.co.uk/Mothership?Comp=AWEU&SysCode=PC-EU-LT-A51M9750&ai=636E3D4532343139343726706F3D4532313631383341
uInternet Settings,ProxyOverride = *.local
IE: Scarica con Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-PlayNC Launcher - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 08:47
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1664028528-520582152-236142748-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:62,30,b5,a0,8c,44,af,87,78,6a,ac,32,a8,dd,16,52,ec,97,38,03,b4,80,b8,
d2,4f,9d,7d,01,36,50,ab,7f,31,83,19,08,80,00,73,62,4d,d3,c8,74,2e,06,6b,78,\
"?? "=hex:26,da,b5,f6,ac,4a,9b,d9,7d,a7,57,71,92,14,48,30

[HKEY_USERS\S-1-5-21-1664028528-520582152-236142748-1000\Software\SecuROM\License information*]
"datasecu "=hex:24,2a,11,51,08,2a,5f,05,12,27,e0,4e,3d,2a,2a,22,0d,22,fb,ce,26,
06,83,66,87,71,c7,a2,09,17,83,5a,aa,c9,40,2f,b2,26,2c,f0,06,0a,73,0a,71,e1,\
"rkeysecu "=hex:d3,6e,eb,3a,e9,35,b8,a8,5d,e0,e4,df,c7,b5,6c,79

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Ora fine scansione: 2009-12-08 08:49
ComboFix-quarantined-files.txt 2009-12-08 07:49

Pre-Run: 20.137.951.232 bytes free
Post-Run: 20.079.169.536 bytes free

- - End Of File - - FF6E9D55470619AA5B6D085FA785CCD5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.55.44, on 08/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.co.uk/Mothersh...=636E3D4532343139343726706F3D4532313631383341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - SlySoft, Inc. - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: wwanSvc - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

--
End of file - 10151 bytes

broni · 2009/12/08

I don't see any antivirus program running on your computer. Why is that?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\programdata\Kaspersky Lab
c:\windows\SD655B537(382).tmp
c:\windows\SD655B537(40).tmp
c:\windows\SD655B537.tmp


Folder::

Driver::
Apache2.2


Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

bubi · 2009/12/09

Antivirus had to remove it on using Superantispyware , they get in conflict.
Reinstalled.
Here are the logs:

ComboFix 09-12-07.07 - Cornel 09/12/2009 20.15.45.2.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.39.1033.18.2815.1918 [GMT 1:00]
Eseguito da: c:\users\Cornel\Downloads\ComboFix.exe
Opzioni usate :: c:\users\Cornel\Downloads\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Apache2.2

((((((((((((((((((((((((( Files Creati Da 2009-11-09 al 2009-12-09 )))))))))))))))))))))))))))))))))))
.

2009-12-09 19:28 . 2009-12-09 19:31 -------- d-----w- c:\users\Cornel\AppData\Local\temp
2009-12-09 19:28 . 2009-12-09 19:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-09 19:28 . 2009-12-09 19:28 -------- d-----w- c:\users\postgres\AppData\Local\temp
2009-12-09 19:28 . 2009-12-09 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-09 18:56 . 2009-12-09 18:56 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-09 18:56 . 2009-12-09 18:56 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-09 18:52 . 2009-12-09 18:52 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-09 18:52 . 2009-12-09 18:52 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-09 18:50 . 2009-12-09 18:50 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-09 18:44 . 2009-12-09 18:44 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-09 05:24 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 05:24 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 05:24 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 00:14 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-07 05:39 . 2009-12-07 05:39 -------- d-----w- c:\users\Cornel\AppData\Roaming\Malwarebytes
2009-12-07 05:39 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 05:39 . 2009-12-07 05:39 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 05:39 . 2009-12-07 05:39 -------- d-----w- c:\programdata\Malwarebytes
2009-12-07 05:39 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-06 10:03 . 2009-12-06 10:09 117760 ----a-w- c:\users\Cornel\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-06 10:01 . 2009-12-06 10:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-06 10:01 . 2009-12-09 18:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-06 10:01 . 2009-12-06 10:01 -------- d-----w- c:\users\Cornel\AppData\Roaming\SUPERAntiSpyware.com
2009-12-03 19:58 . 2009-12-03 19:58 -------- d-----w- c:\program files\Trend Micro
2009-12-02 20:41 . 2009-12-02 20:41 -------- d-----w- c:\program files\Common Files\Skype
2009-12-02 19:34 . 2009-12-09 19:32 4096 d-----w- c:\programdata\Kaspersky Lab
2009-12-02 19:10 . 2009-12-02 19:10 -------- d-----w- c:\programdata\XHEO INC
2009-12-02 19:10 . 2009-12-02 19:10 -------- d-----w- c:\users\Cornel\AppData\Local\IsolatedStorage
2009-12-02 19:09 . 2009-12-02 19:09 -------- d-----w- c:\program files\RVG Software
2009-11-30 18:33 . 2009-12-09 13:09 8192 d-----w- c:\program files\Full Tilt Poker
2009-11-30 08:58 . 2009-11-30 12:11 4096 d-----w- c:\programdata\NOS
2009-11-25 18:27 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 17:54 . 2009-11-25 17:54 -------- d-----w- c:\users\Cornel\AppData\Local\LogMeIn
2009-11-25 17:54 . 2009-11-25 17:54 -------- d-----w- c:\programdata\LogMeIn
2009-11-25 17:54 . 2009-09-28 18:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2009-11-25 17:54 . 2009-09-28 18:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-11-25 17:54 . 2009-09-28 18:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-11-25 17:54 . 2008-08-11 11:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-11-25 17:54 . 2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-11-25 17:54 . 2009-12-09 05:19 8192 d-----w- c:\program files\LogMeIn
2009-11-25 17:26 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 17:26 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 23:37 . 2009-11-24 23:37 -------- d-----w- c:\users\Cornel\AppData\Local\Blizzard Entertainment
2009-11-24 23:26 . 2009-12-09 18:55 -------- d-----w- c:\users\Cornel\Tracing
2009-11-24 23:25 . 2009-11-24 23:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-24 23:25 . 2009-11-24 23:25 -------- d-----w- c:\program files\Microsoft
2009-11-24 23:24 . 2009-11-24 23:24 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-21 11:30 . 2009-11-21 11:30 -------- d-----w- c:\windows\nvtmpinst
2009-11-21 02:01 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-21 02:01 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-18 02:18 . 2009-11-18 02:18 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 02:02 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 02:02 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 02:02 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 02:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 02:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-18 02:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-16 21:53 . 2009-11-25 18:32 -------- d-----w- c:\users\Cornel\AppData\Local\LogMeIn Hamachi
2009-11-16 21:53 . 2009-11-16 21:53 4096 d-----w- c:\program files\LogMeIn Hamachi
2009-11-16 20:49 . 2009-11-16 21:53 -------- d-----w- c:\users\Cornel\AppData\Roaming\Hamachi
2009-11-15 18:21 . 2009-11-15 18:21 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-14 13:13 . 2009-11-14 13:13 -------- d-----w- c:\programdata\vsosdk
2009-11-14 13:06 . 2009-11-14 13:06 59976 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-11-13 17:45 . 2009-11-13 17:45 102960 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-11 21:59 . 2009-11-11 22:02 -------- d-----w- c:\users\Cornel\AppData\Roaming\VirtuaWin
2009-11-11 21:09 . 2009-11-11 21:09 -------- d-----w- c:\users\Cornel\AppData\Local\Z-Systems
2009-11-11 18:45 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 18:45 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 19:35 . 2008-08-07 17:06 4096 d-----w- c:\users\Cornel\AppData\Roaming\Free Download Manager
2009-12-09 19:28 . 2008-02-04 12:13 1473 ----a-w- c:\windows\bthservsdp.dat
2009-12-09 18:45 . 2008-06-25 22:06 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-09 08:45 . 2008-09-15 19:26 31966 ----a-w- c:\programdata\nvModes.dat
2009-12-09 05:41 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-12-09 01:14 . 2008-06-25 21:52 4096 d-----w- c:\users\Cornel\AppData\Roaming\Skype
2009-12-09 01:13 . 2008-06-25 21:54 -------- d-----w- c:\users\Cornel\AppData\Roaming\skypePM
2009-12-02 20:41 . 2008-06-25 21:52 -------- d-----r- c:\program files\Skype
2009-12-02 20:41 . 2008-06-25 21:52 4096 d-----w- c:\programdata\Skype
2009-11-30 17:57 . 2008-06-13 09:19 20480 d--h--w- c:\program files\InstallShield Installation Information
2009-11-24 23:26 . 2008-07-18 20:20 4096 d-----w- c:\program files\Windows Live
2009-11-21 18:37 . 2009-04-04 17:38 -------- d-----w- c:\programdata\KONAMI
2009-11-21 15:29 . 2008-06-23 20:33 4096 d-----w- c:\program files\Ubisoft
2009-11-21 11:33 . 2008-09-15 17:09 1356 ----a-w- c:\users\Cornel\AppData\Local\d3d9caps.dat
2009-11-21 11:33 . 2008-06-13 09:18 -------- d-----w- c:\programdata\NVIDIA
2009-11-21 06:40 . 2009-12-09 00:13 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 00:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 00:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 00:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 22:14 . 2009-07-08 18:51 8192 d-----w- c:\program files\PokerStars.IT
2009-11-18 02:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 02:17 . 2009-11-18 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 02:17 . 2009-11-18 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-10 03:31 . 2008-06-23 18:46 16384 d-----w- c:\users\Cornel\AppData\Roaming\Azureus
2009-11-09 17:29 . 2008-06-23 18:43 4096 d-----w- c:\program files\Java
2009-11-07 08:03 . 2008-06-25 20:14 -------- d-----w- c:\users\Cornel\AppData\Roaming\Vso
2009-11-07 08:03 . 2009-11-07 07:39 8192 d-----w- c:\program files\DVDFab 6
2009-11-07 07:39 . 2008-06-25 20:14 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-07 07:39 . 2008-06-25 20:14 47360 ----a-w- c:\users\Cornel\AppData\Roaming\pcouffin.sys
2009-11-07 07:39 . 2008-06-25 20:14 47360 ----a-w- c:\users\Cornel\AppData\Roaming\pcouffin.sys
2009-11-06 19:41 . 2009-05-23 10:50 4096 d-----w- c:\program files\CalculatemPro
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-03 15:33 . 2009-11-03 15:33 21520 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-11-02 19:42 . 2009-10-02 18:48 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 17:05 . 2009-11-02 17:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 17:05 . 2009-11-02 17:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-30 23:01 . 2009-10-30 23:01 -------- d-----w- c:\users\Cornel\AppData\Roaming\Megaupload
2009-10-21 17:56 . 2009-10-21 17:56 -------- d-----w- c:\users\Cornel\AppData\Roaming\Anonymizer
2009-10-21 17:55 . 2009-10-21 17:55 -------- d-----w- c:\programdata\Anonymizer
2009-10-20 18:34 . 2009-10-20 18:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-17 17:42 . 2009-01-02 20:18 176 ----a-w- c:\users\Cornel\AppData\Roaming\Azureus\restart.bat
2009-10-15 00:26 . 2008-09-02 22:06 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-14 19:18 . 2009-10-14 19:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-11 03:17 . 2009-01-22 22:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 11:36 . 2009-12-09 00:13 243712 ----a-w- c:\windows\system32\rastls.dll
2009-10-05 00:55 . 2009-05-27 22:53 6516755 ----a-w- c:\users\Cornel\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-10-05 00:55 . 2009-05-27 22:53 4141117 ----a-w- c:\users\Cornel\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2009-10-05 00:50 . 2009-06-09 22:32 10686001 ----a-w- c:\users\Cornel\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-10-02 17:39 . 2009-10-02 17:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-10-01 01:02 . 2009-11-18 02:01 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 02:01 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 02:01 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 02:01 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 02:01 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 02:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 02:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 02:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 02:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 02:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 02:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 02:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 02:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 02:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 02:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-18 02:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-18 02:01 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 02:01 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 02:01 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 02:01 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 02:01 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 02:01 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 02:01 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 02:01 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 02:01 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 02:01 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-18 02:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-18 02:01 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-18 02:01 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-18 02:01 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-18 02:01 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-18 02:01 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-18 02:01 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-18 02:01 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-18 02:01 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-18 02:01 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-18 02:01 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-18 02:01 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-18 02:01 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-18 02:01 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-18 02:01 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-18 02:01 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-18 02:01 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-23 08:41 . 2009-09-23 08:41 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2009-09-14 09:29 . 2009-10-14 23:10 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2008-06-23 22:12 . 2008-06-23 22:10 24 --sha-w- c:\windows\SD655B537(382).tmp
2008-06-23 22:12 . 2008-06-23 22:10 24 --sha-w- c:\windows\SD655B537(40).tmp
2008-06-23 22:12 . 2008-06-23 22:10 24 --sh--w- c:\windows\SD655B537.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Free Download Manager "= "c:\program files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"CurseClient "= "c:\program files\Curse\CurseClient.exe" [2009-06-09 1934336]
"ISUSPM "= "c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"FunctionKeyCtrl "= "c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-17 91432]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel "= "Skytel.exe" [2007-11-20 1826816]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SteelSeries World of Warcraft MMO Gaming Mouse "= "c:\program files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe" [2009-05-13 414720]
"Zboard "= "c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"RoxioDragToDisc "= "c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-11 1687552]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-11 163840]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-09-12 13589024]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-09-12 92704]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"AVP "= "c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-23 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^nero.vbs]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\nero.vbs
backup=c:\windows\pss\nero.vbs.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-10-28 08:35 72736 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):f3,5c,da,98,68,2b,ca,01

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [14/10/2009 20.18.34 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [03/11/2009 16.33.40 21520]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12.27.54 1074568]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/08/2008 12.41.00 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [25/11/2009 18.54.32 47640]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 19.09.28 11032]
R3 CXSONORA;AVerMedia 23885 AvStream Video Capture;c:\windows\System32\drivers\A885VCap.sys [13/06/2008 10.26.58 736000]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [02/10/2009 18.39.36 19472]
R3 Mo3Fltr;MMO Mouse;c:\windows\System32\drivers\Mo3Fltr.sys [10/06/2009 21.20.24 11136]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\System32\SupportAppXL\cdrom_mon.exe [02/06/2008 23.26.36 81920]
S2 wwanSvc;wwanSvc;c:\program files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe [15/10/2008 7.23.28 106496]
S3 b57nd60x;%SvcDispName%;c:\windows\System32\drivers\b57nd60x.sys [31/03/2008 11.19.50 179712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [31/03/2008 11.19.28 21504]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\System32\drivers\ONDAusbmdm6k.sys [25/12/2008 0.34.54 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\System32\drivers\ONDAusbnet.sys [25/12/2008 0.34.54 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\System32\drivers\ONDAusbnmea.sys [25/12/2008 0.34.54 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\System32\drivers\ONDAusbser6k.sys [25/12/2008 0.34.54 104960]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\System32\drivers\RTL85n86.sys [02/11/2006 11.25.18 311808]
S3 seu3bus;Sony Ericsson MD400g Mobile Broadband Composite Device driver (WDM);c:\windows\System32\drivers\seu3bus.sys [29/03/2009 2.36.05 307200]
S3 seu3card;Sony Ericsson MD400g Device Mgmt;c:\windows\System32\drivers\seu3card.sys [29/03/2009 2.35.55 380800]
S3 seu3mdfl;Sony Ericsson MD400g Mobile Broadband Modem Filter;c:\windows\System32\drivers\seu3mdfl.sys [29/03/2009 2.35.47 14976]
S3 seu3mdfl2;Sony Ericsson MD400g Mobile Broadband Data Modem Filter;c:\windows\System32\drivers\seu3mdfl2.sys [29/03/2009 2.35.58 14976]
S3 seu3mdm;Sony Ericsson MD400g Mobile Broadband Modem Driver;c:\windows\System32\drivers\seu3mdm.sys [29/03/2009 2.35.47 389376]
S3 seu3mdm2;Sony Ericsson MD400g Mobile Broadband Data Modem Driver;c:\windows\System32\drivers\seu3mdm2.sys [29/03/2009 2.35.58 434176]
S3 seu3nd5;Sony Ericsson MD400g Mobile Broadband Network Adapter (NDIS);c:\windows\System32\drivers\seu3nd5.sys [29/03/2009 2.35.52 25984]
S3 seu3unic;Sony Ericsson MD400g Mobile Broadband Network Adapter (WDM);c:\windows\System32\drivers\seu3unic.sys [29/03/2009 2.35.57 405504]
S3 Sony_EricssonWWSC;Sony Ericsson PC SC Port;c:\windows\System32\drivers\seu3scard.sys [29/03/2009 2.35.59 24232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.alienware.co.uk/Mothership?Comp=AWEU&SysCode=PC-EU-LT-A51M9750&ai=636E3D4532343139343726706F3D4532313631383341
uInternet Settings,ProxyOverride = *.local
IE: Scarica con Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 20:37
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1664028528-520582152-236142748-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:62,30,b5,a0,8c,44,af,87,78,6a,ac,32,a8,dd,16,52,ec,97,38,03,b4,80,b8,
d2,4f,9d,7d,01,36,50,ab,7f,31,83,19,08,80,00,73,62,4d,d3,c8,74,2e,06,6b,78,\
"?? "=hex:26,da,b5,f6,ac,4a,9b,d9,7d,a7,57,71,92,14,48,30

[HKEY_USERS\S-1-5-21-1664028528-520582152-236142748-1000\Software\SecuROM\License information*]
"datasecu "=hex:24,2a,11,51,08,2a,5f,05,12,27,e0,4e,3d,2a,2a,22,0d,22,fb,ce,26,
06,83,66,87,71,c7,a2,09,17,83,5a,aa,c9,40,2f,b2,26,2c,f0,06,0a,73,0a,71,e1,\
"rkeysecu "=hex:d3,6e,eb,3a,e9,35,b8,a8,5d,e0,e4,df,c7,b5,6c,79

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3252)
c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-09 20:40 - Il pc Ã¨ stato riavviato
ComboFix-quarantined-files.txt 2009-12-09 19:40
ComboFix2.txt 2009-12-08 07:49

Pre-Run: 19.126.874.112 bytes free
Post-Run: 19.092.697.088 bytes free

- - End Of File - - 4FD3AC9581EF7544AB85230B43CDED50

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.43.15, on 09/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Function Key Controller\FKC.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Curse\CurseClient.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.co.uk/Mothersh...=636E3D4532343139343726706F3D4532313631383341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: wwanSvc - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

--
End of file - 11957 bytes

broni · 2009/12/09

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Restart computer.

================================================================

Disable Windows Defender, as it'll interfere with cleaning process:
- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

=============================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
- O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
- O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
- O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
- O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
- O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
- O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

bubi · 2009/12/10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.18.05, on 10/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Function Key Controller\FKC.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.co.uk/Mothersh...=636E3D4532343139343726706F3D4532313631383341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe "
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe "
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Default user')
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: wwanSvc - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson MD400 Wireless Modem\wwanSvc.exe

--
End of file - 10984 bytes

broni · 2009/12/10

Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

[SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Please, let me know, how is your computer doing.

Log in or Sign up

Active Freezing pc

bubi Inactive Thread Starter

broni Moderator Malware Analyst

bubi Inactive Thread Starter

broni Moderator Malware Analyst

bubi Inactive Thread Starter

bubi Inactive Thread Starter

bubi Inactive Thread Starter

broni Moderator Malware Analyst

bubi Inactive Thread Starter

broni Moderator Malware Analyst

bubi Inactive Thread Starter

broni Moderator Malware Analyst

bubi Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Freezing pc

bubi Inactive Thread Starter

broni Moderator Malware Analyst

bubi Inactive Thread Starter

broni Moderator Malware Analyst

bubi Inactive Thread Starter

bubi Inactive Thread Starter

bubi Inactive Thread Starter

broni Moderator Malware Analyst

bubi Inactive Thread Starter

broni Moderator Malware Analyst

bubi Inactive Thread Starter

broni Moderator Malware Analyst

bubi Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches