TechSpot

[Closed] Win32:malware-gen

By MoonMoon
Aug 6, 2012
Topic Status:
Not open for further replies.
  1. when I run steam it updates till 99% then avg founds this malware win32:malware-gen... I downloaded several anti malware programs but none of them found it...I tried for abou 2-3 hours to delete it but I couldnt...now the thing is that steam start without any problems...now avg free cant find it aswell...did the malware vanished on his own ? :) best regards!
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 5-Step removal instructions and post the logs back here for my review.
  3. MoonMoon

    MoonMoon TS Rookie Topic Starter

    Malwarebytes Anti-Malware (PRO) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.06.09

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Moonraine :: MOONRAINE-PC [administrator]

    Protection: Disabled

    06/08/2012 23:40:19
    mbam-log-2012-08-06 (23-40-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 197269
    Time elapsed: 2 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    -------------------------------------------------------------------------------------------------------------------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1
    Run by Moonraine at 23:56:57 on 2012-08-06
    Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1033.18.4093.1949 [GMT 2:00]
    .
    AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
    C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    E:\Games\Smite\HiPatchService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\HsMgr.exe
    C:\Windows\system\HsMgr64.exe
    C:\Windows\SysWOW64\XSrvSetup.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\WireHelpSvc.exe
    E:\Games\Steam\Steam.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.ro
    uStart Page = hxxp://cool-itv.net
    uSearch Bar = hxxp://www.google.ro
    mDefault_Search_URL = hxxp://www.google.ro
    mSearch Page = hxxp://www.google.ro
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.ro
    mSearchAssistant =
    mCustomizeSearch = hxxp://www.google.ro
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
    uRun: [<NO NAME>]
    uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [Steam] "E:\Games\Steam\Steam.exe" -silent
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
    IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
    TCP: Interfaces\{B1798527-C644-40CB-BD00-DF8FFC71EDAF} : DhcpNameServer = 62.101.93.101 83.103.25.250
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO-X64: Browser Guard BHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB-X64: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
    mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    Hosts: 255.255.255.255 easyanticheat.se # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
    Hosts: 255.255.255.255 easyanticheat.com # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
    Hosts: 255.255.255.255 easyanticheat.info # misleading site
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Moonraine\AppData\Roaming\Mozilla\Firefox\Profiles\chrmvr3o.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage -
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Games\Smite\HiPatchService.exe [2012-7-21 8704]
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
    R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
    R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
    R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
    R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
    R0 TFSysMon;TFSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
    R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
    R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
    R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]
    R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-3-9 361984]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-5 44808]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-8-6 133912]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2012-3-28 219360]
    R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-8-6 575448]
    R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-3-28 68136]
    R2 ESLWireAC;ESLWireAC;\??\C:\Windows\system32\drivers\ESLWireACD.sys --> C:\Windows\system32\drivers\ESLWireACD.sys [?]
    R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2012-3-28 72304]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-6 655944]
    R2 WireHelpSvc;WireHelpSvc;C:\Program Files\Common Files\WireHelpSvc.exe [2012-4-11 168864]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 busenum;SteelBusSvc;C:\Windows\system32\DRIVERS\SteelBus64.sys --> C:\Windows\system32\DRIVERS\SteelBus64.sys [?]
    R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;C:\Windows\system32\DRIVERS\ESLvnic.sys --> C:\Windows\system32\DRIVERS\ESLvnic.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SAlphamHid;SteelHIDSvc;C:\Windows\system32\DRIVERS\SAlpham64.sys --> C:\Windows\system32\DRIVERS\SAlpham64.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 ASUSU1;ASUS Xonar U3 Audio Interface;C:\Windows\system32\drivers\cm11264.sys --> C:\Windows\system32\drivers\cm11264.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
    S3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
    S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-8-6 402368]
    S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2012-8-6 1118680]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
    S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-06 17:06:29 706776 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
    2012-08-06 17:06:29 65664 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
    2012-08-06 17:06:29 41968 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
    2012-08-06 17:04:28 85224 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys
    2012-08-06 17:04:27 767960 ----a-w- C:\Windows\BDTSupport.dll
    2012-08-06 17:04:26 2267096 ----a-w- C:\Windows\PCTBDCore.dll
    2012-08-06 17:04:26 1689560 ----a-w- C:\Windows\PCTBDRes.dll
    2012-08-06 17:04:26 149464 ----a-w- C:\Windows\SGDetectionTool.dll
    2012-08-06 17:04:06 341200 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
    2012-08-06 17:04:06 145464 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
    2012-08-06 17:04:04 14808 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
    2012-08-06 17:04:01 92928 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
    2012-08-06 17:03:51 -------- d-----w- C:\Program Files (x86)\PC Tools
    2012-08-06 16:56:45 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
    2012-08-06 16:56:45 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
    2012-08-06 16:56:43 426616 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
    2012-08-06 16:56:42 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2012-08-06 16:56:42 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-08-06 16:56:17 -------- d-----w- C:\Users\Moonraine\AppData\Roaming\TestApp
    2012-08-06 16:56:17 -------- d-----w- C:\ProgramData\PC Tools
    2012-08-06 16:51:35 -------- d-----w- C:\Users\Moonraine\AppData\Roaming\IObit
    2012-08-06 16:51:32 -------- d-----w- C:\Program Files (x86)\IObit
    2012-08-06 16:08:31 -------- d-----w- C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
    2012-08-06 15:44:43 -------- d-----w- C:\Windows\System32\appmgmt
    2012-08-06 14:09:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-06 14:09:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-06 13:48:51 -------- d-----w- C:\Program Files\Enigma Software Group
    2012-08-06 13:48:33 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
    2012-08-06 12:42:53 -------- d-----w- C:\Users\Moonraine\AppData\Roaming\Malwarebytes
    2012-08-06 12:42:30 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-06 11:05:27 142128 ----a-w- C:\Windows\System32\drivers\aswFW.sys
    2012-08-06 11:05:21 266776 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2012-08-06 11:05:20 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
    2012-08-06 11:05:20 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
    2012-07-28 14:56:17 -------- d-----w- C:\Users\Moonraine\AppData\Local\TomTom
    2012-07-28 14:56:14 -------- d-----w- C:\Program Files (x86)\TomTom International B.V
    2012-07-21 19:22:05 -------- d-----w- C:\Users\Moonraine\AppData\Local\Chromium
    2012-07-21 11:00:35 -------- d-----w- C:\ProgramData\Hi-Rez Studios
    2012-07-18 15:29:32 -------- d-----w- C:\Users\Moonraine\AppData\Local\NokiaAccount
    2012-07-18 15:15:14 -------- d-----w- C:\ProgramData\Nokia
    2012-07-18 15:14:27 -------- d-----w- C:\ProgramData\NokiaInstallerCache
    2012-07-18 14:33:50 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2012-07-18 14:33:40 73728 ----a-r- C:\Users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
    2012-07-18 14:33:40 73728 ----a-r- C:\Users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
    2012-07-18 14:33:40 53248 ----a-r- C:\Users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
    2012-07-18 14:33:40 49152 ----a-r- C:\Users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
    2012-07-18 14:33:40 49152 ----a-r- C:\Users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
    2012-07-18 14:33:39 -------- d-----w- C:\Users\Moonraine\AppData\Local\Nokia
    2012-07-18 14:25:29 -------- d-----w- C:\Program Files (x86)\Common Files\Nokia
    2012-07-18 14:25:25 26112 ----a-w- C:\Windows\System32\drivers\pccsmcfdx64.sys
    2012-07-18 14:25:21 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution
    2012-07-18 14:25:11 57856 ----a-w- C:\Windows\System32\nmwcdclsX64.dll
    2012-07-18 14:25:11 -------- d-----w- C:\Program Files (x86)\Nokia
    2012-07-17 21:47:10 -------- d-----w- C:\Users\Moonraine\AppData\Local\CutePDF Writer
    2012-07-17 21:46:19 -------- d-----w- C:\Program Files (x86)\GPLGS
    2012-07-17 21:45:15 86608 ----a-w- C:\Windows\System32\cpwmon64.dll
    2012-07-17 21:45:14 -------- d-----w- C:\Program Files (x86)\Acro Software
    .
    ==================== Find3M ====================
    .
    2012-08-06 20:14:51 25640 ----a-w- C:\Windows\gdrv.sys
    2012-07-26 22:29:02 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-26 22:29:02 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-11 17:54:04 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-11 17:54:04 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-09 17:59:32 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-07-06 13:35:44 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-07-04 18:09:34 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
    2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
    2012-06-16 21:54:20 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-01 05:14:01 3166792 ------w- C:\Windows\SysWow64\pbsvc.exe
    2012-01-24 11:50:46 168864 ----a-w- C:\Program Files\Common Files\WireHelpSvc.exe
    .
    ============= FINISH: 23:57:24,81 ===============

    ------------------------------------------------------------------------------------------------------------------------------------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 28/03/2012 09:54:45
    System Uptime: 06/08/2012 22:14:15 (1 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-890GPA-UD3H
    Processor: AMD Phenom(tm) II X6 1090T Processor | Socket M2 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 98 GiB total, 62,346 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 834 GiB total, 376,604 GiB free.
    F: is FIXED (NTFS) - 0 GiB total, 0,06 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP26: 28/07/2012 15:27:58 - Scheduled Checkpoint
    RP27: 05/08/2012 13:45:23 - Scheduled Checkpoint
    RP28: 06/08/2012 15:39:12 - Installed Steam
    RP29: 06/08/2012 15:48:36 - Installed SpyHunter
    RP30: 06/08/2012 17:44:19 - Removed SpyHunter
    RP31: 06/08/2012 17:45:24 - Installed SpyHunter
    RP32: 06/08/2012 18:08:18 - Removed SpyHunter
    RP33: 06/08/2012 22:11:34 - Removed IMinent Toolbar
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 255.255.255.255 easyanticheat.se # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
    Hosts: 255.255.255.255 easyanticheat.com # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
    Hosts: 255.255.255.255 easyanticheat.info # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.info # misleading site
    Hosts: 255.255.255.255 easyanticheat.org # misleading site
    Hosts: 255.255.255.255 www.easyanticheat.org # misleading site
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3) - Italiano
    AMD USB Filter Driver
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    µTorrent
    avast! Internet Security
    Blacklight: Retribution
    Browser Configuration Utility
    Browser Guard 4.0
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Counter-Strike
    Curse Client
    Diablo III
    Easy Burner
    EasySaver B9.1214.1
    Eligium
    Garena Plus
    Gigabyte Raid Configurer
    Hi-Rez Studios Authenticate and Update Service
    HydraVision
    Java Auto Updater
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft_VC100_CRT_SP1_x86
    Mozilla Firefox 14.0.1 (x86 it)
    Mozilla Maintenance Service
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 4.0 SP3 Parser
    NEC Electronics USB 3.0 Host Controller Driver
    Nokia Connectivity Cable Driver
    Nokia Software Updater
    Nokia Suite
    NVIDIA PhysX
    ON_OFF Charge B10.0409.1
    PC Connectivity Solution
    PC Tools Internet Security
    PunkBuster Services
    Realtek Ethernet Controller Driver For Windows 7
    Realtek HDMI Audio Driver for ATI
    Skype™ 5.8
    Smite Closed Beta
    SopCast Tv Plugin 5.8 Setup
    StarCraft II
    Steam
    TeamSpeak 3 Client
    Tom Clancy's Ghost Recon Future Soldier
    Ubisoft Game Launcher
    Visual Studio C++ 10.0 Runtime
    VLC media player 2.0.2
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    06/08/2012 22:16:27, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    06/08/2012 19:06:29, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    06/08/2012 19:05:31, Error: PCTCore [280] -
    06/08/2012 15:35:10, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    06/08/2012 15:35:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    06/08/2012 15:35:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    06/08/2012 15:35:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    06/08/2012 15:35:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    06/08/2012 15:35:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    06/08/2012 15:35:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    06/08/2012 15:34:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger aswFW aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    06/08/2012 15:34:52, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    06/08/2012 15:34:52, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    06/08/2012 15:34:52, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    06/08/2012 15:34:52, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    06/08/2012 15:34:52, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    06/08/2012 15:34:52, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    06/08/2012 15:34:52, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    06/08/2012 15:34:52, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    06/08/2012 15:34:52, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    06/08/2012 15:34:52, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    06/08/2012 15:34:04, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
    06/08/2012 15:34:04, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
    06/08/2012 15:34:01, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    06/08/2012 15:34:01, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
    06/08/2012 14:37:45, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    06/08/2012 14:36:51, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
    .
    ==== End Of File ===========================
  4. MoonMoon

    MoonMoon TS Rookie Topic Starter

    hello and thanks for the welcome sir!
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome...

    Please run the following:

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  6. MoonMoon

    MoonMoon TS Rookie Topic Starter

    undefinedComboFix 12-08-07.03 - Moonraine 07/08/2012 22:06:49.1.6 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1033.18.4093.2457 [GMT 2:00]
    Eseguito da: c:\users\Moonraine\Desktop\ComboFix.exe
    AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
    SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\default\us_sres.data
    c:\windows\SysWow64\Uninstall-TvPlugin-5.8
    .
    .
    ((((((((((((((((((((((((( Files Creati Da 2012-07-07 al 2012-08-07 )))))))))))))))))))))))))))))))))))
    .
    .
    2012-08-07 20:11 . 2012-08-07 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-07 15:53 . 2012-08-07 15:53 -------- d-----w- c:\users\Moonraine\AppData\Local\Threat Expert
    2012-08-06 17:06 . 2012-06-22 12:21 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2012-08-06 17:06 . 2012-06-22 12:21 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2012-08-06 17:06 . 2012-06-22 12:21 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2012-08-06 17:04 . 2012-06-22 09:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
    2012-08-06 16:56 . 2012-06-22 13:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-08-06 16:56 . 2012-08-06 17:06 -------- d-----w- c:\programdata\PC Tools
    2012-08-06 16:56 . 2012-08-06 16:56 -------- d-----w- c:\users\Moonraine\AppData\Roaming\TestApp
    2012-08-06 16:51 . 2012-08-06 16:51 -------- d-----w- c:\users\Moonraine\AppData\Roaming\IObit
    2012-08-06 16:51 . 2012-08-06 16:51 -------- d-----w- c:\program files (x86)\IObit
    2012-08-06 16:08 . 2012-08-06 16:08 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
    2012-08-06 15:44 . 2012-08-06 20:12 -------- d-----w- c:\windows\system32\appmgmt
    2012-08-06 14:09 . 2012-08-07 19:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-06 13:48 . 2012-08-06 13:48 -------- d-----w- c:\program files\Enigma Software Group
    2012-08-06 13:48 . 2012-08-06 15:44 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
    2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Malwarebytes
    2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-06 11:05 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2012-08-06 11:05 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2012-08-06 11:05 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-08-06 11:05 . 2012-06-27 20:33 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2012-07-28 14:56 . 2012-08-06 13:59 -------- d-----w- c:\users\Moonraine\AppData\Local\TomTom
    2012-07-28 14:56 . 2012-07-28 14:56 -------- d-----w- c:\program files (x86)\TomTom International B.V
    2012-07-21 19:22 . 2012-07-21 19:22 -------- d-----w- c:\users\Moonraine\AppData\Local\Chromium
    2012-07-21 11:00 . 2012-07-21 19:21 -------- d-----w- c:\programdata\Hi-Rez Studios
    2012-07-18 15:15 . 2012-07-18 15:15 -------- d-----w- c:\programdata\Nokia
    2012-07-18 14:33 . 2012-07-18 14:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
    2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
    2012-07-18 14:33 . 2012-07-18 14:33 53248 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
    2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
    2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
    2012-07-18 14:33 . 2012-07-18 15:15 -------- d-----w- c:\users\Moonraine\AppData\Local\Nokia
    2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\PC Suite
    2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Nokia
    2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\programdata\PC Suite
    2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Common Files\Nokia
    2012-07-18 14:25 . 2012-06-11 09:33 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
    2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
    2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Nokia
    2012-07-18 14:25 . 2012-01-09 15:28 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
    2012-07-18 14:23 . 2012-07-18 14:32 -------- d-----w- c:\programdata\Installations
    2012-07-17 21:47 . 2012-07-17 21:47 -------- d-----w- c:\users\Moonraine\AppData\Local\CutePDF Writer
    2012-07-17 21:46 . 2012-07-17 21:46 -------- d-----w- c:\program files (x86)\GPLGS
    2012-07-17 21:45 . 2012-03-11 12:56 86608 ----a-w- c:\windows\system32\cpwmon64.dll
    2012-07-17 21:45 . 2012-07-17 21:45 -------- d-----w- c:\program files (x86)\Acro Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-07 19:40 . 2012-03-28 08:15 25640 ----a-w- c:\windows\gdrv.sys
    2012-07-26 22:29 . 2012-03-28 21:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-26 22:29 . 2012-03-28 18:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 17:54 . 2012-07-01 01:06 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-11 17:54 . 2012-07-01 00:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-09 17:59 . 2012-07-01 00:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-07-06 13:35 . 2012-07-01 00:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-07-04 18:09 . 2012-07-06 13:27 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
    2012-07-03 16:21 . 2012-03-28 15:51 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-03 16:21 . 2012-03-28 15:51 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21 . 2012-03-28 15:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-03 16:21 . 2012-03-28 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-07-03 16:21 . 2012-03-28 15:51 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-03 16:21 . 2012-03-28 15:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-03 16:21 . 2012-03-28 15:51 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-03 16:21 . 2012-03-28 15:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-07-03 16:21 . 2012-03-28 15:51 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-06-22 08:43 . 2012-08-06 17:04 3488 ----a-w- c:\windows\UDB.zip
    2012-06-22 08:43 . 2012-08-06 17:04 131 ----a-w- c:\windows\IDB.zip
    2012-06-16 21:54 . 2012-06-16 21:54 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-02 22:19 . 2012-06-19 14:08 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 14:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 14:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 14:08 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 14:08 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 14:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 14:08 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-19 14:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-19 14:08 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-01 05:14 . 2012-06-01 05:14 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
    2012-01-24 11:50 . 2012-04-11 20:01 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* I valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-28 742264]
    "Steam"="e:\games\Steam\Steam.exe" [2012-08-06 1353080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 ASUSU1;ASUS Xonar U3 Audio Interface;c:\windows\system32\drivers\cm11264.sys [2010-12-15 1312256]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-06-22 41968]
    R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-06-22 65664]
    S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-06-22 706776]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-06 21544]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
    S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
    S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-01-24 147472]
    S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
    S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-01-24 168864]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
    S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2011-09-16 106496]
    S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
    S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2011-09-16 34944]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    S4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cm112Sound"="c:\windows\Syswow64\cm112.dll" [2009-12-08 8146944]
    "Cm112GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
    "Cm112GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Scansione supplementare -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://cool-itv.net
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.ro
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
    FF - ProfilePath - c:\users\Moonraine\AppData\Roaming\Mozilla\Firefox\Profiles\chrmvr3o.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage -
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - CHIAVI ORFANE RIMOSSE - - - -
    .
    WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
    AddRemove-SopCast Tv Plugin 5.8 Setup - c:\windows\system32\Uninstall-TvPlugin-5.8
    .
    .
    .
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*à<¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*l*l*<¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*!ú<\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*°5Ág\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*ß:3\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*¸0Æy\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*Ý‘1O\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*-ØjG\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*ÏØjG\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*ˆaW\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
    <¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
    <¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*a*ƒ=¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:32,00,36,00,30,00,32,00,32,00,30,00,31,00,31,00,30,00,37,00,2e,00,61,
    00,83,3d,a6,5f,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,32,00,36,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.
    <¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:45,3a,5c,75,54,6f,72,72,65,6e,74,5c,42,72,75,63,65,20,41,6c,6d,69,67,
    68,74,79,5c,78,78,78,5c,6e,65,77,5c,6e,65,77,5c,4e,65,77,5c,41,6d,61,74,65,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*N<¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
    00,2e,00,30,00,37,00,2e,00,4e,3c,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*\?¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
    00,2e,00,30,00,37,00,2e,00,5c,3f,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Ora fine scansione: 2012-08-07 22:13:00
    ComboFix-quarantined-files.txt 2012-08-07 20:12
    .
    Pre-Run: 67.499.458.560 bytes free
    Post-Run: 68.190.789.632 bytes free
    .
    - - End Of File - - 1869E4E3B456CFB2584A5D0473E2BC3D
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    1. ComboFix re-run
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the box below into it:
      Code:
      ClearJavaCache::
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
    2. Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
    3. Post logs

    Make sure to post these logs for my review:
    • ComboFix log
    • ESET Scan log
    Also, let me know how your computer is running.

    Thanks! :)
  8. MoonMoon

    MoonMoon TS Rookie Topic Starter

    ComboFix 12-08-07.05 - Moonraine 08/08/2012 15:03:56.2.6 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1033.18.4093.2489 [GMT 2:00]
    Eseguito da: c:\users\Moonraine\Desktop\ComboFix.exe
    Opzioni usate :: c:\users\Moonraine\Desktop\CFScript.txt.txt
    AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
    SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Creati Da 2012-07-08 al 2012-08-08 )))))))))))))))))))))))))))))))))))
    .
    .
    2012-08-08 13:08 . 2012-08-08 13:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-07 15:53 . 2012-08-07 15:53 -------- d-----w- c:\users\Moonraine\AppData\Local\Threat Expert
    2012-08-06 17:06 . 2012-06-22 12:21 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2012-08-06 17:06 . 2012-06-22 12:21 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2012-08-06 17:06 . 2012-06-22 12:21 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2012-08-06 17:04 . 2012-06-22 09:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
    2012-08-06 16:56 . 2012-06-22 13:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-08-06 16:56 . 2012-08-06 17:06 -------- d-----w- c:\programdata\PC Tools
    2012-08-06 16:56 . 2012-08-06 16:56 -------- d-----w- c:\users\Moonraine\AppData\Roaming\TestApp
    2012-08-06 16:51 . 2012-08-06 16:51 -------- d-----w- c:\users\Moonraine\AppData\Roaming\IObit
    2012-08-06 16:51 . 2012-08-06 16:51 -------- d-----w- c:\program files (x86)\IObit
    2012-08-06 16:08 . 2012-08-06 16:08 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
    2012-08-06 15:44 . 2012-08-06 20:12 -------- d-----w- c:\windows\system32\appmgmt
    2012-08-06 13:48 . 2012-08-06 13:48 -------- d-----w- c:\program files\Enigma Software Group
    2012-08-06 13:48 . 2012-08-06 15:44 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
    2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Malwarebytes
    2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-06 11:05 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2012-08-06 11:05 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2012-08-06 11:05 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-08-06 11:05 . 2012-06-27 20:33 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2012-07-28 14:56 . 2012-08-06 13:59 -------- d-----w- c:\users\Moonraine\AppData\Local\TomTom
    2012-07-28 14:56 . 2012-07-28 14:56 -------- d-----w- c:\program files (x86)\TomTom International B.V
    2012-07-21 19:22 . 2012-07-21 19:22 -------- d-----w- c:\users\Moonraine\AppData\Local\Chromium
    2012-07-21 11:00 . 2012-07-21 19:21 -------- d-----w- c:\programdata\Hi-Rez Studios
    2012-07-18 15:15 . 2012-07-18 15:15 -------- d-----w- c:\programdata\Nokia
    2012-07-18 14:33 . 2012-07-18 14:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
    2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
    2012-07-18 14:33 . 2012-07-18 14:33 53248 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
    2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
    2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
    2012-07-18 14:33 . 2012-07-18 15:15 -------- d-----w- c:\users\Moonraine\AppData\Local\Nokia
    2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\PC Suite
    2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Nokia
    2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\programdata\PC Suite
    2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Common Files\Nokia
    2012-07-18 14:25 . 2012-06-11 09:33 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
    2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
    2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Nokia
    2012-07-18 14:25 . 2012-01-09 15:28 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
    2012-07-18 14:23 . 2012-07-18 14:32 -------- d-----w- c:\programdata\Installations
    2012-07-17 21:47 . 2012-07-17 21:47 -------- d-----w- c:\users\Moonraine\AppData\Local\CutePDF Writer
    2012-07-17 21:46 . 2012-07-17 21:46 -------- d-----w- c:\program files (x86)\GPLGS
    2012-07-17 21:45 . 2012-03-11 12:56 86608 ----a-w- c:\windows\system32\cpwmon64.dll
    2012-07-17 21:45 . 2012-07-17 21:45 -------- d-----w- c:\program files (x86)\Acro Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-08 11:40 . 2012-03-28 08:15 25640 ----a-w- c:\windows\gdrv.sys
    2012-07-26 22:29 . 2012-03-28 21:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-26 22:29 . 2012-03-28 18:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 17:54 . 2012-07-01 01:06 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-11 17:54 . 2012-07-01 00:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-09 17:59 . 2012-07-01 00:54 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-07-06 13:35 . 2012-07-01 00:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-07-04 18:09 . 2012-07-06 13:27 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
    2012-07-03 16:21 . 2012-03-28 15:51 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-03 16:21 . 2012-03-28 15:51 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21 . 2012-03-28 15:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-03 16:21 . 2012-03-28 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-07-03 16:21 . 2012-03-28 15:51 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-03 16:21 . 2012-03-28 15:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-03 16:21 . 2012-03-28 15:51 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-03 16:21 . 2012-03-28 15:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-07-03 16:21 . 2012-03-28 15:51 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-06-22 08:43 . 2012-08-06 17:04 3488 ----a-w- c:\windows\UDB.zip
    2012-06-22 08:43 . 2012-08-06 17:04 131 ----a-w- c:\windows\IDB.zip
    2012-06-16 21:54 . 2012-06-16 21:54 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-02 22:19 . 2012-06-19 14:08 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 14:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 14:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 14:08 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 14:08 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 14:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 14:08 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-19 14:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-19 14:08 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-01 05:14 . 2012-06-01 05:14 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
    2012-01-24 11:50 . 2012-04-11 20:01 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-07_20.11.31 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-08-07 19:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-08 12:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-08 12:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-07 19:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-28 07:56 . 2012-08-08 11:45 40758 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-08 11:45 32848 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-03-28 08:02 . 2012-08-08 11:45 12150 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2633914705-2322214657-749838959-1001_UserData.bin
    + 2012-03-28 16:47 . 2012-08-08 11:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-28 16:47 . 2012-08-07 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-28 16:47 . 2012-08-07 19:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-28 16:47 . 2012-08-08 11:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-08 11:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-07 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-03-28 07:56 . 2012-08-08 11:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-28 07:56 . 2012-08-07 19:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-28 07:56 . 2012-08-08 11:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-28 07:56 . 2012-08-08 11:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-03-28 07:56 . 2012-08-08 11:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-28 07:56 . 2012-08-08 11:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-08-07 19:39 . 2012-08-07 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-08 11:40 . 2012-08-08 11:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-08 11:40 . 2012-08-08 11:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-07 19:39 . 2012-08-07 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 04:54 . 2012-08-08 12:45 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-07 19:39 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-28 08:46 . 2012-08-07 23:45 971520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2009-07-14 05:01 . 2012-08-07 19:37 235256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-07 23:45 235256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:34 . 2012-08-08 11:54 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2012-08-07 15:28 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2012-03-30 19:13 . 2012-08-07 23:45 33635596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2633914705-2322214657-749838959-1001-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* I valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-28 742264]
    "Steam"="e:\games\Steam\Steam.exe" [2012-08-06 1353080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\users\Moonraine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2012-8-7 0]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 ASUSU1;ASUS Xonar U3 Audio Interface;c:\windows\system32\drivers\cm11264.sys [2010-12-15 1312256]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-06-22 41968]
    R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-06-22 65664]
    S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-06-22 706776]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-06 21544]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
    S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
    S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-01-24 147472]
    S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
    S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-01-24 168864]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
    S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2011-09-16 106496]
    S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
    S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2011-09-16 34944]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cm112Sound"="c:\windows\Syswow64\cm112.dll" [2009-12-08 8146944]
    "Cm112GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
    "Cm112GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
    .
    ------- Scansione supplementare -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://cool-itv.net
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.ro
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
    FF - ProfilePath - c:\users\Moonraine\AppData\Roaming\Mozilla\Firefox\Profiles\chrmvr3o.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage -
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - CHIAVI ORFANE RIMOSSE - - - -
    .
    WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
    .
    .
    .
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*à<¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*l*l*<¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*!ú<\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*°5Ág\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*ß:3\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*¸0Æy\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*Ý‘1O\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*-ØjG\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*ÏØjG\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*ˆaW\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
    <¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
    <¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*a*ƒ=¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:32,00,36,00,30,00,32,00,32,00,30,00,31,00,31,00,30,00,37,00,2e,00,61,
    00,83,3d,a6,5f,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,32,00,36,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.
    <¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:45,3a,5c,75,54,6f,72,72,65,6e,74,5c,42,72,75,63,65,20,41,6c,6d,69,67,
    68,74,79,5c,78,78,78,5c,6e,65,77,5c,6e,65,77,5c,4e,65,77,5c,41,6d,61,74,65,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*N<¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
    00,2e,00,30,00,37,00,2e,00,4e,3c,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*\?¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
    00,2e,00,30,00,37,00,2e,00,5c,3f,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Ora fine scansione: 2012-08-08 15:09:39
    ComboFix-quarantined-files.txt 2012-08-08 13:09
    ComboFix2.txt 2012-08-07 20:13
    .
    Pre-Run: 67.997.806.592 bytes free
    Post-Run: 67.707.322.368 bytes free
    .
    - - End Of File - - 5235410DDA85235ED53DEF5A9E120704

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=9775c91cded2414fad029f81add2b5b3
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-08-08 01:58:39
    # local_time=2012-08-08 03:58:39 (+0100, W. Europe Daylight Time)
    # country="Italy"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776574 100 94 11391732 96881949 0 0
    # compatibility_mode=8192 67108863 100 0 163 163 0 0
    # scanned=132962
    # found=0
    # cleaned=0
    # scan_time=2503


    -------------------------------------------------------------------------------------------------------------------------


    the computer seems to work as usualy...it works good...the only problem I have is that when I start steam and try to play counter strike it starts but sometimes when I try to connect to a server it says
    NET SendPacket ERROR WSAEINTR


    and quits the game...I run a full scan with avast but still could not found anything wrong on my computer...

    oh and yesterday after I restart the computer blocked at the windows loading screen...I had to restart it again to load windows...but I just think that this things just happen sometimes...

    best regards!
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sometimes the intents of these program makers is up for dispute:

    IObit
    Enigma Software Group

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  10. MoonMoon

    MoonMoon TS Rookie Topic Starter

    ComboFix 12-08-10.02 - Moonraine 12/08/2012 12:04:27.3.6 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1033.18.4093.2640 [GMT 2:00]
    Eseguito da: c:\users\Moonraine\Desktop\ComboFix.exe
    Opzioni usate :: c:\users\Moonraine\Desktop\CFScript.txt.txt
    AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
    SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\IObit
    c:\program files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll
    c:\program files (x86)\IObit\IObit Malware Fighter\license.dat
    c:\program files (x86)\IObit\IObit Malware Fighter\log\realtime\realtime_2012-08-06-18-51 .txt
    c:\program files (x86)\IObit\IObit Malware Fighter\log\realtime\realtime_2012-08-06-18-53 .txt
    c:\program files\Enigma Software Group
    c:\program files\Enigma Software Group\SpyHunter\gil.dat
    c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
    c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120806_154857.log
    c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120806_160852.log
    c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120806_161207.log
    c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120806_172206.log
    c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe.BAK
    c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe.tmp
    c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
    c:\users\Moonraine\AppData\Roaming\IObit
    c:\users\Moonraine\AppData\Roaming\IObit\IObit Malware Fighter\config.ini
    c:\users\Moonraine\AppData\Roaming\IObit\IObit Malware Fighter\ignore.ini
    c:\users\Moonraine\AppData\Roaming\IObit\IObit Malware Fighter\remember.ini
    c:\users\Moonraine\AppData\Roaming\TestApp
    c:\users\Moonraine\AppData\Roaming\TestApp\TestApp.txt
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCall.dll
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla.dll
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla17.dll
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla18.exe
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla19.dll
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla2.dll
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla20.dll
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla21.exe
    c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseData.ini
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCall.dll
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla.dll
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla2.dll
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla21.dll
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla31.exe
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla32.dll
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla33.dll
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla34.dll
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla36.dll
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla36.exe
    c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseData.ini
    .
    .
    ((((((((((((((((((((((((( Files Creati Da 2012-07-12 al 2012-08-12 )))))))))))))))))))))))))))))))))))
    .
    .
    2012-08-12 10:08 . 2012-08-12 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-08 13:14 . 2012-08-08 13:14 -------- d-----w- c:\program files (x86)\ESET
    2012-08-07 15:53 . 2012-08-07 15:53 -------- d-----w- c:\users\Moonraine\AppData\Local\Threat Expert
    2012-08-06 17:06 . 2012-06-22 12:21 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2012-08-06 17:06 . 2012-06-22 12:21 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2012-08-06 17:06 . 2012-06-22 12:21 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2012-08-06 17:04 . 2012-06-22 09:39 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
    2012-08-06 16:56 . 2012-06-22 13:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-08-06 16:56 . 2012-08-06 17:06 -------- d-----w- c:\programdata\PC Tools
    2012-08-06 15:44 . 2012-08-06 20:12 -------- d-----w- c:\windows\system32\appmgmt
    2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Malwarebytes
    2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-06 11:05 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2012-08-06 11:05 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2012-08-06 11:05 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-08-06 11:05 . 2012-06-27 20:33 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2012-07-28 14:56 . 2012-08-06 13:59 -------- d-----w- c:\users\Moonraine\AppData\Local\TomTom
    2012-07-28 14:56 . 2012-07-28 14:56 -------- d-----w- c:\program files (x86)\TomTom International B.V
    2012-07-21 19:22 . 2012-07-21 19:22 -------- d-----w- c:\users\Moonraine\AppData\Local\Chromium
    2012-07-21 11:00 . 2012-07-21 19:21 -------- d-----w- c:\programdata\Hi-Rez Studios
    2012-07-18 15:15 . 2012-07-18 15:15 -------- d-----w- c:\programdata\Nokia
    2012-07-18 14:33 . 2012-07-18 14:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
    2012-07-18 14:33 . 2012-07-18 14:33 73728 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
    2012-07-18 14:33 . 2012-07-18 14:33 53248 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
    2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
    2012-07-18 14:33 . 2012-07-18 14:33 49152 ----a-r- c:\users\Moonraine\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
    2012-07-18 14:33 . 2012-07-18 15:15 -------- d-----w- c:\users\Moonraine\AppData\Local\Nokia
    2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\PC Suite
    2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- c:\users\Moonraine\AppData\Roaming\Nokia
    2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\programdata\PC Suite
    2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Common Files\Nokia
    2012-07-18 14:25 . 2012-06-11 09:33 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
    2012-07-18 14:25 . 2012-07-18 14:25 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
    2012-07-18 14:25 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Nokia
    2012-07-18 14:25 . 2012-01-09 15:28 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
    2012-07-18 14:23 . 2012-07-18 14:32 -------- d-----w- c:\programdata\Installations
    2012-07-17 21:47 . 2012-07-17 21:47 -------- d-----w- c:\users\Moonraine\AppData\Local\CutePDF Writer
    2012-07-17 21:46 . 2012-07-17 21:46 -------- d-----w- c:\program files (x86)\GPLGS
    2012-07-17 21:45 . 2012-03-11 12:56 86608 ----a-w- c:\windows\system32\cpwmon64.dll
    2012-07-17 21:45 . 2012-07-17 21:45 -------- d-----w- c:\program files (x86)\Acro Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-12 09:59 . 2012-03-28 08:15 25640 ----a-w- c:\windows\gdrv.sys
    2012-08-11 16:23 . 2012-07-01 01:06 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-08-11 16:23 . 2012-07-01 00:54 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-08-11 13:05 . 2012-07-01 00:54 281120 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-07-26 22:29 . 2012-03-28 21:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-26 22:29 . 2012-03-28 18:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-06 13:35 . 2012-07-01 00:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-07-04 18:09 . 2012-07-06 13:27 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
    2012-07-03 16:21 . 2012-03-28 15:51 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-03 16:21 . 2012-03-28 15:51 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21 . 2012-03-28 15:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-03 16:21 . 2012-03-28 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-07-03 16:21 . 2012-03-28 15:51 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-03 16:21 . 2012-03-28 15:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-03 16:21 . 2012-03-28 15:51 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-03 16:21 . 2012-03-28 15:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-07-03 16:21 . 2012-03-28 15:51 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-06-22 08:43 . 2012-08-06 17:04 3488 ----a-w- c:\windows\UDB.zip
    2012-06-22 08:43 . 2012-08-06 17:04 131 ----a-w- c:\windows\IDB.zip
    2012-06-16 21:54 . 2012-06-16 21:54 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-02 22:19 . 2012-06-19 14:08 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 14:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 14:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 14:08 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 14:08 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 14:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 14:08 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-19 14:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-19 14:08 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-01 05:14 . 2012-06-01 05:14 3166792 ------w- c:\windows\SysWow64\pbsvc.exe
    2012-01-24 11:50 . 2012-04-11 20:01 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-07_20.11.31 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-08-07 19:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-12 10:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-12 10:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-07 19:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-28 07:56 . 2012-08-12 10:01 41654 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-12 10:01 33832 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-03-28 08:02 . 2012-08-12 10:01 12158 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2633914705-2322214657-749838959-1001_UserData.bin
    + 2012-03-28 16:47 . 2012-08-12 10:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-28 16:47 . 2012-08-07 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-28 16:47 . 2012-08-07 19:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-28 16:47 . 2012-08-12 10:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-12 10:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-07 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-03-28 07:56 . 2012-08-12 09:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-03-28 07:56 . 2012-08-12 09:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-03-28 07:56 . 2012-08-07 19:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-28 07:56 . 2012-08-12 09:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-03-28 07:56 . 2012-08-12 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-28 07:56 . 2012-08-07 19:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-28 07:56 . 2012-08-12 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-08-07 19:39 . 2012-08-07 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-12 09:59 . 2012-08-12 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-07 19:39 . 2012-08-07 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-08-12 09:59 . 2012-08-12 09:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 04:54 . 2012-08-12 10:01 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-28 08:46 . 2012-08-12 02:37 988856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2009-07-14 05:01 . 2012-08-07 19:37 235256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-12 02:37 235256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 02:34 . 2012-08-07 15:28 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-08-11 10:56 9437184 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2012-03-30 19:13 . 2012-08-12 02:37 34007177 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2633914705-2322214657-749838959-1001-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* I valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-28 742264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 ASUSU1;ASUS Xonar U3 Audio Interface;c:\windows\system32\drivers\cm11264.sys [2010-12-15 1312256]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
    R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-06-22 92928]
    R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-06-22 41968]
    R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
    S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
    S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-06-22 65664]
    S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-06-22 706776]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-06 21544]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-06-22 341200]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
    S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
    S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-01-24 147472]
    S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2010-01-19 72304]
    S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-01-24 168864]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
    S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2011-09-16 106496]
    S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2011-09-16 34944]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cm112Sound"="c:\windows\Syswow64\cm112.dll" [2009-12-08 8146944]
    "Cm112GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
    "Cm112GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
    .
    ------- Scansione supplementare -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://cool-itv.net
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.ro
    LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
    FF - ProfilePath - c:\users\Moonraine\AppData\Roaming\Mozilla\Firefox\Profiles\chrmvr3o.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage -
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - CHIAVI ORFANE RIMOSSE - - - -
    .
    WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
    .
    .
    .
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*à<¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*ƒ=¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*l*l*<¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*!ú<\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*°5Ág\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*4*ß:3\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*¸0Æy\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*Ý‘1O\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*-ØjG\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*e*d*T*u*b*e*_*-*_*C*u*t*e*_*G*I*r*l*_*g*I*v*ÏØjG\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*ˆaW\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
    <¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.
    <¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*N<¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\?¦_\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*a*ƒ=¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:32,00,36,00,30,00,32,00,32,00,30,00,31,00,31,00,30,00,37,00,2e,00,61,
    00,83,3d,a6,5f,00,00,86,00,36,00,00,00,00,00,00,00,00,00,00,00,32,00,36,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.
    <¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:45,3a,5c,75,54,6f,72,72,65,6e,74,5c,42,72,75,63,65,20,41,6c,6d,69,67,
    68,74,79,5c,78,78,78,5c,6e,65,77,5c,6e,65,77,5c,4e,65,77,5c,41,6d,61,74,65,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*N<¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
    00,2e,00,30,00,37,00,2e,00,4e,3c,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-2633914705-2322214657-749838959-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*\?¦_]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:6b,00,74,00,72,00,2e,00,74,00,69,00,66,00,66,00,70,00,2e,00,31,00,31,
    00,2e,00,30,00,37,00,2e,00,5c,3f,a6,5f,00,00,96,00,36,00,00,00,00,00,00,00,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Ora fine scansione: 2012-08-12 12:10:18
    ComboFix-quarantined-files.txt 2012-08-12 10:10
    ComboFix2.txt 2012-08-08 13:09
    ComboFix3.txt 2012-08-07 20:13
    .
    Pre-Run: 66.838.994.944 bytes free
    Post-Run: 66.582.867.968 bytes free
    .
    - - End Of File - - 5CA4EFBBB62179BC58418892B693D94B
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Kaspersky Security Scan (KSS)

    The Kaspersky Security Scan is a scanning only tool, that searches for active infections such as rootkits, trojans, viruses, etc.

    Please download the Kaspersky Security Scan from Kaspersky's Official Link and save it to your Desktop.

    • Double-click on the downloaded item. It will quickly download the latest version of KSS and then launch the installer. Please navigate through the installer.
    • After it finishes install, it will place an icon on your Desktop and launch itself.
    • In the Kaspersky Security Scan interface, choose full scan at the bottom:
      [​IMG]
    • Once it finishes, it will show the report. Click on the Details button, and it will launch a HTML page.
    • You have two options - either A. Upload the HTML report here, file located at { C:/ProgramData/Kaspersky%20Lab/KSS2/DataRoot/HtmlReport/index.html } (Copy and paste the file path into the Address box in the Upload window), or B. Copy and paste all of the results in your next reply.
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
  13. MoonMoon

    MoonMoon TS Rookie Topic Starter

    Hey sorry guys for not posting! computer is working fine now! thanks a lot for the help and keep up the good work! best regards!

    very good site and very helpfull people here!
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Topic closed. Thanks for letting me know.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.